home

SPEnroll.exe

One Identity Password Manager

Dell Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SPEnroll’.
Publisher:
Dell Software  (signed by Dell Inc)

Product:
One Identity Password Manager

Version:
5.6.4.6982

MD5:
621aa934a4739451cdad1163cfb23414

SHA-1:
156cc44c10cdbeede0c56d789b45a2ffc005667c

SHA-256:
1c9be38cb2351c9c9980ff3da57247f911cb14bbd08883b7d4864ef1179ab0ef

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 2:48:28 AM UTC  (today)

File size:
3.4 MB (3,525,536 bytes)

Product version:
5.6.4.6982

Copyright:
© 2016 Dell Inc. ALL RIGHTS RESERVED.

Original file name:
SPEnroll.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Windows\System32\spenroll.exe

Digital Signature
Signed by:
Dell Inc

Authority:
DigiCert Inc

Valid from:
3/1/2016 1:00:00 AM

Valid to:
3/6/2019 1:00:00 PM

Subject:
CN=Dell Inc, O=Dell Inc, L=Round Rock, S=Texas, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
088F8716C0EBC88C848638BD90B17581

File PE Metadata
Compilation timestamp:
7/7/2016 12:19:14 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:L9hbYC3srg294D4YfohdRKQkPBIwdEUHXc0dlSJsK02eG38kHFaiutd:5hbY2HOGR+sK02r38Pii

Entry address:
0x1B0350

Entry point:
48, 83, EC, 28, E8, EB, C7, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, E4, 7F, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 77, C7, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 6F, FC, E4, FF, 66, 39, 05, 68, FC, E4, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 97, FC, E4, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89...
 
[+]

Entropy:
5.6734

Code size:
1.9 MB (1,972,736 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SPEnroll

Command:
C:\Windows\System32\spenroll.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.