home

winlock.exe

WinLock Professional

Crystal Office Systems

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed and verified)

Product:
WinLock Professional

Version:
6.0.9.0

MD5:
b28def02c8fbc61be5ad3c67b2a29297

SHA-1:
b53c2b0ba7131c352fa19f373604618a45f742e9

SHA-256:
2c054e0469abf5cb11ec39692e71c9cf3d2c8a0f2f94bc73551e4fdbed273f91

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:48:12 AM UTC  (today)

File size:
2.7 MB (2,877,024 bytes)

Product version:
6.09

Copyright:
© 2013 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlockpro\winlock.exe

Digital Signature
Signed by:
Crystal Office Systems

Authority:
COMODO CA Limited

Valid from:
2/7/2012 10:00:00 PM

Valid to:
2/7/2014 9:59:59 PM

Subject:
CN=Crystal Office Systems, O=Crystal Office Systems, STREET="Kantemirovskaya street, 53-1-51", L=Moscow, S=RU, PostalCode=115477, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
641A324A34F2B894BA79BC39CE01E16A

File PE Metadata
Compilation timestamp:
5/25/2013 7:48:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:U9O5WE0bTrCnYEu/x1WFvcIXVN+9t1BpxQO4cOU7m6qROJ6hOo:fRyAu/m+mVYXdBLOU7qRlO

Entry address:
0x1000

Entry point:
68, 01, 20, AE, 00, E8, 01, 00, 00, 00, C3, C3, 3E, 30, E0, 59, 9E, CD, 26, 47, D0, 2B, CE, 7F, 74, 26, 10, E3, 28, 63, A1, 6D, 7E, B0, DE, E6, C2, 45, C6, 90, 2F, 63, C5, FD, 5E, 85, 92, 46, CE, CA, CD, B4, C7, 91, 76, 59, F7, 53, D6, DC, F2, DC, 7E, EB, E6, 58, 2C, A7, BF, 68, EC, 97, 0A, 24, 00, 74, 35, CA, 8F, 68, 5E, B0, 63, 1D, 7A, 38, C5, 12, D8, 45, 93, D7, BA, 14, 39, 4E, 1B, 08, D7, 55, C4, DE, FF, 67, 3D, F8, D2, 12, 0C, F1, 3C, BC, 84, F6, 69, 95, A0, A9, 28, C6, 78, 41, F5, DD, 19, 30, 2B, 76...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.1 MB (4,276,224 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlockpro\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.