unsecapp.exe

  • File Path: C:\Windows\system32\wbem\unsecapp.exe
  • Description: Sink to receive asynchronous callbacks for WMI client application

Hashes

Type Hash
MD5 8B0E699F01BDD3B9AD741D1BD7343248
SHA1 BA0B729D2E78D533DFC771238F1BF8188D2DB2BC
SHA256 8095D4D7726438F8665E00C1A405AB94DB6358DC14740783795CF8617A64F19E
SHA384 330F3C4E9F8A4D15A435C6B113F8D96BA8A61DE979261433385B26E5F6118150C03BBC1F5B92EBD0804AB70EFD2A55F8
SHA512 699B796C26DE15D4017CD5156431BD392A591BEB6ACDD2A692C5982E0140173D67ADBE39320C0580B1BC2F1E12C975ED7F23B2D3DF975C617FBBAE033AF80602
SSDEEP 768:UGq5NFAcMTnRsAvQCo1CLImfqTgzjKPH+15jf520AfSHIT+4OX/L+kKVBfu:UGAFMLSmQmImfegzjUH+1tf5LAfo+fu
IMP 9E0E0DA3FF0E183298AEDC6F7ECB7E05
PESHA1 921B609CBF6FCAB16D07C036C394E5A5E7A49DAA
PE256 2853A942EADCAC74FE5C1222787F117CDCB024BC905C2839F826F718441DBD06

Runtime Data

Usage (stdout):

Cannot run standalone

Loaded Modules:

Path
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SYSTEM32\wbemcomn.dll
C:\Windows\System32\WS2_32.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: unsecapp.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/8095d4d7726438f8665e00c1a405ab94db6358dc14740783795cf8617a64f19e/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\wbem\unsecapp.exe 40

Possible Misuse

The following table contains possible examples of unsecapp.exe being misused. While unsecapp.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - 'C:\Windows\System32\wbem\unsecapp.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.