home

winlock.exe

WinLock

Denis Zolotov

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed by Denis Zolotov)

Product:
WinLock

Version:
7.2.1.0

MD5:
12af5e7b65febeec42a958a9a8ea0d97

SHA-1:
96a12f36402e5d22cb50844c9155602604b33dc9

SHA-256:
4d384780e562d3cebedd27b1d2461954a2def56ff77245a1d3140b604686c4f1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 4:46:07 AM UTC  (today)

File size:
3.3 MB (3,430,176 bytes)

Product version:
7.21

Copyright:
© 2017 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
Tiê´ng Anh (My~)

Common path:
C:\Program Files\winlock\winlock.exe

Digital Signature
Signed by:
Denis Zolotov

Authority:
DigiCert Inc

Valid from:
3/21/2014 7:00:00 AM

Valid to:
5/24/2017 7:00:00 PM

Subject:
CN=Denis Zolotov, O=Denis Zolotov, L=Moscow, C=RU

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D6FC35019AE937213BFF4BA9367C2D4

File PE Metadata
Compilation timestamp:
2/22/2017 5:49:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
68, 01, 70, CA, 00, E8, 01, 00, 00, 00, C3, C3, F4, 50, 4D, CE, B1, C1, 39, F8, 47, 1E, DB, EB, A6, 4C, 28, 09, E1, 1D, 26, 59, 30, 69, 14, 06, BC, 17, DD, FE, D2, 26, B5, A7, 1D, B2, D0, 3E, 04, 71, 37, CF, 72, 97, 73, 17, 59, AF, 77, E6, 95, 1D, D1, 75, 82, 68, FB, 5C, 19, A9, 2C, 72, 8A, B2, 8F, 83, 18, 6E, 96, F5, 59, 41, 47, A3, 4A, 31, BF, 05, C8, BC, 26, A5, 54, 95, B6, A8, 76, EB, 1F, 73, EA, B9, 97, B6, AC, 77, 88, 1C, 79, B8, F9, EA, 69, CC, 3C, 07, FB, E9, D5, 39, F7, B7, FB, 51, 27, A7, 1F, 4F...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
5.6 MB (5,832,704 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlock\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.