SearchIndexer.exe

  • File Path: C:\Windows\system32\SearchIndexer.exe
  • Description: Microsoft Windows Search Indexer

Hashes

Type Hash
MD5 9BF89670F58A838CBA82EC3B13266AB1
SHA1 B63798F8593E7C6AD1F7DB9AFF855C285187F083
SHA256 EFA17D9342FC498FF6EBAEF54FA2B5777FFD43E8786370D18B5F4364582D3D62
SHA384 5718137AE7760E8045E75A2F3304E7C281A62398CC133F12011853C565DC050761C273CE33B89BF6212FA42C57912EFF
SHA512 33ED6C282BD25F0C7C41CB56F96941BAD826E39C60F40C864E4F79DE292D0E023A3CFA7D4F51D8220A75612849B34C213F939E1814D59F669DCFDCAF0AFB56A6
SSDEEP 12288:MNID/LfdXM9LrV5X4A+IGhoDVqe6gWxuHYj6eNw1qhUryOsD/PjZMuB+P5QvBv6Z:57NM9YPZqmWMUkPjZM48Mv6bEhs
IMP A1B3FB608C2CC985C3A5D8A82E356A6F
PESHA1 83E211A08909A9EED132A54F0F07AD855F3D8266
PE256 339DB8881E5DC16ADC4AB9FDFB91793E807CB2448051BBE703883551170A45B3

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SearchIndexer.exe.mui
  • Product Name: Windows Search
  • Company Name: Microsoft Corporation
  • File Version: 7.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 7.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/efa17d9342fc498ff6ebaef54fa2b5777ffd43e8786370d18b5f4364582d3d62/detection

Possible Misuse

The following table contains possible examples of SearchIndexer.exe being misused. While SearchIndexer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_suspicious_vss_ps_load.yml - '\searchindexer.exe' DRL 1.0
sigma sysmon_abusing_debug_privilege.yml - '\searchindexer.exe' DRL 1.0
sigma sysmon_raw_disk_access_using_illegitimate_tools.yml - '\searchindexer.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.