HOSTNAME.EXE
- File Path:
C:\WINDOWS\system32\HOSTNAME.EXE - Description: Hostname APP
Hashes
| Type | Hash |
|---|---|
| MD5 | C549776B73931BFE2CEB78B958F0233E |
| SHA1 | 8A72FCD28AD07096EBDAAA2952C05C27F065C1FB |
| SHA256 | D0F690B8912737C6760095949C0FD30500DD96C35BC28F278BF28D1B5ED4D4C2 |
| SHA384 | 76303FA8B33825033EBF8623743DA1344BD0FB3467802C2EC695D68DCE84889933108A08E46E4D1E5E727CEB0295F636 |
| SHA512 | E3A7ED896DD5BCD4C218834E13EE0AD68308EE2E9ACDD065A4E2BD0B06F054E346AFA326EEC06D526920DD184FD2B7EE64D35AF84D6A46D5141EC03D363A23D9 |
| SSDEEP | 192:aazDYjtzrC7d4lTUbacJBnNWDCxdktBF+l2EEtqwGaaf0VF/CtWG6W:3oNr4d/bVWDe2t29EPJLVyWG6W |
| IMP | 8CB84C534505B1E47EF25FA2CD9A16BB |
| PESHA1 | 8C2BD2FDF90D92EEEE72CB8BB712FF0CCDDDED56 |
| PE256 | D3D0BE2DEBD912E5D4EB0AD7249A8C475997F104441EC827E12F083A8F6ED698 |
Runtime Data
Usage (stdout):
Prints the name of the current host.
hostname
Usage (stderr):
sethostname: Use the Network Control Panel Applet to set hostname.
hostname -s is not supported.
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\system32\HOSTNAME.EXE |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: hostname.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/74
- VirusTotal Link: https://www.virustotal.com/gui/file/d0f690b8912737c6760095949c0fd30500dd96c35bc28f278bf28d1b5ed4d4c2/detection
Possible Misuse
The following table contains possible examples of HOSTNAME.EXE being misused. While HOSTNAME.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | apt_silence_downloader_v3.yml | - '\hostname.exe' |
DRL 1.0 |
| sigma | proc_creation_win_multiple_suspicious_cli.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_commands_recon_activity.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_hostname.yml | Image\|endswith: \HOSTNAME.EXE |
DRL 1.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
hostname
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays the host name portion of the full computer name of the computer.
[!IMPORTANT] This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network.
Syntax
hostname
Parameters
| Parameter | Description |
|---|---|
| /? | Displays help at the command prompt. |
Any parameter different than /? produces an error message and sets the errorlevel to 1.
Notes
- Environment variable
%COMPUTERNAME%usually will print the same string ashostname, but in uppercase. - If environment variable
_CLUSTER_NETWORK_NAME_is defined,hostnamewill print its value.
Examples
- To display the name of the computer, type:
hostname
- To display the name of the computer in uppercase:
echo %COMPUTERNAME%
- To alter the hostname output:
set "_CLUSTER_NETWORK_NAME_=Altered Computer Name"
hostname
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.