home

winlock.exe

WinLock Professional

Crystal Office Systems

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed and verified)

Product:
WinLock Professional

Version:
6.1.0.0

MD5:
e2f16efd0b7b36064c5cdd258d7b9016

SHA-1:
041cd1165fa140a8cdd061c0e5c828cedd5c6e03

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:40:38 AM UTC  (today)

File size:
2.9 MB (2,998,368 bytes)

Product version:
6.1

Copyright:
© 2013 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlockpro\winlock.exe

Digital Signature
Signed by:
Crystal Office Systems

Authority:
COMODO CA Limited

Valid from:
2/8/2012 7:00:00 AM

Valid to:
2/8/2014 6:59:59 AM

Subject:
CN=Crystal Office Systems, O=Crystal Office Systems, STREET="Kantemirovskaya street, 53-1-51", L=Moscow, S=RU, PostalCode=115477, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
641A324A34F2B894BA79BC39CE01E16A

File PE Metadata
Compilation timestamp:
11/3/2013 3:39:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:cBBc3LAvdSbabCVeRnUBy4TjfbTXVrGIMft1BNeG2gLBCPxUHN4cOU7m6ETQNb4m:uCsV+abCVM01TjzTJG1heG2+iQLOU70Z

Entry address:
0x1000

Entry point:
68, 01, 70, B3, 00, E8, 01, 00, 00, 00, C3, C3, 9B, 91, 30, F7, 22, C7, 1D, 91, 5B, 02, 15, 60, 27, AE, 53, E4, 90, 02, 1F, A1, 9B, 56, 86, 67, A5, 1B, 04, AC, E9, 27, 67, E1, 6B, 72, 42, 8A, F4, B8, 7E, 65, 91, 53, E7, 5B, 49, A5, 0A, 12, 5B, 93, 84, 80, C7, B0, 2B, FE, DA, 2A, 7D, 60, 42, 0D, 43, 60, 9C, A5, F5, 52, 17, FC, 33, 82, 24, 85, 1D, E5, CC, AF, C3, 81, DD, 76, F2, 14, 3E, E5, 5C, F1, 64, 0A, 96, 71, 4D, 29, 72, 34, A8, CE, 47, BE, E4, A1, 45, 40, CE, A2, C2, E1, C3, 37, 46, 8D, F9, 5C, 90, 26...
 
[+]

Entropy:
7.9598

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.6 MB (4,775,936 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlockpro\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.