home

winlock.exe

WinLock

Denis Zolotov

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed by Denis Zolotov)

Product:
WinLock

Version:
7.2.1.0

MD5:
5178bd2ebd8ae193886cb809a8a0be08

SHA-1:
614db4e290a5ca801a59718db5fd4226fa70da1d

SHA-256:
3a459254395ae20e60a6d04ce41dcd6f276de6cc832092bcdfe67b84c6954018

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 4:28:52 AM UTC  (today)

File size:
3.3 MB (3,437,344 bytes)

Product version:
7.21

Copyright:
© 2017 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlock\winlock.exe

Digital Signature
Signed by:
Denis Zolotov

Authority:
DigiCert Inc

Valid from:
3/21/2014 8:00:00 AM

Valid to:
5/24/2017 8:00:00 PM

Subject:
CN=Denis Zolotov, O=Denis Zolotov, L=Moscow, C=RU

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D6FC35019AE937213BFF4BA9367C2D4

File PE Metadata
Compilation timestamp:
2/21/2017 5:45:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
68, 01, 70, CA, 00, E8, 01, 00, 00, 00, C3, C3, 8F, 8C, F0, 4F, 4D, 79, 45, 75, 6D, B0, E9, 2D, 10, FB, A4, 14, 6F, 1A, E9, B4, F3, 30, 76, 4B, 82, 23, B5, 09, 41, A5, 21, 22, 01, A1, DC, 03, E4, A5, 94, F9, CA, F8, 47, BA, 47, 9F, 52, 8C, 44, 55, 4F, 60, CA, 0B, 46, A0, B7, 99, 10, 70, A4, C4, 48, 0A, AC, 9F, B6, AF, 33, 8D, 68, 64, 19, 9F, 15, 6A, E6, 56, E8, A5, 47, A0, E3, 97, E4, 7F, 39, 77, 29, EF, AA, 8A, 12, 9C, BD, 33, BF, E4, 38, 23, AF, C6, E1, 05, 8F, 85, 9A, 97, 58, 22, 5F, D9, 8A, F8, 4D, E2...
 
[+]

Entropy:
7.9382

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
5.6 MB (5,832,704 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlock\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.