SearchFilterHost.exe

  • File Path: C:\WINDOWS\system32\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 1E494BC759BD7E799F725285D37A8126
SHA1 B566FA0A8A67866232DB106F248C6C13DA125EF1
SHA256 C1E86197124463163202C88DAF8DDFB84CA359B9BBB14E50F7CEFF256178D611
SHA384 1A6A037730B9E0C5C6356C58E0528E830368E148DEDF353CA934C001162CB64259696733C933CF138827C3465C2E5236
SHA512 76689E72684720415628CB471629B895ACAEC99188ECAB770B2030D138A634D49D56B0DF88F698381931AE019146E7963ED309EC6A7E4D8BA8E5538C57DFFE50
SSDEEP 6144:mBIVgUzDWb/DI5q+xPQsvMlgAGloIrkR10efUK:ZVgUzDWb/DI5qgPXMRIQztf
IMP 1CAB7D7CAC38CE90425E7ED7B8A3888C
PESHA1 5208A5D3CEDE40B52605372B723BFF6005FA9D93
PE256 B86ED898F148DE3AAB0E157F4527673A3BEE50191BA4BDC05CDBED3560A5C53D

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\system32\SearchFilterHost.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.22000.282 (WinBuild.160101.0800)
  • Product Version: 7.0.22000.282
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/c1e86197124463163202c88daf8ddfb84ca359b9bbb14e50f7ceff256178d611/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 49
C:\WINDOWS\system32\SearchFilterHost.exe 38
C:\Windows\system32\SearchFilterHost.exe 35
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 38
C:\Windows\system32\SearchFilterHost.exe 36
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchProtocolHost.exe 32
C:\WINDOWS\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\system32\SearchProtocolHost.exe 38
C:\Windows\system32\SearchProtocolHost.exe 33
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchFilterHost.exe 38
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 33
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 36
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 40
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 40
C:\Windows\SysWOW64\SearchFilterHost.exe 40
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 30
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 30

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.