jshell.exe

File Path: C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jshell.exe
Description: OpenJDK Platform binary

Hashes

Type	Hash
MD5	`2DBEA6AB20129B0362A8485BD5218AB4`
SHA1	`D2F6D3090C2B91F559ACAE764F59CB9A81A8A8BA`
SHA256	`5ACDDA548947E30E7C3A5341CD6546AE4BCC5C397BDEB7ACBCB7049E4D98C899`
SHA384	`362D03C4A49115263608238E0A92B64BB46DDF867CDE605A71E1522A7E58EEB1786DD0E6F280A3DA88DB6327AC965E18`
SHA512	`B7B75D62F348ABD58C428F73097645C48E20BA0F3BF0A9241495BC223CB09604A093D3E9F953874DF183ED6111D63DA2E563CE30F9C693A43F7FF08374040C9B`
SSDEEP	`384:KbbdNt3Sys8XBbFAg5A28K6jSmPkUwDgf2hXCh:cu4VFAg50KgzkzUf2hXCh`

Runtime Data

Usage (stdout):

Usage:   jshell <option>... <load-file>...
where possible options include:
    --class-path <path>   Specify where to find user class files
    --module-path <path>  Specify where to find application modules
    --add-modules <module>(,<module>)*
                          Specify modules to resolve, or all modules on the
                            module path if <module> is ALL-MODULE-PATHs
    --enable-preview      Allow code to depend on preview features of this release
    --startup <file>      One run replacement for the startup definitions
    --no-startup          Do not run the startup definitions
    --feedback <mode>     Specify the initial feedback mode. The mode may be
                            predefined (silent, concise, normal, or verbose) or
                            previously user-defined
    -q                    Quiet feedback.  Same as: --feedback concise
    -s                    Really quiet feedback.  Same as: --feedback silent
    -v                    Verbose feedback.  Same as: --feedback verbose
    -J<flag>              Pass <flag> directly to the runtime system.
                            Use one -J for each runtime flag or flag argument
    -R<flag>              Pass <flag> to the remote runtime system.
                            Use one -R for each remote flag or flag argument
    -C<flag>              Pass <flag> to the compiler.
                            Use one -C for each compiler flag or flag argument
    --version             Print version information and exit
    --show-version        Print version information and continue
    --help, -?, -h        Print this synopsis of standard options and exit
    --help-extra, -X      Print help on non-standard options and exit

A file argument may be a file name, or one of the predefined file names: DEFAULT,
PRINTING, or JAVASE.
A load-file may also be "-" to indicate standard input, without interactive I/O.

For more information on the evaluation context options (--class-path,
--module-path, and --add-modules) see:
	/help context

A path lists the directories and archives to search. For Windows, use a
semicolon (;) to separate items in the path. On other platforms, use a
colon (:) to separate items.

Usage (stderr):

File 'help' for 'jshell' is not found.

Child Processes:

conhost.exe java.exe

Open Handles:

Path	Type
(R-D) C:\Users\user\AppData\Local\Temp\hsperfdata_user\3284	File
(R-D) C:\Windows\System32\en-US\kernel32.dll.mui	File
(RW-) C:\Program Files\Amazon Corretto\jdk11.0.8_10\lib\modules	File
(RW-) C:\Users\user\Documents	File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec	File
(RWD) C:\Program Files\Amazon Corretto\jdk11.0.8_10\lib\modules	File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section
\Sessions\1\BaseNamedObjects\hsperfdata_user_3284	Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters	Section

Loaded Modules:

Path
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jshell.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

Status: Signature verified.
Serial: 2F83C35B5136353D68CE9EB669FD1B0B
Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

Original Filename: jshell.exe
Product Name: OpenJDK Platform 11
Company Name: Amazon.com Inc.
File Version: 11.0.8
Product Version: 11.0.8
Language: Language Neutral

File Similarity (ssdeep match)

File	Score
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jarsigner.exe	43
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jdb.exe	38
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jdeprscan.exe	46
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jhsdb.exe	40
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jshell.exe	54
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\keytool.exe	44
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\pack200.exe	40
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\rmiregistry.exe	40
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\serialver.exe	44
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\keytool.exe	43
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\pack200.exe	40
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\rmiregistry.exe	41
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jarsigner.exe	57
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jdb.exe	57
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jdeprscan.exe	57
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jhsdb.exe	63
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\keytool.exe	63
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\pack200.exe	58
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\rmiregistry.exe	61
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\serialver.exe	63

Possible Misuse

The following table contains possible examples of jshell.exe being misused. While jshell.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
signature-base	thor-webshells.yar	description = “Web Shell - file jshell.jsp”	CC BY-NC 4.0