java.exe

  • File Path: C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\java.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 D36757DCE912D160CA59090F1B3A5409
SHA1 6005E02F083D70BA8EA2FC1E1A8CFB7B7A1F35D9
SHA256 78BD4E4EFFFACE488DB69BB61F4C7CC5B2A0035B3A8FD9967DB445FCAFA22E40
SHA384 75FBB2ABA3B952CDE39434F55607A615CBDEFB289E6B7373B3D84E8A91522419C95B2AEEDF6106DBCCE877DC0F78F694
SHA512 2D36E5F29E27A3C128FE091EC5E62A0941C541E728A054D808904DAEF4AB56EF4AEC51EB42C6A3A25B9314B62876F1726372F9AAA511A34BE99F96CEF47CBF02
SSDEEP 768:jkwnlFPM5R2TyJ5R3s8D/bkt5Ruz3Vb3MI5BQ8DGJ:4wnTM5RdJ5R3sozkt5RA3MI5Kx

Runtime Data

Usage (stdout):

Usage: java [options] <mainclass> [args...]
           (to execute a class)
   or  java [options] -jar <jarfile> [args...]
           (to execute a jar file)
   or  java [options] -m <module>[/<mainclass>] [args...]
       java [options] --module <module>[/<mainclass>] [args...]
           (to execute the main class in a module)
   or  java [options] <sourcefile> [args]
           (to execute a single source-file program)

 Arguments following the main class, source file, -jar <jarfile>,
 -m or --module <module>/<mainclass> are passed as the arguments to
 main class.

 where options include:

    -client	  to select the "client" VM
    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
    --class-path <class search path of directories and zip/jar files>
                  A ; separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -p <module path>
    --module-path <module path>...
                  A ; separated list of directories, each directory
                  is a directory of modules.
    --upgrade-module-path <module path>...
                  A ; separated list of directories, each directory
                  is a directory of modules that replace upgradeable
                  modules in the runtime image
    --add-modules <module name>[,<module name>...]
                  root modules to resolve in addition to the initial module.
                  <module name> can also be ALL-DEFAULT, ALL-SYSTEM,
                  ALL-MODULE-PATH.
    --list-modules
                  list observable modules and exit
    -d <module name>
    --describe-module <module name>
                  describe a module and exit
    --dry-run     create VM and load main class but do not execute main method.
                  The --dry-run option may be useful for validating the
                  command-line options such as the module system configuration.
    --validate-modules
                  validate all modules and exit
                  The --validate-modules option may be useful for finding
                  conflicts and other errors with modules on the module path.
    -D<name>=<value>
                  set a system property
    -verbose:[class|module|gc|jni]
                  enable verbose output
    -version      print product version to the error stream and exit
    --version     print product version to the output stream and exit
    -showversion  print product version to the error stream and continue
    --show-version
                  print product version to the output stream and continue
    --show-module-resolution
                  show module resolution output during startup
    -? -h -help
                  print this help message to the error stream
    --help        print this help message to the output stream
    -X            print help on extra options to the error stream
    --help-extra  print help on extra options to the output stream
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:jdwp
                  see also -agentlib:jdwp=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
                  HiDPI scaled images are automatically supported and used
                  if available. The unscaled image filename, e.g. image.ext,
                  should always be passed as the argument to the -splash option.
                  The most appropriate scaled image provided will be picked up
                  automatically.
                  See the SplashScreen API documentation for more information
    @argument files
                  one or more argument files containing options
    -disable-@files
                  prevent further argument file expansion
    --enable-preview
                  allow classes to depend on preview features of this release
To specify an argument for a long option, you can use --<name>=<value> or
--<name> <value>.


Usage (stderr):

Usage: java [options] <mainclass> [args...]
           (to execute a class)
   or  java [options] -jar <jarfile> [args...]
           (to execute a jar file)
   or  java [options] -m <module>[/<mainclass>] [args...]
       java [options] --module <module>[/<mainclass>] [args...]
           (to execute the main class in a module)
   or  java [options] <sourcefile> [args]
           (to execute a single source-file program)

 Arguments following the main class, source file, -jar <jarfile>,
 -m or --module <module>/<mainclass> are passed as the arguments to
 main class.

 where options include:

    -client	  to select the "client" VM
    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
    --class-path <class search path of directories and zip/jar files>
                  A ; separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -p <module path>
    --module-path <module path>...
                  A ; separated list of directories, each directory
                  is a directory of modules.
    --upgrade-module-path <module path>...
                  A ; separated list of directories, each directory
                  is a directory of modules that replace upgradeable
                  modules in the runtime image
    --add-modules <module name>[,<module name>...]
                  root modules to resolve in addition to the initial module.
                  <module name> can also be ALL-DEFAULT, ALL-SYSTEM,
                  ALL-MODULE-PATH.
    --list-modules
                  list observable modules and exit
    -d <module name>
    --describe-module <module name>
                  describe a module and exit
    --dry-run     create VM and load main class but do not execute main method.
                  The --dry-run option may be useful for validating the
                  command-line options such as the module system configuration.
    --validate-modules
                  validate all modules and exit
                  The --validate-modules option may be useful for finding
                  conflicts and other errors with modules on the module path.
    -D<name>=<value>
                  set a system property
    -verbose:[class|module|gc|jni]
                  enable verbose output
    -version      print product version to the error stream and exit
    --version     print product version to the output stream and exit
    -showversion  print product version to the error stream and continue
    --show-version
                  print product version to the output stream and continue
    --show-module-resolution
                  show module resolution output during startup
    -? -h -help
                  print this help message to the error stream
    --help        print this help message to the output stream
    -X            print help on extra options to the error stream
    --help-extra  print help on extra options to the output stream
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:jdwp
                  see also -agentlib:jdwp=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
                  HiDPI scaled images are automatically supported and used
                  if available. The unscaled image filename, e.g. image.ext,
                  should always be passed as the argument to the -splash option.
                  The most appropriate scaled image provided will be picked up
                  automatically.
                  See the SplashScreen API documentation for more information
    @argument files
                  one or more argument files containing options
    -disable-@files
                  prevent further argument file expansion
    --enable-preview
                  allow classes to depend on preview features of this release
To specify an argument for a long option, you can use --<name>=<value> or
--<name> <value>.


Loaded Modules:

Path
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\java.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 0F8CE162B26B70AE59D17A0B2A93AB3A
  • Thumbprint: 0180ED75D6615415E4D6C6C217613B4134F5745E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=London Jamocha Community CIC, O=London Jamocha Community CIC, L=London, C=GB

File Metadata

  • Original Filename: java.exe
  • Product Name: OpenJDK Platform 11
  • Company Name: AdoptOpenJDK
  • File Version: 11.0.8
  • Product Version: 11.0.8
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\java.exe 94
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\javaw.exe 77
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\javaw.exe 77
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\java.exe 77
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\javaw.exe 69

Possible Misuse

The following table contains possible examples of java.exe being misused. While java.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_greenbug_may20.yml - '\programdata\oracle\java.exe' DRL 1.0
sigma proc_creation_win_atlassian_confluence_cve_2021_26084_exploit.yml ParentImage\|endswith: '\Atlassian\Confluence\jre\bin\java.exe' DRL 1.0
sigma proc_creation_win_exploit_cve_2020_10189.yml ParentImage\|endswith: 'DesktopCentral_Server\jre\bin\java.exe' DRL 1.0
sigma proc_creation_win_shell_spawn_by_java.yml ParentImage\|endswith: '\java.exe' DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java.yml ParentImage\|endswith: '\java.exe' DRL 1.0
malware-ioc nukesped_lazarus .java.exe``{:.highlight .language-cmhg} © ESET 2014-2018
signature-base generic_anomalies.yar description = “Detects uncommon file size of java.exe” CC BY-NC 4.0
signature-base generic_anomalies.yar and filename == “java.exe” CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.