SearchFilterHost.exe

  • File Path: C:\Windows\SysWOW64\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 10D15D96253E0625329DF893C210A83F
SHA1 74ED9E0870F84DAA0A7CEE72F66165FD13E902D4
SHA256 C80BF01B08858862E714995C669C3B3687614DA4AC20798248E413D7F62AB2B5
SHA384 946B1F954E9713084A93B9DEB2CAE996A851AD84C1B18DDDF34C4A5E73AD8C6925E60FBBF9286FC4D55F09A3F882C754
SHA512 B5A39C726DBED3178C9F17727E5B6CA156E75A93E95BDA94500B24B0B1B2B2B6A5F7AFE23966BAB025EEAD7672DE93743075E15860AD9D5BED4DF6B2DCD2C3F1
SSDEEP 3072:wcg+AkhImHlKKxv0465R5m6FuC0Utf+Y++nwErsHhTd1ihk6kvtfGq0ev3U5WNiW:Zg+lxzNktf++nwErsHhArkR10efUKi
IMP EC65350EF20C54293FB94B3EA4ED0FE4
PESHA1 C4BF22E3B1D12287F3EBE5673FC4467F301AB418
PE256 66B55FBF3A7AFAC779B220C50430373E6DCCD3E6FA915499A9AB0CD89BDFF05D

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SearchFilterHost.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.19041.610 (WinBuild.160101.0800)
  • Product Version: 7.0.19041.610
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/c80bf01b08858862e714995c669c3b3687614da4ac20798248e413d7f62ab2b5/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 43
C:\WINDOWS\system32\SearchFilterHost.exe 44
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 41
C:\Windows\system32\SearchFilterHost.exe 46
C:\Windows\system32\SearchFilterHost.exe 41
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchProtocolHost.exe 30
C:\WINDOWS\system32\SearchProtocolHost.exe 30
C:\Windows\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 27
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 55
C:\Windows\SysWOW64\SearchFilterHost.exe 47
C:\Windows\SysWOW64\SearchFilterHost.exe 54
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 47
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 40
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 35

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.