java.exe

  • File Path: C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\java.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 415FE375F2BC0114CE6F34AEC91D1D10
SHA1 F2FDAE3281E8FA0DB534D978537A64F9A26049B4
SHA256 E3AB92350148A72FF568F790B42660251B2CC3B2A3976821C3D636B5A3B76FE0
SHA384 7E8E0207AE5D37F3890390F4331D1905F21089DFBA568BE46D4490AA0A2B74B73AECF7C4B256BC3EB5A1AA8B3F8D5BF9
SHA512 4D85C32BAE0A97D992CFAA1A7B529FB70C548C0CF9C407804AD9E7831CD2E29516C3715CEE8D79CBFE989F550D0D19E28C5BAFA0B03B5320411A9EB44F8CDDA6
SSDEEP 3072:eeHm9nIIhfzMz+St5dOu7aq2WeCuXbvHXbz3DVIQuB6e+peARB9M5ZNTBfAO8VcK:HtIK6RXB9M5ZNTBN7k/P7/z

Runtime Data

Usage (stderr):

Usage: java [-options] class [args...]
           (to execute a class)
   or  java [-options] -jar jarfile [args...]
           (to execute a jar file)
where options include:
    -d32	  use a 32-bit data model if available
    -d64	  use a 64-bit data model if available
    -client	  to select the "client" VM
    -server	  to select the "server" VM
                  The default VM is client.

    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
                  A ; separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -D<name>=<value>
                  set a system property
    -verbose:[class|gc|jni]
                  enable verbose output
    -version      print product version and exit
    -version:<value>
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  require the specified version to run
    -showversion  print product version and continue
    -jre-restrict-search | -no-jre-restrict-search
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  include/exclude user private JREs in the version search
    -? -help      print this help message
    -X            print help on non-standard options
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:hprof
                  see also, -agentlib:jdwp=help and -agentlib:hprof=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.

Loaded Modules:

Path
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\java.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 0F8CE162B26B70AE59D17A0B2A93AB3A
  • Thumbprint: 0180ED75D6615415E4D6C6C217613B4134F5745E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=London Jamocha Community CIC, O=London Jamocha Community CIC, L=London, C=GB

File Metadata

  • Original Filename: java.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: AdoptOpenJDK
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin\java.exe 97
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin\javaw.exe 54
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe 54
C:\program files (x86)\AdoptOpenJDK\jre-8.0.265.01-hotspot\bin\java.exe 97
C:\program files (x86)\AdoptOpenJDK\jre-8.0.265.01-hotspot\bin\javaw.exe 54

Possible Misuse

The following table contains possible examples of java.exe being misused. While java.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_greenbug_may20.yml - '\programdata\oracle\java.exe' DRL 1.0
sigma proc_creation_win_atlassian_confluence_cve_2021_26084_exploit.yml ParentImage\|endswith: '\Atlassian\Confluence\jre\bin\java.exe' DRL 1.0
sigma proc_creation_win_exploit_cve_2020_10189.yml ParentImage\|endswith: 'DesktopCentral_Server\jre\bin\java.exe' DRL 1.0
sigma proc_creation_win_shell_spawn_by_java.yml ParentImage\|endswith: '\java.exe' DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java.yml ParentImage\|endswith: '\java.exe' DRL 1.0
malware-ioc nukesped_lazarus .java.exe``{:.highlight .language-cmhg} © ESET 2014-2018
signature-base generic_anomalies.yar description = “Detects uncommon file size of java.exe” CC BY-NC 4.0
signature-base generic_anomalies.yar and filename == “java.exe” CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.