el el amiril 0 Posted January 30, 2023 Share Posted January 30, 2023 hello eset community and respective administrator i am having trouble analyzing my dashost.exe file it was not tag by any antivirus as malware but when i run it on hybrid analysis.com it was tagged as rootkit and suspicious also it does not have any digital signature in it is this fine or is my pc got infiltrated i am sending a sample to eset of the file hoping i will get a response. here is the file @ https://file.io/9aS5vWwaQwPo Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 here is the report Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted January 30, 2023 Administrators Share Posted January 30, 2023 The file is no longer available. Please do not post link to potentially malicious files which could harm users if downloaded and run. Instead submit suspicious files to samples[at]eset.com in an archive protected with the password "infected". Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 im sorry i will abide rules next time can you please check my dashost.exe file as seen in the screenshot? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted January 30, 2023 Administrators Share Posted January 30, 2023 If you submit the sample to ESET, we can check it out. A screenshot is not enough and manually transcribing the SHA256 would be tedious. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 9 minutes ago, Marcos said: If you submit the sample to ESET, we can check it out. A screenshot is not enough and manually transcribing the SHA256 would be tedious. i wonder why my pc dashost is not digitaly signed? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 is it ok?😔 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted January 30, 2023 Administrators Share Posted January 30, 2023 Microsoft's file C:\Windows\System32\dasHost.exe is not digitally signed. Did you check its reputation? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 yes sir Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 now my regidit is detected as malware by filescan.io Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted January 30, 2023 Administrators Share Posted January 30, 2023 Please either submit those files to samples[at]eset.com or provide hashes of the files or links to the above pages. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 can filescan.io be trusted? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 its very wierd i think my pc got infected with malware that is not seen by all anti virus i am sending samples Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 running sfc in normal boot did not find any integrity violation but when on startup repair it found violation that it cant fix ? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 i think it has software virtual machine packing to protect its code can eset even managed to scan this type of concealment? Link to comment Share on other sites More sharing options...
itman 1,755 Posted January 30, 2023 Share Posted January 30, 2023 To get to the bottom of this, I submitted dashost.exe from my Win 10 x(64) build to Hybrid-Analysis. I received the same suspicious detection as shown in the previous posted screen shot. In other words, it is a false positive detection. As far as the regedit.exe detection by filescan.io, I have no idea what file you actually submitted, or if the file was actually submitted to the legit filescan.io web site. Unwarranted software paranoia I believe is being manifested here. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted January 30, 2023 Most Valued Members Share Posted January 30, 2023 I'm curious why you are scanning these on multiple sites in the first place. The problem is anything has the potential to flag as suspicious, but the fact no AVs are detecting them looks like these suspicious flags are false positives Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30, 2023 Author Share Posted January 30, 2023 @itman i run and want to test my windows files after a html trojan is detected by my eset and after checking that my pc windows files has no digital signature by the way i am running a crack game/program that i set my eset hips to block modification. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 31, 2023 Author Share Posted January 31, 2023 i think its false positive Link to comment Share on other sites More sharing options...
Recommended Posts