home

ntserv.exe

Rohos Disk, Rohos Logon Key

Tesline-Service S.R.L.

It runs as a separate (within the context of its own process) windows Service named “Rohos welcome screen elements”.
Publisher:
Tesline-Service SRL  (signed by Tesline-Service S.R.L.)

Product:
Rohos Disk®, Rohos Logon Key®

Description:
Rohos Welcome Screen support service.

Version:
1.9.1

MD5:
43ba4c5a93446d15251973f87484e896

SHA-1:
0645fb8261dc20e78f15daa3af801e05129b04f8

SHA-256:
e84c7d675ee629607562b6df0b8fe3b8dd18e4f461ea7f3cf6aec61ebc0724c5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 12:21:09 AM UTC  (today)

File size:
61.9 KB (63,336 bytes)

Product version:
1.1.2005

Copyright:
(c) Tesline-service. 2003-2009.

Original file name:
Rohos NTServ.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\rohos\ntserv.exe

Digital Signature
Signed by:
Tesline-Service S.R.L.

Authority:
GlobalSign nv-sa

Valid from:
12/15/2008 4:14:54 PM

Valid to:
12/15/2009 4:14:54 PM

Subject:
E=info@rohos.com, CN=Tesline-Service S.R.L., O=Tesline-Service S.R.L., C=MD

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000011E3ADE75F9

File PE Metadata
Compilation timestamp:
9/11/2009 2:38:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

CTPH (ssdeep):
768:5BYz+z21TiXECE70qA1Z2TEX69v4KsihJ1VkhJxbWm7JKZarLFdtQ:a8IG2o/KswJ1ahJx6m7kZarZHQ

Entry address:
0x57CF

Entry point:
55, 8B, EC, 6A, FF, 68, D8, 62, 40, 00, 68, 08, 59, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, 7C, 61, 40, 00, 59, 83, 0D, 74, E7, 40, 00, FF, 83, 0D, 78, E7, 40, 00, FF, FF, 15, 78, 61, 40, 00, 8B, 0D, 70, E7, 40, 00, 89, 08, FF, 15, 74, 61, 40, 00, 8B, 0D, 6C, E7, 40, 00, 89, 08, A1, 70, 61, 40, 00, 8B, 00, A3, 7C, E7, 40, 00, E8, CA, 00, 00, 00, 83, 3D, F0, 90, 40, 00, 00, 75, 0C, 68, 04, 59, 40, 00, FF, 15, 88, 61...
 
[+]

Entropy:
5.0601

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

Service
Display name:
Rohos welcome screen elements

Service name:
Rohos

Type:
Win32OwnProcess

Group:
UIGroup


Scan ntserv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.