home

winlock.exe

WinLock Professional

Denis Zolotov

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed by Denis Zolotov)

Product:
WinLock Professional

Version:
7.2.1.0

MD5:
09e6527c49afb124e9fe374723d380ee

SHA-1:
452945a0005d19bccc6dcac0d1a9bd865a1f542d

SHA-256:
20e86532413f6efa9ad86141564dfd557298b849563cf9b3dfb6ac1375b4ea11

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 4:37:16 AM UTC  (today)

File size:
3.4 MB (3,553,568 bytes)

Product version:
7.21

Copyright:
© 2017 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlockpro\winlock.exe

Digital Signature
Signed by:
Denis Zolotov

Authority:
DigiCert Inc

Valid from:
3/21/2014 8:00:00 AM

Valid to:
5/24/2017 8:00:00 PM

Subject:
CN=Denis Zolotov, O=Denis Zolotov, L=Moscow, C=RU

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D6FC35019AE937213BFF4BA9367C2D4

File PE Metadata
Compilation timestamp:
2/21/2017 5:43:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
68, 01, E0, D1, 00, E8, 01, 00, 00, 00, C3, C3, D5, A3, 34, F3, A1, 89, 44, 25, 47, 86, EB, 93, 4E, CA, 36, 8F, 5C, 5F, 18, C7, A6, C1, 0F, CB, C7, DB, 9B, A1, 2B, 26, 9C, 43, 7A, 71, 92, 1F, 1E, 7A, 67, CF, 00, DF, DC, 54, 76, 45, A1, 6A, 7F, 72, C7, 10, 09, 96, A5, 3E, 51, B0, EA, 17, 80, F5, 45, D3, E3, 38, 6A, 31, 61, DB, 0A, 98, B7, 85, 77, DE, 32, C5, 66, EB, D5, 12, D2, 70, 02, F4, DE, AD, 67, BD, 67, 59, BE, 23, 4D, 94, 00, 28, 67, 4B, 7F, 56, B7, 55, B4, 08, A4, 7E, 13, B0, 96, 33, F1, 4E, 0A, 3D...
 
[+]

Entropy:
7.9375

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
5.9 MB (6,160,384 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlockpro\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.