SearchIndexer.exe
- File Path:
C:\Windows\SysWOW64\SearchIndexer.exe - Description: Microsoft Windows Search Indexer
Hashes
| Type | Hash |
|---|---|
| MD5 | 0C29B34AF01B98514414DF1CB2FAFFAB |
| SHA1 | 51C46901AEA3207EB093273FFA33DDF1B90B1C95 |
| SHA256 | B2F7E272A5E959B6FEBA8720CD63DB34EE638D5D3419A00CDCD3A3753E725C30 |
| SHA384 | DA207F4AB4C60E603DBE9AC2FA0E163CD4CCC1A166AB9E55E03D65D91DC6DB2820FB8B214F577CEF9B225B4588F6D70E |
| SHA512 | C7810D1276D5E4EC4487FE86F22860CEBC6D89871DE4880515BF601942A023CDEA783C68C84E3072BB694B6198F31FE97CB18D4A68C977E235C707A2D22BC4A8 |
| SSDEEP | 12288:KMoaWcqp4xpdVoTVTBQtGkgBE0y4GY/8rjtYbEwoOQNVxJlRn6/+W+NaQyWcPC/t:gaW1p4xXVwzcD3Ht4EwoxJe+NayJnqKn |
| IMP | 812BC377718C5596E3E57EC10AA99C88 |
| PESHA1 | 5B2AAB9AEF02E1155FD0449080092F2AAB9BF2E0 |
| PE256 | 31BEF7091BC70B5C95708377D70BDAEB173EED9BE9B2E662F200FABB5D0B072E |
Runtime Data
Child Processes:
perfmon.exe
Loaded Modules:
| Path |
|---|
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\SearchIndexer.exe |
Signature
- Status: Signature verified.
- Serial:
33000002EC6579AD1E670890130000000002EC - Thumbprint:
F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: SearchIndexer.exe
- Product Name: Windows Search
- Company Name: Microsoft Corporation
- File Version: 7.0.19041.1151 (WinBuild.160101.0800)
- Product Version: 7.0.19041.1151
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/b2f7e272a5e959b6feba8720cd63db34ee638d5d3419a00cdcd3a3753e725c30/detection
Possible Misuse
The following table contains possible examples of SearchIndexer.exe being misused. While SearchIndexer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | image_load_suspicious_vss_ps_load.yml | - '\searchindexer.exe' |
DRL 1.0 |
| sigma | proc_creation_win_abusing_debug_privilege.yml | - '\searchindexer.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.