unsecapp.exe

  • File Path: C:\Windows\system32\wbem\unsecapp.exe
  • Description: Sink to receive asynchronous callbacks for WMI client application

Hashes

Type Hash
MD5 0BA8D3EDBE27B4C5475D569AF411C2A0
SHA1 8E8AF64662B50738D27D835FEDD66A41E5752A0D
SHA256 5CD0DD3B1454B437362C87C651EE2068AC27CDB725AA1C705CF62FF325A759CC
SHA384 021884DE1CE9B75AAA3B762B81F6E76D2B83DFF81206E2CAE897D97BFCEF4375FE0F450DB5E164130A95543BDB8A5FF4
SHA512 D7FF3EBFFEE853A643DE5D10E59C6A6199E24CC9BDFC585ECF8414D26721F50178B96A294E624B68BE532C9EE2EB086E3876B896C8CC25E9C0C50C1F58D7F8C2
SSDEEP 1536:DzAD+X+1mFQOM16kLDGa3Fz8yntK6b+Bzn1dZSfcP2OZ:DzcT1wkLDGa3Fz1nk6b+Bz1b62
IMP 87E54E3D04D772F26002D8B564B2426C
PESHA1 E93D96431BEA31516A2F80132FB67B44B605C2C8
PE256 7090CE5A6DD300A85026CAC8D898C33401B8727FB3BE56FC8C70C99E23A4FF00

Runtime Data

Usage (stdout):

Cannot run standalone

Loaded Modules:

Path
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SYSTEM32\wbemcomn.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: unsecapp.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.610 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.610
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/5cd0dd3b1454b437362c87c651ee2068ac27cdb725aa1c705cf62ff325a759cc/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\wbem\unsecapp.exe 93

Possible Misuse

The following table contains possible examples of unsecapp.exe being misused. While unsecapp.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - 'C:\Windows\System32\wbem\unsecapp.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.