javaw.exe

  • File Path: C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javaw.exe
  • Description: OpenJDK Platform binary

Screenshot

javaw.exe

Hashes

Type Hash
MD5 90F24A09E4D9808A419F8266C2B186CB
SHA1 B62B38BFD58FD589387A47CA681ECFED88E15B84
SHA256 68CC958D0F9713A9DCB22C7B02AF50F408F2ECBCAE6F9043E0F980A9515E486C
SHA384 8E2C47C18208CD9B41939192D96596F4518686AD6736CD40EB4318448AEFA8420FA837964B3B0E615CB6409C0AB812F7
SHA512 844C1864B2373C89537A49090F95E7C3F4AE9F494A2B2A655F6261D2B783F050AEF36F534E236BF7B38144B63C13F4C7712A30CF1B2F721B7ACAD1D2989E50C2
SSDEEP 3072:RvlwQRPjjSVp8fdK1hGThdIu4w8x2/dm3FmcX0TBf7Fx6fXQ57k/IXuh:nwQjOSfIGTh54x2/dm3cw0TBCY57k/th
IMP 2D6F4E096A2D15D4349A455F88E1F66E
PESHA1 A4A761E8DE6543AB571474FA0B6AC4423C30EFA2
PE256 699F683C31A29F65BA3B8B0E40DD64ACACA8B115BE0FA485343ACBAF39051938

Runtime Data

Usage (stderr):

Usage: javaw [-options] class [args...]
           (to execute a class)
   or  javaw [-options] -jar jarfile [args...]
           (to execute a jar file)
where options include:
    -d32	  use a 32-bit data model if available
    -d64	  use a 64-bit data model if available
    -server	  to select the "server" VM
                  The default VM is server.

    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
                  A ; separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -D<name>=<value>
                  set a system property
    -verbose:[class|gc|jni]
                  enable verbose output
    -version      print product version and exit
    -version:<value>
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  require the specified version to run
    -showversion  print product version and continue
    -jre-restrict-search | -no-jre-restrict-search
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  include/exclude user private JREs in the version search
    -? -help      print this help message
    -X            print help on non-standard options
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:hprof
                  see also, -agentlib:jdwp=help and -agentlib:hprof=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.

Window Title:

Java Virtual Machine Launcher

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 File
(RW-) C:\xCyclopedia File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme2547664911 Section
\Windows\Theme3854699184 Section

Loaded Modules:

Path
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javaw.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: javaw.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/68cc958d0f9713a9dcb22c7b02af50f408f2ecbcae6f9043e0f980a9515e486c/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\javaw.exe 97
C:\Program Files\Amazon Corretto\jre8\bin\javaw.exe 97

Possible Misuse

The following table contains possible examples of javaw.exe being misused. While javaw.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma proc_creation_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma registry_event_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.