SearchFilterHost.exe

  • File Path: C:\Windows\SysWOW64\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 3E3E2E16A066917E23B88312E3ECBF55
SHA1 9121AFC685E051C42E3B273EA36046E9F466EED7
SHA256 3BE3BD2C06C9FF4F40AE1E605FB0044F2D532D8730E6DF2C3CC8CFAD3DF387A2
SHA384 B56F7546987F24428317FAEFA3C8C680DC1B3E9385E7FDE5D6397647414733497F62B54B1D9F5FA6B8D7802C388E1A2F
SHA512 7929D07FAAD73AA6625063B63321386DFE97ABE12B46783FB55B7E5FC41C86DC7AA8C2948FA736666CF8C95D3974F6FC784A0F084C4AAD4E5F81BDB1AE59FDFC
SSDEEP 3072:L3+gweo7U1zqv8GsmDZY4kc8xzGibXuGEGeznVrnKvJ91ihk6kvtfGq0ev3U5WND:L3/12hotbhEGezVrnKvmrkR10efUK+
IMP EC65350EF20C54293FB94B3EA4ED0FE4
PESHA1 3A43C6B90D4FC14E9122F2D3145171AE6312C8AE
PE256 2A6668E74113A2C525A3F229993197D3CF1368757C2E33F12EDF63570E582DC9

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SearchFilterHost.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.19041.1151 (WinBuild.160101.0800)
  • Product Version: 7.0.19041.1151
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/3be3bd2c06c9ff4f40ae1e605fb0044f2d532d8730e6df2c3cc8cfad3df387a2/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 43
C:\WINDOWS\system32\SearchFilterHost.exe 33
C:\WINDOWS\system32\SearchFilterHost.exe 44
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 41
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 47
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 44
C:\Windows\system32\SearchProtocolHost.exe 33
C:\WINDOWS\system32\SearchProtocolHost.exe 33
C:\Windows\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 41
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 49
C:\Windows\SysWOW64\SearchFilterHost.exe 41
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 41
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 40
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 32
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 27
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 30

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.