SearchFilterHost.exe

  • File Path: C:\Windows\SysWOW64\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 A2E770284F3AF4AFA09407862E73ADFB
SHA1 F7D149FB922FF5D7DB376DD47A63E5A10CA736C7
SHA256 DD8A449737CA241BF34BE50DF7ACF09BB62AF97CC6AE8E6E5B4CCCB6DA7F4DEC
SHA384 5D2D71C802D29E84310AB9FDAC5512FEF2D39F4AF09F582CF0CE660C360228DA0B199FDAB9E8079A9B96EABDDF44CCDF
SHA512 49F90D7AF756F168E0453788BE26674879ACDABD774B90104A75ECD70C5343E317DB1416BF3C1DB05AFE845E688E13523C27B4564B546BC5B11A89AE85435164
SSDEEP 3072:xO+RuXFRkFpIkGFc6aB3TnrdsAw1ihk6kvtfGq0ev3U5WNlEeXR:k5gxn68DnrdswrkR10efUKlr
IMP 5CA6A4101092874D62A3DDE80F619F69
PESHA1 A608ACAF74869EA3B9CE09DEFD3B9417C2DD4DCC
PE256 7147AB22E00B8790987EAB1D80BC28E5C51535E91662C0F670FBF4A28D01FD88

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SearchFilterHost.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 7.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/dd8a449737ca241bf34be50df7acf09bb62af97cc6ae8e6e5b4cccb6da7f4dec/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 46
C:\WINDOWS\system32\SearchFilterHost.exe 50
C:\Windows\system32\SearchFilterHost.exe 50
C:\Windows\system32\SearchFilterHost.exe 35
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchProtocolHost.exe 33
C:\WINDOWS\system32\SearchProtocolHost.exe 33
C:\Windows\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchFilterHost.exe 54
C:\Windows\SysWOW64\SearchFilterHost.exe 49
C:\Windows\SysWOW64\SearchFilterHost.exe 49
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 49
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 41
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 32

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.