SearchIndexer.exe

  • File Path: C:\Windows\system32\SearchIndexer.exe
  • Description: Microsoft Windows Search Indexer

Hashes

Type Hash
MD5 6D8E4B6107149B1495C44103C264235E
SHA1 CE134E47F166EF2C6E113BA424EE7C4ACFB13768
SHA256 1B31E6CB35F3AAC01E663D3BD98FA90129B5F1744AE70BF1DC3AF464F284A573
SHA384 6EAD760E0254EA109F269E6AA3C9572C00F16CC220D8566BD9C3409E6C68D2C41F4B74AD55D7129AF189EBB7E3BE7D3F
SHA512 34E0B032DDA7EED51926FE0FC6C76B2DB2C3C52CE95C514EE246F079398B06B29AE61FD69DB9AB544D267399B52D0A8D50DC86182A0704016D6BFF7E784978B4
SSDEEP 24576:zWhJZcGjnQ/V0R2BN+os7clUI2j7Xeo0h6VQ:6hJ8mR2BVsOUIG7Xeo0h6Q
IMP 33213C2BA466112DF0653CF508365950
PESHA1 47AB0A23FCB17095E6158E8669546E058478A4A0
PE256 3DBA1D2FE5DDCB880946BD38AACD389FD7237A93B82B1A4D144235B5ABABF0FA

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\advapi32.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\combase.dll
C:\Windows\system32\cryptdll.dll
C:\Windows\system32\ESENT.dll
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\system32\MSSRCH.DLL
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\system32\TQUERY.DLL
C:\Windows\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchIndexer.exe.mui
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 7.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/1b31e6cb35f3aac01e663d3bd98fa90129b5f1744ae70bf1dc3af464f284a573/detection/

Possible Misuse

The following table contains possible examples of SearchIndexer.exe being misused. While SearchIndexer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_suspicious_vss_ps_load.yml - '\searchindexer.exe' DRL 1.0
sigma proc_creation_win_abusing_debug_privilege.yml - '\searchindexer.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.