home

welcome-user.exe

Rohos Disk, Rohos Logon Key

Tesline-Service s.r.l.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RohosLogon’. This is installed with Rohos Logon Key.
Publisher:
Tesline-Service SRL  (signed by Tesline-Service s.r.l.)

Product:
Rohos Disk®, Rohos Logon Key®

Description:
Rohos® Logon Key™

Version:
2.9

MD5:
e4fd808650ada66723ede86eb45c8ebc

SHA-1:
ebc7943eeb9030860107b436f6312e088e9ea753

SHA-256:
ff2629c472a1468a5d047892c7e784d3f4e12138b79844bd37b9a943b76bfaa8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 9:39:26 PM UTC  (today)

File size:
1.1 MB (1,101,936 bytes)

Product version:
1.1.2005

Copyright:
(c) Tesline-service. 2003-2011.

Original file name:
Rohos® Logon Key.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\rohos\welcome-user.exe

Digital Signature
Signed by:
Tesline-Service s.r.l.

Authority:
GlobalSign nv-sa

Valid from:
11/17/2010 3:42:13 PM

Valid to:
1/14/2013 5:15:16 PM

Subject:
CN=Tesline-Service s.r.l., O=Tesline-Service s.r.l., L=Chisinau, S=MD, C=MD

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012C5A7B63E2

File PE Metadata
Compilation timestamp:
2/7/2012 7:49:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:KlWFT0tTL2RQarJ7+uXqKozhe7hHYd4JngXh+I9OpXL+g:2WFT0uFDCqpsa9b

Entry address:
0x4C4B1

Entry point:
55, 8B, EC, 6A, FF, 68, 88, 30, 48, 00, 68, 60, B3, 44, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 58, B2, 47, 00, 33, D2, 8A, D4, 89, 15, B8, CA, 4C, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, B4, CA, 4C, 00, C1, E1, 08, 03, CA, 89, 0D, B0, CA, 4C, 00, C1, E8, 10, A3, AC, CA, 4C, 00, 6A, 01, E8, B1, 89, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 1B, 31, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
488 KB (499,712 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RohosLogon

Command:
"C:\Program Files\rohos\welcome-user.exe" per-user


The file welcome-user.exe has been discovered within the following program.

Rohos Logon Key  by Tesline-Service S.R.L.
www.rohos.com
About 9% of users remove it
 
Powered by Should I Remove It?

Scan welcome-user.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.