sihost.exe

  • File Path: C:\WINDOWS\system32\sihost.exe
  • Description: Shell Infrastructure Host

Hashes

Type Hash
MD5 259D746528A65ED5953E6294D8EC1507
SHA1 9FDC8F2B7972D8A196C1635A59B413007A652867
SHA256 40A86A19EF9AFA0021CA59D08454034E6A6C37D620BE583C26E05E1D55D11CA0
SHA384 45F6935DD9E7C4C8461C3BF251718C0DB6BFA73D0E893C65E2822A4EB71B7E33E9E4CD89DFCD1ACDEAC18D884E6B3CBB
SHA512 731F10B5D2576E172AAB421FDAA58B1B75D0A1E27662518C699FA0E1B11F396495A3BD29EDBEDF79B459AAE69C4A6E1BC20CB0068C0C8FD57B19DF8FB40578CF
SSDEEP 3072:Qktg87fXG3zaSH3803Cw3i+HEopPHY5+aj3rcyfjVOTxc:zqyfXGDaSH380yw3i+kEY5n3cyfjVOTx

Runtime Data

Child Processes:

explorer.exe

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: sihost.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of sihost.exe being misused. While sihost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_creation_system_file.yml - '\sihost.exe' DRL 1.0
sigma proc_creation_win_system_exe_anomaly.yml - '\sihost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.