dsac.exe

  • File Path: C:\Windows\system32\dsac.exe
  • Description: Active Directory Administrative Center
  • Comments: Active Directory Administrative Center

Hashes

Type Hash
MD5 0514311E5FAE3AD0676E8829B63B2B02
SHA1 F69AF1B7D89F7529FCE885CD9F7E86992A6D7567
SHA256 8F2225BE75EC8DB95B6CB3F1ACA05B950217B7E8BBE479D0D010C56A0BA40BE9
SHA384 0A4807A3BDBED8EEB023CF745FA7321C81278E15EFF5855D156F52BB7641702216D6B56F6DFBC046555A2F7CC651122A
SHA512 3D373C2C8A161350278C8947971EB7AFF6064E89721F6F2F80D147F5423C2EE5CF032CAC0CE275549CDA90279ABFB5B036C8029D55794E3B278858B9BDF32D10
SSDEEP 98304:57jtrXvLZ34c3cHkzV8npDpoop09D9qUzkbQKpoupuptpyQpo:57jpXvLZ3JzV8npDpoop09D9qUzkbQKZ

Runtime Data

Window Title:

Active Directory Administrative Center

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\imageres.dll.mui File
(RW-) C:\Users\user\Documents File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1397_none_de7645305346d5dc File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_3112 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme4283305886 Section
\Windows\Theme1956823608 Section

Loaded Modules:

Path
C:\Windows\system32\dsac.exe
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dsac.exe
  • Product Name: Microsoft (R) Windows (R) Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1
  • Product Version: 10.0.17763.1
  • Language: Language Neutral
  • Legal Copyright: Copyright (c) Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of dsac.exe being misused. While dsac.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma pipe_created_alternate_powershell_hosts_pipe.yml - '\Windows\system32\dsac.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.