DismHost.exe
- File Path:
C:\Windows\SysWOW64\Dism\DismHost.exe - Description: Dism Host Servicing Process
Hashes
| Type | Hash |
|---|---|
| MD5 | 37EA3E07F35A490F68C38D2F08344E12 |
| SHA1 | B072D5E40A79204D2EF585CF748897F72A5BF370 |
| SHA256 | EA7E7D5045D32C114C030E85FB03925690F2FFFE93C5EB56209292C3C1154A8C |
| SHA384 | 2AB770158B63105CF7897BA9C3A2320AD002C2162B007047084CCEF857BFDA2E5F101DF325B8178F4976C49BF9189832 |
| SHA512 | F239A7A5EE155526ADFD7E5616DFC4C06EF705C5EA7AE548D637238B1E58495B830496D3900FF6F33890C6371E5BA3284FB97F27B0514878D4FC18F34B52DF28 |
| SSDEEP | 3072:A2PBxNV0a6pEIChuGkkZbD1Vh6LVYofclw:A2NdAChulWbD1Vh6LC4ca |
| IMP | D73721430C20D31544AEA558B6ECAA47 |
| PESHA1 | 260215D0899792E3AF2D45A4AB76D7B8CBFA2F82 |
| PE256 | E8F64708C38E9487B69E275C71254726873D9F52D2CFEF6488C6C4EBD0A95A69 |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: DismHost.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1518 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1518
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: Unknown
Possible Misuse
The following table contains possible examples of DismHost.exe being misused. While DismHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | image_load_suspicious_vss_ps_load.yml | - 'dismhost.exe' |
DRL 1.0 |
| sigma | proc_creation_win_dsim_remove.yml | Image\|endswith: '\DismHost.exe' |
DRL 1.0 |
| sigma | proc_creation_win_uac_bypass_dismhost.yml | title: UAC Bypass Using DismHost |
DRL 1.0 |
| sigma | proc_creation_win_uac_bypass_dismhost.yml | description: Detects the pattern of UAC Bypass using DismHost DLL hijacking (UACMe 63) |
DRL 1.0 |
| sigma | proc_creation_win_uac_bypass_dismhost.yml | - '\DismHost.exe' |
DRL 1.0 |
| sigma | proc_creation_win_uac_bypass_ntfs_reparse_point.yml | - '\dismhost.exe {' |
DRL 1.0 |
| sigma | proc_creation_win_uac_bypass_ntfs_reparse_point.yml | Image\|endswith: '\DismHost.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.