home

SPEnroll.exe

One Identity Password Manager

Dell Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SPEnroll’.
Publisher:
Dell Software  (signed by Dell Inc)

Product:
One Identity Password Manager

Version:
5.6.4.6982

MD5:
f22ca7717e8604a902689e315ab6b1fb

SHA-1:
60e3e39e9cfbe2bc87483a17f93de6ca5a4f6f7a

SHA-256:
2a9e8fe3a6fb1d707c5fa68dc46dd386bd8bc6f86d1636b795fbf1729631c6ab

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 4:20:52 AM UTC  (today)

File size:
2.6 MB (2,745,760 bytes)

Product version:
5.6.4.6982

Copyright:
© 2016 Dell Inc. ALL RIGHTS RESERVED.

Original file name:
SPEnroll.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Windows\System32\spenroll.exe

Digital Signature
Signed by:
Dell Inc

Authority:
DigiCert Inc

Valid from:
3/1/2016 12:00:00 AM

Valid to:
3/6/2019 12:00:00 PM

Subject:
CN=Dell Inc, O=Dell Inc, L=Round Rock, S=Texas, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
088F8716C0EBC88C848638BD90B17581

File PE Metadata
Compilation timestamp:
7/7/2016 11:09:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:fnH4ZiiJBo7CwAnS2zNnNZZQjQOD1cISN6WG3KS6fWR2MF6TP/Y:PH4ZiiJBiCwJ2ztNZZWDqIuG3KS6fIH

Entry address:
0x14DAEA

Entry point:
E8, DE, C1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, 7D, 5E, 00, E8, 30, 36, 00, 00, E8, 4F, 7C, 00, 00, 0F, B7, F0, 6A, 02, E8, 71, C1, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, ED, 77, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.7844

Code size:
1.5 MB (1,565,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SPEnroll

Command:
C:\Windows\System32\spenroll.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.