SearchIndexer.exe

• File Path: C:\windows\SysWOW64\SearchIndexer.exe
• Description: Microsoft Windows Search Indexer

Hashes

Type	Hash
MD5	7D6DF1BC06E587F346A0B292A930F3A5
SHA1	3D06FB182F33A01F894E687013C7B4E5D2721C29
SHA256	EC58D7F640CFCB9C6971803C5BA3A51FBDEA36D2C4DE4183FECA955A1080E00F
SHA384	3BD3A783E125720DFFAF2263E84100C7A1D82AA977A80668177EB891A5E3112225DEB2888C76471931C003EC45162706
SHA512	115B80599A176AC585A832463134180CD3D15AE76AA157BEEFB95C01626442FE1276A2A2347769A8ACF9C3B90BDC22F178C210BBEC92328B80A6AF95CAF34CFA
SSDEEP	24576:yjc4fjM6iQlSeJIjRrRkFS4KIiThSQ5kdk:yjYeJwRFkdiThSQ5K

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: SearchIndexer.exe
• Product Name: Windows Search
• Company Name: Microsoft Corporation
• File Version: 7.0.17763.1098 (WinBuild.160101.0800)
• Product Version: 7.0.17763.1098
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of SearchIndexer.exe being misused. While SearchIndexer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	image_load_suspicious_vss_ps_load.yml	- '\searchindexer.exe'	DRL 1.0
sigma	proc_creation_win_abusing_debug_privilege.yml	- '\searchindexer.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.