HOSTNAME.EXE

  • File Path: C:\Windows\SysWOW64\HOSTNAME.EXE
  • Description: Hostname APP

Hashes

Type Hash
MD5 B1C51FED46434CF91E65C7B605F8EF3A
SHA1 AFAD449EA0F14299847B6CE341105F728DBDB311
SHA256 379CBA8D0A1288E316126AC75A354C03BE76A61EAD6BD5EC6C72ED7DA3DC49D9
SHA384 475204C5B2452057D07A3562DA6BEE1A43E897A974F128B53A477FC94ABF73CFA544CB37E08FC4570C3A8540D9A1F2AC
SHA512 32B62D3BAD33C3B13404DF4B4BED5E85F08BAB1D4C45507B414F5484072C62057BDCE9715A174D3F9572CCB89D1672D77A1FF17E4DDE13FB6C0B3F27CBBEB139
SSDEEP 192:pUTjdxfF4UIuIZf121ZWYgbeabxwurWV6WkZX1B:pGdhF4UIuS121gY+bxHWV6Wkp1
IMP 2177BAFF198B6BCDCF56F96FB63DD54C
PESHA1 84225A2D3B1A734372409486ECA03F806752001B
PE256 866252298EA97F376B79B9A75FD82A11CABC23AF97ED6924BF536BB03083DB49

Runtime Data

Usage (stdout):


Prints the name of the current host.

hostname


Usage (stderr):

sethostname: Use the Network Control Panel Applet to set hostname.
hostname -s is not supported.

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\HOSTNAME.EXE

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: hostname.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/379cba8d0a1288e316126ac75a354c03be76a61ead6bd5ec6c72ed7da3dc49d9/detection

Possible Misuse

The following table contains possible examples of HOSTNAME.EXE being misused. While HOSTNAME.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma apt_silence_downloader_v3.yml - '\hostname.exe' DRL 1.0
sigma win_multiple_suspicious_cli.yml - hostname.exe DRL 1.0
sigma win_susp_commands_recon_activity.yml - hostname.exe DRL 1.0

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


hostname

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Displays the host name portion of the full computer name of the computer.

[!IMPORTANT] This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network.

Syntax

hostname

Parameters

| Parameter | Description | | ——- | ——– | | /? | Displays help at the command prompt. |

Examples

To display the name of the computer, type:

hostname

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.