SearchFilterHost.exe

  • File Path: C:\Windows\SysWOW64\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 D332D4C07B7289696EE7EE8D656100B0
SHA1 2D3FC85C5D8F7C96B8D9BA355BECC1DEB8FD17AB
SHA256 D2603E6540EB2439AD53D29DA0F243914DB6FFB67A9A92F6E360F77498129B4C
SHA384 9F3D33F62A9DEF34CEF4241E75088721CBF297B4B4E7DB1276AF5C0E83ACB6DB960C72878DD1EA7155F3BF3528C67D59
SHA512 2A707811B2CEBF69A75088C6BA0EEDEFA9C03CFF1DA916CD2BD630C922D39ED568FF5021112176AB9DC796A210EE1B64F617EC6F9CD111715EE4F9C3A347660D
SSDEEP 3072:uT6+GteY7fVFBaJ6BpTuFOSSq7+uuJpnphrsHh++1ihk6kvtfGq0ev3U5WNi1knG:06FVFQSY7eJpnphrsHhMrkR10efUKi

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SearchFilterHost.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.19041.329 (WinBuild.160101.0800)
  • Product Version: 7.0.19041.329
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 46
C:\WINDOWS\system32\SearchFilterHost.exe 40
C:\WINDOWS\system32\SearchFilterHost.exe 46
C:\Windows\system32\SearchFilterHost.exe 40
C:\Windows\system32\SearchFilterHost.exe 38
C:\Windows\system32\SearchFilterHost.exe 36
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 41
C:\Windows\system32\SearchFilterHost.exe 44
C:\Windows\system32\SearchProtocolHost.exe 33
C:\WINDOWS\system32\SearchProtocolHost.exe 33
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchFilterHost.exe 40
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchFilterHost.exe 41
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 88
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 32
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 30
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 36

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.