SPEnroll.exe

One Identity Password Manager

Dell Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SPEnroll’.
Publisher:
Dell Software  (signed by Dell Inc)

Product:
One Identity Password Manager

Version:
5.6.3.6979

MD5:
29176b84591fd766be11b89c3f0e6a00

SHA-1:
e0b0a820da97da2fb6f06d5f558344d042f9441b

SHA-256:
b02bacc8c0e7f7855a946750824e0e00233bbbf5a0b7cacd7acf28be118cc72d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 2:40:06 AM UTC  (today)

File size:
2.6 MB (2,745,760 bytes)

Product version:
5.6.3.6979

Copyright:
© 2016 Dell Inc. ALL RIGHTS RESERVED.

Original file name:
SPEnroll.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Windows\System32\spenroll.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/1/2016 8:00:00 AM

Valid to:
3/6/2019 8:00:00 PM

Subject:
CN=Dell Inc, O=Dell Inc, L=Round Rock, S=Texas, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
088F8716C0EBC88C848638BD90B17581

File PE Metadata
Compilation timestamp:
6/28/2016 12:36:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:gnH4ZiiJBo7CwAnS2zNnNZZQjQOD1cISN6WG3KS6LWMoQF6TP/+:CH4ZiiJBiCwJ2ztNZZWDqIuG3KS6LBx

Entry address:
0x14DAEA

Entry point:
E8, DE, C1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, 7D, 5E, 00, E8, 30, 36, 00, 00, E8, 4F, 7C, 00, 00, 0F, B7, F0, 6A, 02, E8, 71, C1, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, ED, 77, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.7844

Code size:
1.5 MB (1,565,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SPEnroll

Command:
C:\Windows\System32\spenroll.exe