home

qpmenroll.exe

Quest Password Manager

Quest Software, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘QPMEnroll’.
Publisher:
Quest Software, Inc.  (signed and verified)

Product:
Quest Password Manager

Version:
4.5.1.1690

MD5:
a097e3694f3466befc5228472b87070a

SHA-1:
1047299d86ca1487ce8a4133949b60ab98d77eb9

SHA-256:
28ca43e2f9b5768176d7a9b5e0f3b130007c0a5ef66cd0c20cb75adc52980433

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:55:59 PM UTC  (today)

File size:
143.8 KB (147,248 bytes)

Product version:
4.5.1.1690

Copyright:
Copyright © 1999-2008 Quest Software, Inc.

Original file name:
QPMEnrol.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Windows\System32\qpmenroll.exe

Digital Signature
Signed by:
Quest Software, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
4/22/2008 5:00:00 PM

Valid to:
4/23/2010 4:59:59 PM

Subject:
CN="Quest Software, Inc.", OU=R&D15, O="Quest Software, Inc.", L=Aliso Viejo, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
42BD42EAC9611EBDCA8B028F8EC8D80C

File PE Metadata
Compilation timestamp:
3/30/2009 4:28:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:ohFb+VSrJUujb2FpHlOXfgyQ/oQUjI6Vo5KVptUj:kDyuYyQ/yjI6VLVw

Entry address:
0x5AE0

Entry point:
E8, EA, 78, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 40, 73, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 3C, 70, 41, 00, C9, C2, 08, 00, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B...
 
[+]

Entropy:
5.9815

Code size:
88 KB (90,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
QPMEnroll

Command:
C:\Windows\System32\qpmenroll.exe


Scan qpmenroll.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.