SearchFilterHost.exe

  • File Path: C:\WINDOWS\SysWOW64\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 BDCF47F408DA7D42D97763D27405B773
SHA1 57253FE513CCDDA3D84D1DCF18C93610D80BD673
SHA256 CC7C85554C720281D2D2BFBA3D667820A6C17F53DA5A92AF49179ADFB425D545
SHA384 E3ECF48741EF618FA4870B53C90FDE2A9822414C50C8FE72D867ACD1B2DB62EB07C77D5103A4B111EEC8A72F47ADCA91
SHA512 4FAD46C2BA356BF631AC3E1E7158491605FE6CA6C81599F202EE6708288E684F1903BFA45DC8FBD68ED8EBABDFAAC79310000BFB418124C3C4209EE0A755D6D8
SSDEEP 3072:yvcRz+cqmLP+hyqcESiQoBzBGtIsL5tzsv7HTnrBgyS1ihk6kvtfGq0ev3U5WNrc:lJSY6QsGtIslt+/nrBgErkR10efUKr

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.18362.719 (WinBuild.160101.0800)
  • Product Version: 7.0.18362.719
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 41
C:\WINDOWS\system32\SearchFilterHost.exe 49
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 41
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 50
C:\Windows\system32\SearchFilterHost.exe 44
C:\Windows\system32\SearchProtocolHost.exe 33
C:\WINDOWS\system32\SearchProtocolHost.exe 43
C:\Windows\system32\SearchProtocolHost.exe 40
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\system32\SearchProtocolHost.exe 29
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 47
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchFilterHost.exe 49
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 40
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 32

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.