javaw.exe

  • File Path: C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\javaw.exe
  • Description: OpenJDK Platform binary

Screenshot

javaw.exe

Hashes

Type Hash
MD5 7092B30DB438E77CC22951366F17DCA3
SHA1 EC2561C389F1B93CE22C416BAC345EFD0CB29AE5
SHA256 D4A5DDECB92F8D15AC5ED2AEAD4DC717A1BE7D3F8C37A2912763B39EB0E8817E
SHA384 7F09AEA46D56C3D11692A94FE55AFB3E0C1241B1C3D6EFE8B0277BFC2CE6D710EC270088C10854934BB7741D816802EB
SHA512 1EAAE2275F7D42481E1EB30C835BDAC9288A2328A579A62274EA463A31615DC2758B5A15184FC72F0DB138F36211C3EC1264BC80E987465DAB1DF7F18540DEB8
SSDEEP 3072:lI1xqku6rM2slnAhcJzEPZAHQMbQa24TBfXS47k/IXatGXP:lIM6HslzJAPZAHQWV24TBv7k/dmP

Runtime Data

Usage (stderr):

Usage: javaw [-options] class [args...]
           (to execute a class)
   or  javaw [-options] -jar jarfile [args...]
           (to execute a jar file)
where options include:
    -d32	  use a 32-bit data model if available
    -d64	  use a 64-bit data model if available
    -server	  to select the "server" VM
    -client	  is a synonym for the "server" VM  [deprecated]
                  The default VM is server.

    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
                  A ; separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -D<name>=<value>
                  set a system property
    -verbose:[class|gc|jni]
                  enable verbose output
    -version      print product version and exit
    -version:<value>
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  require the specified version to run
    -showversion  print product version and continue
    -jre-restrict-search | -no-jre-restrict-search
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  include/exclude user private JREs in the version search
    -? -help      print this help message
    -X            print help on non-standard options
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:hprof
                  see also, -agentlib:jdwp=help and -agentlib:hprof=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.

Window Title:

Java Virtual Machine Launcher

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Users\user\Documents File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2 File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme4048709601 Section
\Windows\Theme603176458 Section

Loaded Modules:

Path
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\javaw.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: javaw.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\jre\bin\javaw.exe 96
C:\program files (x86)\Amazon Corretto\jre8\bin\javaw.exe 96

Possible Misuse

The following table contains possible examples of javaw.exe being misused. While javaw.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma proc_creation_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma registry_event_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.