javaw.exe

  • File Path: C:\program files (x86)\AdoptOpenJDK\jre-8.0.265.01-hotspot\bin\javaw.exe
  • Description: OpenJDK Platform binary

Screenshot

javaw.exe

Hashes

Type Hash
MD5 E525F9C4FEAE503CFAE7D6706867A898
SHA1 193C89D245F8F1372C6517DE9A2F976AFB18F421
SHA256 51C181ECA221A3C163B85D2C63B836FDFB1C56627BFD880D1B132C072A839E29
SHA384 35DF2668C3BBDCC971F5FC1A5E56E266F84ED3316B0E71F1348F6D74313919DD1C67E3AEB941C7931EBE2587C74FED62
SHA512 7A0A4C4A78EAE2E8BFDD29C8778811EC91A0A0257DC65C18FE281BE0C22139D9388F75E5D7DC24E13F9C191BF306720F84CA654457E78D3E92E2C5F366438808
SSDEEP 3072:TVTGsys5uIoBvxIAt5dOu7aq2WeCuXbvHXbz3JW7WvIgWpBFFAwZNTBfAO2VT7ki:9JJuIfIrvAwZNTB47k/i0SAS

Runtime Data

Usage (stderr):

Usage: javaw [-options] class [args...]
           (to execute a class)
   or  javaw [-options] -jar jarfile [args...]
           (to execute a jar file)
where options include:
    -d32	  use a 32-bit data model if available
    -d64	  use a 64-bit data model if available
    -client	  to select the "client" VM
    -server	  to select the "server" VM
                  The default VM is client.

    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
                  A ; separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -D<name>=<value>
                  set a system property
    -verbose:[class|gc|jni]
                  enable verbose output
    -version      print product version and exit
    -version:<value>
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  require the specified version to run
    -showversion  print product version and continue
    -jre-restrict-search | -no-jre-restrict-search
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  include/exclude user private JREs in the version search
    -? -help      print this help message
    -X            print help on non-standard options
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:hprof
                  see also, -agentlib:jdwp=help and -agentlib:hprof=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.

Window Title:

Java Virtual Machine Launcher

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Users\user\Documents File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2 File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme4048709601 Section
\Windows\Theme603176458 Section

Loaded Modules:

Path
C:\program files (x86)\AdoptOpenJDK\jre-8.0.265.01-hotspot\bin\javaw.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 0F8CE162B26B70AE59D17A0B2A93AB3A
  • Thumbprint: 0180ED75D6615415E4D6C6C217613B4134F5745E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=London Jamocha Community CIC, O=London Jamocha Community CIC, L=London, C=GB

File Metadata

  • Original Filename: javaw.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: AdoptOpenJDK
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin\java.exe 54
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\bin\javaw.exe 97
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\java.exe 54
C:\program files (x86)\AdoptOpenJDK\jdk-8.0.265.01-hotspot\jre\bin\javaw.exe 97
C:\program files (x86)\AdoptOpenJDK\jre-8.0.265.01-hotspot\bin\java.exe 54

Possible Misuse

The following table contains possible examples of javaw.exe being misused. While javaw.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma proc_creation_win_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0
sigma registry_event_mal_adwind.yml description: Detects javaw.exe in AppData folder as used by Adwind / JRAT DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.