java.exe
- File Path:
C:\ProgramData\Oracle\Java\javapath\java.exe - Description: Java(TM) Platform SE binary
Hashes
| Type | Hash |
|---|---|
| MD5 | 6871F6B74CA631B95B6CE1DEEFB487E7 |
| SHA1 | 1453B98681D5E4A93226E6C12D903238636CADA6 |
| SHA256 | 8F957B71C0E38F4F19D02FCA3584B3AB42B434F097B849D289B8B00473961063 |
| SHA384 | C55F593990E3CF660B7E2FF3CA454E01B447A35883A96EB53BADB076E373DD87F1E253308C40A90646D138DEBD9BBECA |
| SHA512 | 4DB080996591EA45F94CBEEC7D844C5DC27CA01BDFF31D1FBC4E04E281637A59EEEA5966E22D207FD6FD7F744D7AECEFEF1861D9649054128BFCBB458B6D99C0 |
| SSDEEP | 3072:CQ4Hdi0lKx96kzos9wMD0yRgUdRPu3fKMoTBf3vSjZqMN8YiYkwc:349S6DsStyaUddu3yMoTBevRXhc |
Runtime Data
Usage (stderr):
Error: opening registry key 'Software\JavaSoft\Java Runtime Environment'
Error: could not find java.dll
Error: Could not find Java SE Runtime Environment.
Signature
- Status: Signature verified.
- Serial:
12F0277E0F233B39F9419B06E8CDE352 - Thumbprint:
3B75816D15A6D8F4598E9CF5603F1839EE84D73D - Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
- Subject: CN=”Oracle America, Inc.”, OU=Code Signing Bureau, O=”Oracle America, Inc.”, L=Redwood Shores, S=California, C=US
File Metadata
- Original Filename: java.exe
- Product Name: Java(TM) Platform SE 8
- Company Name: Oracle Corporation
- File Version: 8.0.1710.11
- Product Version: 8.0.1710.11
- Language: Language Neutral
- Legal Copyright: Copyright 2018
Possible Misuse
The following table contains possible examples of java.exe being misused. While java.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_apt_greenbug_may20.yml | - '\programdata\oracle\java.exe' |
DRL 1.0 |
| sigma | proc_creation_win_atlassian_confluence_cve_2021_26084_exploit.yml | ParentImage\|endswith: '\Atlassian\Confluence\jre\bin\java.exe' |
DRL 1.0 |
| sigma | proc_creation_win_exploit_cve_2020_10189.yml | ParentImage\|endswith: 'DesktopCentral_Server\jre\bin\java.exe' |
DRL 1.0 |
| sigma | proc_creation_win_shell_spawn_by_java.yml | ParentImage\|endswith: '\java.exe' |
DRL 1.0 |
| sigma | proc_creation_win_susp_shell_spawn_by_java.yml | ParentImage\|endswith: '\java.exe' |
DRL 1.0 |
| malware-ioc | nukesped_lazarus | .java.exe``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| signature-base | generic_anomalies.yar | description = “Detects uncommon file size of java.exe” | CC BY-NC 4.0 |
| signature-base | generic_anomalies.yar | and filename == “java.exe” | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.