HOSTNAME.EXE
- File Path:
C:\WINDOWS\SysWOW64\HOSTNAME.EXE - Description: Hostname APP
Hashes
| Type | Hash |
|---|---|
| MD5 | DE8182A97CDC78B2363923EDF2674768 |
| SHA1 | 995A147AA4FD5B15F8F0DEA631FF75CF9F2AA375 |
| SHA256 | 4411072B3153B90D45E368710E672992C7909F4D20AB1BAA6F0DD02C3821D2A1 |
| SHA384 | 339B14E44461DE22506D9698066F0AE72AAA4B847BB30A2BA232CBA3D527AEC589100D7D8CE2EB104C116EF840D8FFE4 |
| SHA512 | 3BDBAFE9169A0906E942D5C5EF77082FBCDACB93165A481A338554EF014B03BBB6F50B6636DAD8EF3183B479AD52F976EDBA4C6B64A755608101DF00D9CE8E46 |
| SSDEEP | 192:cmpQ5zhNb6T5dpvksk4lvXGgkwGQf0VjwrWG6WLfQ:zpQdDb6T5dBlvf7kVYWG6Wr |
| IMP | A4063DB4A815F52872CED059021A8B79 |
| PESHA1 | 83EBC0792CE349C9DF160A69B7EA606382D3320A |
| PE256 | 65A0F5FC456B745DF6B4073E74AAE9AB1F67B68E13D3D252A8332F5FE424F682 |
Runtime Data
Usage (stdout):
Prints the name of the current host.
hostname
Usage (stderr):
sethostname: Use the Network Control Panel Applet to set hostname.
hostname -s is not supported.
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\wow64.dll |
| C:\WINDOWS\System32\wow64base.dll |
| C:\WINDOWS\System32\wow64con.dll |
| C:\WINDOWS\System32\wow64cpu.dll |
| C:\WINDOWS\System32\wow64win.dll |
| C:\WINDOWS\SysWOW64\HOSTNAME.EXE |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: hostname.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/4411072b3153b90d45e368710e672992c7909f4d20ab1baa6f0dd02c3821d2a1/detection
Possible Misuse
The following table contains possible examples of HOSTNAME.EXE being misused. While HOSTNAME.EXE is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | apt_silence_downloader_v3.yml | - '\hostname.exe' |
DRL 1.0 |
| sigma | proc_creation_win_multiple_suspicious_cli.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_commands_recon_activity.yml | - hostname.exe |
DRL 1.0 |
| sigma | proc_creation_win_susp_hostname.yml | Image\|endswith: \HOSTNAME.EXE |
DRL 1.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
hostname
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays the host name portion of the full computer name of the computer.
[!IMPORTANT] This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network.
Syntax
hostname
Parameters
| Parameter | Description |
|---|---|
| /? | Displays help at the command prompt. |
Any parameter different than /? produces an error message and sets the errorlevel to 1.
Notes
- Environment variable
%COMPUTERNAME%usually will print the same string ashostname, but in uppercase. - If environment variable
_CLUSTER_NETWORK_NAME_is defined,hostnamewill print its value.
Examples
- To display the name of the computer, type:
hostname
- To display the name of the computer in uppercase:
echo %COMPUTERNAME%
- To alter the hostname output:
set "_CLUSTER_NETWORK_NAME_=Altered Computer Name"
hostname
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.