SearchFilterHost.exe

  • File Path: C:\Windows\system32\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 BB3FEB38673DB103CAB1634AECE1DC21
SHA1 C97971CCC7D89D4E2953F758C24AD1F271936AD2
SHA256 574D2D970451B89B6C646253345628AA692CF76F6A6FE4404086D20CAEB6A211
SHA384 884F816FE61BBD6E1C94DF37DE050F578C991A3D40A535D92ABCF92FEE9D35046C474BAC007D37547EEC740E94D97ADE
SHA512 E0379D6FC047F74C5ECDE2F9E4E9022B8DE7FAC62436298AFAD9E3E78A51B15EB02FFCF4CA496CC0242D44189898E04B36CE296E32A52A0D00AEB2D4B8AF615F
SSDEEP 3072:MSMHLMd+gXSCbWm2YLIl9EM/++80hwQNpmr+UrgCf9Br51ihk6kvtfGq0ev3U5WN:Mv5I5WHYIl9EM/Hpmr+BYkrkR10efUK
IMP 837968E736EE58A7F0780D1DA007BB63
PESHA1 88EC76215A5BD99470616C1607CD542B7EE34C9B
PE256 5801CC1A41F35C82EFDC5E5DA61A16A06DBCF59EB2761D89142A702C671DE39B

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\advapi32.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\combase.dll
C:\Windows\system32\cryptdll.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\imm32.dll
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\sechost.dll
C:\Windows\system32\TQUERY.DLL
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.17763.831 (WinBuild.160101.0800)
  • Product Version: 7.0.17763.831
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/574d2d970451b89b6c646253345628aa692cf76f6a6fe4404086d20caeb6a211/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 46
C:\WINDOWS\system32\SearchFilterHost.exe 52
C:\Windows\system32\SearchFilterHost.exe 38
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 35
C:\Windows\system32\SearchFilterHost.exe 47
C:\Windows\system32\SearchFilterHost.exe 63
C:\Windows\system32\SearchProtocolHost.exe 33
C:\WINDOWS\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\system32\SearchProtocolHost.exe 40
C:\Windows\system32\SearchProtocolHost.exe 29
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchFilterHost.exe 35
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchFilterHost.exe 41
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 32

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.