winlock.exe

WinLock Professional

Denis Zolotov

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed by Denis Zolotov)

Product:
WinLock Professional

Version:
6.3.3.0

MD5:
d8e63588272204d710fb05f465189847

SHA-1:
dabcacbe96f2926c9d13022f252aa9072bcc3736

SHA-256:
e4cbcd45c44514535bb66a659beb6e2ce2af3b46b248812e5186ea6008ff1c81

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 5:28:09 PM UTC  (today)

File size:
2.9 MB (3,088,856 bytes)

Product version:
6.33

Copyright:
© 2015 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlockpro\winlock.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/21/2014 2:00:00 AM

Valid to:
5/24/2017 2:00:00 PM

Subject:
CN=Denis Zolotov, O=Denis Zolotov, L=Moscow, C=RU

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
066E0B9E4389A41EF2FA9A9F103ACC27

File PE Metadata
Compilation timestamp:
1/10/2015 8:04:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
68, 01, 60, BA, 00, E8, 01, 00, 00, 00, C3, C3, E4, 8A, 3E, B7, 09, 3C, EB, 79, 0B, 61, E2, 13, 02, F4, 79, 59, 82, 00, 83, 48, 95, 61, 06, ED, 9B, 62, 9A, 18, 8F, 2D, 8C, C9, 1F, 40, E6, 4A, 73, FC, 1F, 01, 7A, 75, DB, 5B, AE, D0, 47, 72, 45, 38, 67, B1, BA, 85, 6B, 60, C3, 7A, 00, 04, 23, E2, 1C, EE, 28, AC, 5D, E4, AE, 7A, 36, E0, F7, DC, D8, 89, 38, 67, 35, 77, 87, 5E, C8, 08, B7, BE, 9D, EC, A0, CE, 6F, FC, 5B, D3, B8, B3, 9F, D0, E7, 46, E1, 16, 48, 63, B4, 63, 8E, BB, 05, F2, E3, EC, CA, 38, 20, E5...
 
[+]

Entropy:
7.9597

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.8 MB (5,033,984 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlockpro\winlock.exe


Scan winlock.exe - Powered by Reason Core Security