HOSTNAME.EXE
- File Path:
C:\Windows\SysWOW64\HOSTNAME.EXE - Description: Hostname APP
Hashes
| Type | Hash |
|---|---|
| MD5 | B1C51FED46434CF91E65C7B605F8EF3A |
| SHA1 | AFAD449EA0F14299847B6CE341105F728DBDB311 |
| SHA256 | 379CBA8D0A1288E316126AC75A354C03BE76A61EAD6BD5EC6C72ED7DA3DC49D9 |
| SHA384 | 475204C5B2452057D07A3562DA6BEE1A43E897A974F128B53A477FC94ABF73CFA544CB37E08FC4570C3A8540D9A1F2AC |
| SHA512 | 32B62D3BAD33C3B13404DF4B4BED5E85F08BAB1D4C45507B414F5484072C62057BDCE9715A174D3F9572CCB89D1672D77A1FF17E4DDE13FB6C0B3F27CBBEB139 |
| SSDEEP | 192:pUTjdxfF4UIuIZf121ZWYgbeabxwurWV6WkZX1B:pGdhF4UIuS121gY+bxHWV6Wkp1 |
| IMP | 2177BAFF198B6BCDCF56F96FB63DD54C |
| PESHA1 | 84225A2D3B1A734372409486ECA03F806752001B |
| PE256 | 866252298EA97F376B79B9A75FD82A11CABC23AF97ED6924BF536BB03083DB49 |
Runtime Data
Usage (stdout):
Prints the name of the current host.
hostname
Usage (stderr):
sethostname: Use the Network Control Panel Applet to set hostname.
hostname -s is not supported.
Loaded Modules:
| Path |
|---|
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\HOSTNAME.EXE |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: hostname.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/75
- VirusTotal Link: https://www.virustotal.com/gui/file/379cba8d0a1288e316126ac75a354c03be76a61ead6bd5ec6c72ed7da3dc49d9/detection
Possible Misuse
The following table contains possible examples of HOSTNAME.EXE being misused. While HOSTNAME.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | apt_silence_downloader_v3.yml | - '\hostname.exe' |
DRL 1.0 |
| sigma | proc_creation_win_multiple_suspicious_cli.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_commands_recon_activity.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_hostname.yml | Image\|endswith: \HOSTNAME.EXE |
DRL 1.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
hostname
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays the host name portion of the full computer name of the computer.
[!IMPORTANT] This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network.
Syntax
hostname
Parameters
| Parameter | Description |
|---|---|
| /? | Displays help at the command prompt. |
Any parameter different than /? produces an error message and sets the errorlevel to 1.
Notes
- Environment variable
%COMPUTERNAME%usually will print the same string ashostname, but in uppercase. - If environment variable
_CLUSTER_NETWORK_NAME_is defined,hostnamewill print its value.
Examples
- To display the name of the computer, type:
hostname
- To display the name of the computer in uppercase:
echo %COMPUTERNAME%
- To alter the hostname output:
set "_CLUSTER_NETWORK_NAME_=Altered Computer Name"
hostname
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.