unsecapp.exe

  • File Path: C:\WINDOWS\system32\wbem\unsecapp.exe
  • Description: Sink to receive asynchronous callbacks for WMI client application

Hashes

Type Hash
MD5 E9EB3FAA2E95E1496F344AE84DF8144A
SHA1 994115FA40AA20729A77A87037FDE04111C1F8CE
SHA256 498760EB880B550C408A5204BFEC1775A161BC4781828CAE84626298B90200B3
SHA384 306279709ABCDACDCEF29DCD6185BABDB43C7544489010D4EC5888B6EC2D7B6D76A09FFAA9C362FF5D6D0DCEC4824C45
SHA512 B4179ED3562609622A7CBD991F355EDD7BD58291158F4121A0D968AF053ACCB8EF167666F36DF492CCEEC06DF92B6A7A44FDBA8C93C4E49D4B2875F4A3B57708
SSDEEP 1536:68l5xQVq6Gr7i0dTyTOuWAauTwWqy0+Bwc1c+H+Af6IS:jl5wq6GfmT5nauTwWqN+BwAt+wO
IMP 9656E21ED232DDC034DE628B1E2968AD
PESHA1 AD0A79FD5D48C643817551F657EAA2D425F14777
PE256 42E4E9DB620678344DD4840BFFE6F6302DC2F020DF8534B84DC94E60E78D4564

Runtime Data

Usage (stdout):

Cannot run standalone

Loaded Modules:

Path
C:\WINDOWS\System32\combase.dll
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\RPCRT4.dll
C:\WINDOWS\System32\ucrtbase.dll
C:\WINDOWS\system32\wbem\unsecapp.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: unsecapp.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/498760eb880b550c408a5204bfec1775a161bc4781828cae84626298b90200b3/detection

Possible Misuse

The following table contains possible examples of unsecapp.exe being misused. While unsecapp.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - 'C:\Windows\System32\wbem\unsecapp.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.