uname.exe
- File Path:
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\uname.exe
Hashes
| Type | Hash |
|---|---|
| MD5 | 9A2328159D98795DF5474D3C34DFAAB0 |
| SHA1 | 464A20350729CA1A64F7AF59C7E5E44C50D6DA75 |
| SHA256 | C83722329B8C0C44CBFB9521409594F544844DE88A40E5156E786E91454CD1E0 |
| SHA384 | C8C8DD7007B73AE8C277F23122F2FF6F64A25010AD9F6A39ACB0BD946477BC03C60984B583E281B41AA92BADCF35B3E3 |
| SHA512 | DC0E48E6DC749BB3F25EB8DE3A5631AE33CE9FA0E556500E1D8300B21CB8BF06BF7A4528A0AEC0184B5E1552E54AC948918B097D73980FDED40ECCBAC25AB5CA |
| SSDEEP | 768:54fIzyMWXZ7Wmm7vUYzLKELNiqboEmWsFMqDGAUf2ht:sIpWXNRRWsFMeUfo |
Runtime Data
Usage (stdout):
Usage: /usr/bin/uname [OPTION]...
Print certain system information. With no OPTION, same as -s.
-a, --all print all information, in the following order,
except omit -p and -i if unknown:
-s, --kernel-name print the kernel name
-n, --nodename print the network node hostname
-r, --kernel-release print the kernel release
-v, --kernel-version print the kernel version
-m, --machine print the machine hardware name
-p, --processor print the processor type (non-portable)
-i, --hardware-platform print the hardware platform (non-portable)
-o, --operating-system print the operating system
--help display this help and exit
--version output version information and exit
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>
Full documentation <https://www.gnu.org/software/coreutils/uname>
or available locally via: info '(coreutils) uname invocation'
Usage (stderr):
/usr/bin/uname: extra operand 'help'
Try '/usr/bin/uname --help' for more information.
Loaded Modules:
| Path |
|---|
| C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\uname.exe |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
045D8F14A82147641722D4FAFC66BC80 - Thumbprint:
FB713A60A7FA79DFC03CB301CA05D4E8C1BDD431 - Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
- Subject: CN=”GitHub, Inc.”, O=”GitHub, Inc.”, L=San Francisco, S=California, C=US
File Metadata
- Original Filename:
- Product Name:
- Company Name:
- File Version:
- Product Version:
- Language:
- Legal Copyright:
Possible Misuse
The following table contains possible examples of uname.exe being misused. While uname.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | lnx_auditd_system_info_discovery.yml | - uname |
DRL 1.0 |
| sigma | lnx_shell_priv_esc_prep.yml | - 'uname -a' |
DRL 1.0 |
| sigma | lnx_shell_priv_esc_prep.yml | - 'uname -mrs' |
DRL 1.0 |
| sigma | lnx_shell_susp_rev_shells.yml | - 'uname -a; w; id; /bin/bash -i' |
DRL 1.0 |
| sigma | proc_creation_lnx_system_info_discovery.yml | - '/uname' |
DRL 1.0 |
| sigma | proc_creation_lnx_webshell_detection.yml | - '/bin/uname' |
DRL 1.0 |
| atomic-red-team | T1014.md | sudo rm /lib/modules/$(uname -r)/#{rootkit_name}.ko | MIT License. © 2018 Red Canary |
| atomic-red-team | T1014.md | if [ -f /lib/modules/$(uname -r)/#{rootkit_name}.ko ]; then exit 0; else exit 1; fi; | MIT License. © 2018 Red Canary |
| atomic-red-team | T1014.md | sudo cp #{temp_folder}/#{rootkit_name}.ko /lib/modules/$(uname -r)/ | MIT License. © 2018 Red Canary |
| atomic-red-team | T1082.md | uname -a » #{output_file} | MIT License. © 2018 Red Canary |
| atomic-red-team | T1204.002.md | | uname | Username for pathing | String | $env:Username| | MIT License. © 2018 Red Canary |
| atomic-red-team | T1204.002.md | if (“#{uname}” -ne “”) { | MIT License. © 2018 Red Canary |
| atomic-red-team | T1204.002.md | $sheet.Cells.Item(1,1) = “#{uname}” | MIT License. © 2018 Red Canary |
| atomic-red-team | T1609.md | | command | Command to run | String | uname| | MIT License. © 2018 Red Canary |
| signature-base | apt_apt41.yar | $s3 = “uname -v” ascii fullword | CC BY-NC 4.0 |
| signature-base | apt_apt41.yar | $s4 = “uname -s” ascii fullword | CC BY-NC 4.0 |
| signature-base | apt_derusbi.yar | $cmd = “unset LS_OPTIONS;uname -a” | CC BY-NC 4.0 |
| signature-base | apt_laudanum_webshells.yar | $s7 = “$shell = ‘uname -a; w; id; /bin/sh -i’;” fullword ascii /* PEStudio Blacklist: strings */ | CC BY-NC 4.0 |
| signature-base | apt_turbo_campaign.yar | $b4 = “uname -a\n\n” wide ascii | CC BY-NC 4.0 |
| signature-base | thor-webshells.yar | $s3 = “if ((!$_POST[‘cmd’]) || ($_POST[‘cmd’]=="")) { $_POST[‘cmd’]="id;pwd;uname -a” | CC BY-NC 4.0 |
| signature-base | thor-webshells.yar | $s2 = “echo $uname."</font> ";” fullword |
CC BY-NC 4.0 |
| signature-base | thor-webshells.yar | $s16 = “$uname = posix_uname( );” fullword | CC BY-NC 4.0 |
| signature-base | thor-webshells.yar | $s14 = “print "<tr><td>System type:</td><td>$UName</td></tr>";” fullword | CC BY-NC 4.0 |
| signature-base | thor-webshells.yar | $s4 = “if ((!$_POST[‘cmd’]) || ($_POST[‘cmd’]=="")) { $_POST[‘cmd’]="id;pwd;uname -a” | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.