SearchFilterHost.exe

  • File Path: C:\Windows\system32\SearchFilterHost.exe
  • Description: Microsoft Windows Search Filter Host

Hashes

Type Hash
MD5 DCE97A7B66E0D4A2BA9B52E7D05B334C
SHA1 58B76068B7984E3B9BC63FC5E66DFEEC77327E98
SHA256 A7267E3E9BF56ADD286D9799C43A548264FB2146C6ABD93101DB5EEB4BCEA2F0
SHA384 698FBB70431DFA3CF5A887C6E43F9B210650D30B9426F40E9BDF0BD3993CAB57B5037700E0411F85BB7D33FC23F53283
SHA512 A9CDFFFC5C67F384A6B5480EF6C687B437C5BC1444C3AE800DA142996602A8C1FC614CAB43E7522CD66CE5DC7CAE02312FB2AD7087E79189372CBDCEB26CC221
SSDEEP 3072:ESMHLMtegXSTbWm2ILI1uEDV+LjIvuPVhmrrX2vTvNN1ihk6kvtfGq0ev3U5WN:EvJIGWHII1uEDV2hmrrGTarkR10efUK

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\SearchFilterHost.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchFilterHost.exe
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.17763.1369 (WinBuild.160101.0800)
  • Product Version: 7.0.17763.1369
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SearchFilterHost.exe 43
C:\WINDOWS\system32\SearchFilterHost.exe 40
C:\WINDOWS\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 44
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 35
C:\Windows\system32\SearchFilterHost.exe 44
C:\Windows\system32\SearchFilterHost.exe 43
C:\Windows\system32\SearchFilterHost.exe 63
C:\Windows\system32\SearchProtocolHost.exe 35
C:\WINDOWS\system32\SearchProtocolHost.exe 40
C:\Windows\system32\SearchProtocolHost.exe 33
C:\Windows\system32\SearchProtocolHost.exe 35
C:\Windows\system32\SearchProtocolHost.exe 33
C:\Windows\system32\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchFilterHost.exe 35
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 50
C:\Windows\SysWOW64\SearchFilterHost.exe 43
C:\WINDOWS\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchFilterHost.exe 44
C:\Windows\SysWOW64\SearchProtocolHost.exe 27
C:\Windows\SysWOW64\SearchProtocolHost.exe 32
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 36
C:\Windows\SysWOW64\SearchProtocolHost.exe 35
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 30
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 35
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 33
C:\Windows\SysWOW64\SearchProtocolHost.exe 32

Possible Misuse

The following table contains possible examples of SearchFilterHost.exe being misused. While SearchFilterHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\SearchFilterHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.