unsecapp.exe

  • File Path: C:\windows\system32\wbem\unsecapp.exe
  • Description: Sink to receive asynchronous callbacks for WMI client application

Hashes

Type Hash
MD5 C2350763FCDC8AD7A678164EE0814C4F
SHA1 A173EBBACE6D7AC2D9B47290C523A4BF4AD724B2
SHA256 7DF67E2E0AD0D26B378EEDAE9D517B420C7D17715A95A0B1DAF29B12C239FED5
SHA384 694B26ED167E0A6082B6B00FD6EA69528F5065FD302A08FF66396F7726663E322AD133E7A10E19B6A99F03EB840F12C1
SHA512 4BC3D0AF9CE4B182550F29F135F6AF26E722076CA1FE23E88F81B40810B32A1784F76D5AA8FA23B5ADD803C3E74BCFB25DCE7038628C4606453349DD3601EC3D
SSDEEP 768:w00V19T2VOP8OCKNNQ+dZDRhacVPjU4NUEy8Fh0jJ3pGIwyuNyS7nLdp7Z2NnPWq:w00V1oOUOpzBVLU4NZTop9taySN4D

Signature

  • Status: The file C:\windows\system32\wbem\unsecapp.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: unsecapp.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of unsecapp.exe being misused. While unsecapp.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - 'C:\Windows\System32\wbem\unsecapp.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.