dphostw.exe

DigitalPersona Pro for Active Directory

DigitalPersona, Inc.

The executable dphostw.exe, “DigitalPersona Local Host” has been detected as malware by 3 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Biometric Authentication Service”.
Publisher:
DigitalPersona, Inc.  (signed and verified)

Product:
DigitalPersona Pro for Active Directory

Description:
DigitalPersona Local Host

Version:
4.4.0.2053

MD5:
c25162213d51f0d73fdcc16cab435c3c

SHA-1:
0e58c59012a8a84058b1eff7661532da91fd0a1e

SHA-256:
5004519d436c070dcfe6c83ce3c327250f2a70d4e3db66ba4daa66192bc728b8

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/24/2024 11:06:05 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.16.24

File size:
395.5 KB (404,999 bytes)

Product version:
4.4.0.2053

Copyright:
Copyright © DigitalPersona, Inc. 1996-2009

Trademarks:
DigitalPersona® U.are.U® One Touch®

Original file name:
DPHOST.EXE

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\filemaker\bin\dphostw.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/26/2009 6:00:00 AM

Valid to:
5/24/2010 5:59:59 AM

Subject:
CN="DigitalPersona, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="DigitalPersona, Inc.", L=Redwood City, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
215C2FB00B669BA407FCF950382100D8

File PE Metadata
Compilation timestamp:
8/11/2009 5:06:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x24FBD

Entry point:
E9, 9F, 58, FE, FF, E9, 16, FE, FF, FF, B8, D5, B4, 42, 00, A3, C0, 98, 44, 00, C7, 05, C4, 98, 44, 00, D1, AB, 42, 00, C7, 05, C8, 98, 44, 00, 8F, AB, 42, 00, C7, 05, CC, 98, 44, 00, C3, AB, 42, 00, C7, 05, D0, 98, 44, 00, 39, AB, 42, 00, A3, D4, 98, 44, 00, C7, 05, D8, 98, 44, 00, 4F, B4, 42, 00, C7, 05, DC, 98, 44, 00, 4F, AB, 42, 00, C7, 05, E0, 98, 44, 00, B9, AA, 42, 00, C7, 05, E4, 98, 44, 00, 48, AA, 42, 00, C3, E8, 9B, FF, FF, FF, E8, 49, 65, 00, 00, 83, 7C, 24, 04, 00, A3, EC, A2, 44, 00, 74, 05...
 
[+]

Entropy:
6.6965

Packer / compiler:
Xtreme-Protector v1.05

Code size:
212 KB (217,088 bytes)

Service
Display name:
Biometric Authentication Service

Service name:
DpHost

Type:
Win32OwnProcess

Group:
BiometricGroup

Depends on:
RPCSS


Remove dphostw.exe - Powered by Reason Core Security