HOSTNAME.EXE

  • File Path: C:\WINDOWS\system32\HOSTNAME.EXE
  • Description: Hostname APP

Hashes

Type Hash
MD5 C549776B73931BFE2CEB78B958F0233E
SHA1 8A72FCD28AD07096EBDAAA2952C05C27F065C1FB
SHA256 D0F690B8912737C6760095949C0FD30500DD96C35BC28F278BF28D1B5ED4D4C2
SHA384 76303FA8B33825033EBF8623743DA1344BD0FB3467802C2EC695D68DCE84889933108A08E46E4D1E5E727CEB0295F636
SHA512 E3A7ED896DD5BCD4C218834E13EE0AD68308EE2E9ACDD065A4E2BD0B06F054E346AFA326EEC06D526920DD184FD2B7EE64D35AF84D6A46D5141EC03D363A23D9
SSDEEP 192:aazDYjtzrC7d4lTUbacJBnNWDCxdktBF+l2EEtqwGaaf0VF/CtWG6W:3oNr4d/bVWDe2t29EPJLVyWG6W
IMP 8CB84C534505B1E47EF25FA2CD9A16BB
PESHA1 8C2BD2FDF90D92EEEE72CB8BB712FF0CCDDDED56
PE256 D3D0BE2DEBD912E5D4EB0AD7249A8C475997F104441EC827E12F083A8F6ED698

Runtime Data

Usage (stdout):


Prints the name of the current host.

hostname


Usage (stderr):

sethostname: Use the Network Control Panel Applet to set hostname.
hostname -s is not supported.

Loaded Modules:

Path
C:\WINDOWS\system32\HOSTNAME.EXE
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: hostname.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/d0f690b8912737c6760095949c0fd30500dd96c35bc28f278bf28d1b5ed4d4c2/detection

Possible Misuse

The following table contains possible examples of HOSTNAME.EXE being misused. While HOSTNAME.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma apt_silence_downloader_v3.yml - '\hostname.exe' DRL 1.0
sigma win_multiple_suspicious_cli.yml - hostname.exe DRL 1.0
sigma win_susp_commands_recon_activity.yml - hostname.exe DRL 1.0

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


hostname

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Displays the host name portion of the full computer name of the computer.

[!IMPORTANT] This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network.

Syntax

hostname

Parameters

Parameter Description
/? Displays help at the command prompt.

Any parameter different than /? produces an error message and sets the errorlevel to 1.

Notes

  • Environment variable %COMPUTERNAME% usually will print the same string as hostname, but in uppercase.
  • If environment variable _CLUSTER_NETWORK_NAME_ is defined, hostname will print its value.

Examples

  • To display the name of the computer, type:
hostname
  • To display the name of the computer in uppercase:
echo %COMPUTERNAME%
  • To alter the hostname output:
set "_CLUSTER_NETWORK_NAME_=Altered Computer Name"
hostname

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.