HOSTNAME.EXE
- File Path:
C:\Windows\system32\HOSTNAME.EXE - Description: Hostname APP
Hashes
| Type | Hash |
|---|---|
| MD5 | 33AFAA43B84BDEAB12E02F9DBD2B2EE0 |
| SHA1 | A57959CB3D0CEA955ACAA5DBA3D1197CD4C7E1A8 |
| SHA256 | A90C3FB350A11C6F6A6EFA9607987D924D1DE65E09CA9FAF2E0E0E00531EE335 |
| SHA384 | 1E7F4D1DF1F887898A8AEA476AB836455B97CC21D8A9B217AFABFF5CD675CD5825FAB7B378C8F3BF2668D2EE3BF7CA16 |
| SHA512 | 9783343CD311B12860FBA232AFCE9651B6D528C97C532A9E5AD76BB813AFFB923224DC90E7F16D183DFC6990A93C337C584ED3F0BE9927DB293A0B1502110EC5 |
| SSDEEP | 384:+8ShT761G2Weh3rjhVwVab27enbtKWV6W:+8SqG27rfZK7sb3 |
| IMP | 5CD891320C666621E9783444DB8CBA78 |
| PESHA1 | 4724AFE177D3A0107C5FC9DA28C7BFD310EE2AD9 |
| PE256 | 8B856AF12D2CB9DD13BBCDF9BBF3D0A40AE6E6F36628203573B8DAD9F30C16C1 |
Runtime Data
Usage (stdout):
Prints the name of the current host.
hostname
Usage (stderr):
sethostname: Use the Network Control Panel Applet to set hostname.
hostname -s is not supported.
Loaded Modules:
| Path |
|---|
| C:\Windows\system32\HOSTNAME.EXE |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: hostname.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/76
- VirusTotal Link: https://www.virustotal.com/gui/file/a90c3fb350a11c6f6a6efa9607987d924d1de65e09ca9faf2e0e0e00531ee335/detection
Possible Misuse
The following table contains possible examples of HOSTNAME.EXE being misused. While HOSTNAME.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | apt_silence_downloader_v3.yml | - '\hostname.exe' |
DRL 1.0 |
| sigma | proc_creation_win_multiple_suspicious_cli.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_commands_recon_activity.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_hostname.yml | Image\|endswith: \HOSTNAME.EXE |
DRL 1.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
hostname
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays the host name portion of the full computer name of the computer.
[!IMPORTANT] This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network.
Syntax
hostname
Parameters
| Parameter | Description |
|---|---|
| /? | Displays help at the command prompt. |
Any parameter different than /? produces an error message and sets the errorlevel to 1.
Notes
- Environment variable
%COMPUTERNAME%usually will print the same string ashostname, but in uppercase. - If environment variable
_CLUSTER_NETWORK_NAME_is defined,hostnamewill print its value.
Examples
- To display the name of the computer, type:
hostname
- To display the name of the computer in uppercase:
echo %COMPUTERNAME%
- To alter the hostname output:
set "_CLUSTER_NETWORK_NAME_=Altered Computer Name"
hostname
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.