HOSTNAME.EXE
- File Path:
C:\windows\SysWOW64\HOSTNAME.EXE - Description: Hostname APP
Hashes
| Type | Hash |
|---|---|
| MD5 | 7EF4AB28A28CD09123DC204B96F589E4 |
| SHA1 | 8082C8B6D9D6B9B894D6B7FA95CFD13A3F893818 |
| SHA256 | 8DB9DC2896F6220CBFE25C60A2581E88F3BA6637EA905C55127DA70307BC827C |
| SHA384 | FFD999DB84E7D26C268AFE317063E8A31015302132928DCBCEC3739A478D630F7B8E17CA33C81EF7C3FE3773DBF99384 |
| SHA512 | A85A5FDB96816A00000118D1196BBBF0E700FB98F5AB1AF2F65DA1F5576C3681E49ACAE07205D700D886A17E3560A39AC0EEC6F0D59C98D12426B3517685D312 |
| SSDEEP | 192:68s/6sTMXR1TpTVls91biSHNXyYl9nWb6W5y:k61XRppw7XNXHWb6W5 |
Signature
- Status: The file C:\windows\SysWOW64\HOSTNAME.EXE is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: hostname.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
Possible Misuse
The following table contains possible examples of HOSTNAME.EXE being misused. While HOSTNAME.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | apt_silence_downloader_v3.yml | - '\hostname.exe' |
DRL 1.0 |
| sigma | proc_creation_win_multiple_suspicious_cli.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_commands_recon_activity.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_hostname.yml | Image\|endswith: \HOSTNAME.EXE |
DRL 1.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
hostname
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays the host name portion of the full computer name of the computer.
[!IMPORTANT] This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network.
Syntax
hostname
Parameters
| Parameter | Description |
|---|---|
| /? | Displays help at the command prompt. |
Any parameter different than /? produces an error message and sets the errorlevel to 1.
Notes
- Environment variable
%COMPUTERNAME%usually will print the same string ashostname, but in uppercase. - If environment variable
_CLUSTER_NETWORK_NAME_is defined,hostnamewill print its value.
Examples
- To display the name of the computer, type:
hostname
- To display the name of the computer in uppercase:
echo %COMPUTERNAME%
- To alter the hostname output:
set "_CLUSTER_NETWORK_NAME_=Altered Computer Name"
hostname
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.