SearchFilterHost.exe

  • File Path: C:\Windows\system32\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 79242AB9AABF63BB91672F67ECE93C31
SHA1 CECD3788A6881DD7FF1654D2EEB09C7787A76CC8
SHA256 9D2D77F7DD153878B2CCB18D8B12A35A743EFAB598CB6475BFC72A539AC77A05
SHA384 D6262F73B8878B99CBC8EF6074FC77ADEB4F8992B42486FC67C44868C91A62F88A3E0FA08A2BD9E8B4092673AB865748
SHA512 D5EE078192199BF2468F4DD02A6F6B68C4B5F6DABAD0354E791F4FD33199B5CE25A11B56E26DFE1E43CD21657297BB2C0B7637F1F63E8E6BC81D8C09B0FF3FED
SSDEEP 3072:z3nVMLSJCKd/In5dF7Y06FXvLh3k+p7/q1N2sVepUt6a1ihk6kvtfGq0ev3U5WN:zKLiCKNIS0CXjh0P2sVee0rkR10efUK
IMP 25975932FE65B44EA2DD939DC008D453
PESHA1 1EB46C02CA86DECF68E1B0A40558D1A4B172AD87
PE256 E22D34406A99630E77CC634A7EDE53308BAB6B1A7F8CA8A5440A1F6CCDF92DF0

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\SearchFilterHost.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.19041.488 (WinBuild.160101.0800)
  • Product Version: 7.0.19041.488
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/9d2d77f7dd153878b2ccb18d8b12a35a743efab598cb6475bfc72a539ac77a05/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 55
C:\WINDOWS\system32\SearchFilterHost.exe 41
C:\Windows\system32\SearchFilterHost.exe 38
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 63
C:\Windows\system32\SearchFilterHost.exe 47
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchProtocolHost.exe 35
C:\WINDOWS\system32\SearchProtocolHost.exe 33
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\system32\SearchProtocolHost.exe 30
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\system32\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchFilterHost.exe 35
C:\Windows\SysWOW64\SearchFilterHost.exe 41
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 47
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 40
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 38
C:\Windows\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 29
C:\Windows\SysWOW64\SearchProtocolHost.exe 35

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.