When I disassemble an ELF executable, I see a section
When i disassemble an elf executable, i see a section that contains a GNU hash. I think it is a signature in order to check if executable was patch or infected by a virus.
No, it is not. You are confusing two common uses of hash functions:
ELF binaries contain a "hash section" to allow fast lookup of symbols from the ELF's symbol table, to speed up linking. This section is called "hash section" because it contains a hash table. It has nothing to do with integrity checking.
To quote the ELF specification:
A hash table of
Elf32_Wordobjects supports symbol table access.
source: SYSTEM V APPLICATION BINARY INTERFACE, page 94