javaw.exe

  • File Path: C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
  • Description: OpenJDK Platform binary

Screenshot

javaw.exe

Hashes

Type Hash
MD5 6CE5BDFF0E2F280B0A270ECD1AC31E68
SHA1 05D119C794BEF2562CC813839EF752CC93AAC629
SHA256 5A45954D71C21BA99F526F338EF57609AFB3A4DD3ECFDA73356192417AB35C45
SHA384 A73480C39E3C01601F5CE27DF27AF63F1F49F61626BE392AB856638132D37CF650B9D242DAC085FC63FEEB9E2B6E1C21
SHA512 B7259894019C1725F55925B0816E8706AE2F3EEAE471F7A937D499D9C5BA7B556A382495D36FAA14191BCD3D7EDB03FADE19E1375C254EC9BDD4A164F412AD53
SSDEEP 3072:T3TGsys5uIoBvxIAt5dOu7aq2WeCuXbvHXbz3JW7WvIgWpBFFAwZNTBfAO2VT7k1:PJJuIfIrvAwZNTB47k/i0SAl

Runtime Data

Usage (stderr):

Usage: javaw [-options] class [args...]
           (to execute a class)
   or  javaw [-options] -jar jarfile [args...]
           (to execute a jar file)
where options include:
    -d32	  use a 32-bit data model if available
    -d64	  use a 64-bit data model if available
    -client	  to select the "client" VM
    -server	  to select the "server" VM
                  The default VM is client.

    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
                  A ; separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -D<name>=<value>
                  set a system property
    -verbose:[class|gc|jni]
                  enable verbose output
    -version      print product version and exit
    -version:<value>
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  require the specified version to run
    -showversion  print product version and continue
    -jre-restrict-search | -no-jre-restrict-search
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  include/exclude user private JREs in the version search
    -? -help      print this help message
    -X            print help on non-standard options
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:hprof
                  see also, -agentlib:jdwp=help and -agentlib:hprof=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.

Window Title:

Java Virtual Machine Launcher

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Users\user\Documents File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2 File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme4048709601 Section
\Windows\Theme603176458 Section

Loaded Modules:

Path
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 0F8CE162B26B70AE59D17A0B2A93AB3A
  • Thumbprint: 0180ED75D6615415E4D6C6C217613B4134F5745E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=London Jamocha Community CIC, O=London Jamocha Community CIC, L=London, C=GB

File Metadata

  • Original Filename: javaw.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: AdoptOpenJDK
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin\java.exe 54
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin\javaw.exe 97
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\java.exe 54
C:\program files (x86)\AdoptOpenJDK\jre-8.0.265.01-hotspot\bin\java.exe 54
C:\program files (x86)\AdoptOpenJDK\jre-8.0.265.01-hotspot\bin\javaw.exe 97

Possible Misuse

The following table contains possible examples of javaw.exe being misused. While javaw.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma proc_creation_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma registry_event_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.