unsecapp.exe

  • File Path: C:\Windows\system32\wbem\unsecapp.exe
  • Description: Sink to receive asynchronous callbacks for WMI client application

Hashes

Type Hash
MD5 9B782B1E1D7A2C28302755F963EAC907
SHA1 489A8A19A65C54FFDCE72BD9410B54F41DBADF91
SHA256 FABB8CC6DE82A79F1EED0976E5CE741FF3B9D5B1B40D90146052F4393CCA80A3
SHA384 47C208AF3331C21CA5ABB7B8C6D438C476699F4D181C8A8AC037393218ECDC07860B4B634BC79DFA9F9B443B36473025
SHA512 8EB808395F6FE126734ED415983752AFF05A79E2A7D413DB9D0ECC2296D28BAD38CD521185DBD0BE75528B4641DDB9A7FF67F781BA985196B93C91D11A91EBAE
SSDEEP 1536:6zAD+X+1mFQOM16kLDGa3Fz8yntK6b+Bzn1UZzfcP2OB:6zcT1wkLDGa3Fz1nk6b+Bz12bu
IMP 87E54E3D04D772F26002D8B564B2426C
PESHA1 17102F7F0F1009C1436DE83247D8EE2F6D8AAC3F
PE256 C4C9818AD67DC08ED1B36D2169904EAA0A3243E6DD480CFE549B560E6CC012C7

Runtime Data

Usage (stdout):

Cannot run standalone

Loaded Modules:

Path
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SYSTEM32\wbemcomn.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: unsecapp.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1320 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1320
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/fabb8cc6de82a79f1eed0976e5ce741ff3b9d5b1b40d90146052f4393cca80a3/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\wbem\unsecapp.exe 93

Possible Misuse

The following table contains possible examples of unsecapp.exe being misused. While unsecapp.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - 'C:\Windows\System32\wbem\unsecapp.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.