keytool.exe

  • File Path: C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 11D6D617609BB11967748C0EF56B1A04
SHA1 BB323A1A0E9872174EB2785DF1381400F7870603
SHA256 2A62070ABC56682ACBEF12428081EC2381F78ABCAF07F1FC4A575F7B951CCC45
SHA384 D9B81440EB6C27B248699F25AE8F6A7AE9D9D2ACB1D64386A553E368C7BEDDE8171CF911C8A54A93F929F97FC3EFD806
SHA512 2206C0ADDC07A6C09241EA1430F9F0E1B393A79C715FD81065C510E980180E5DD2FD7585E5063F27C2A69EEE41B5335DA014C5743D2368F29329367077FA993E
SSDEEP 384:Gps25hn9qQmSHhV816ee34Sz2K6jSwdsoDgf2h7:GpsInmS/81ne3kKgQoUf2h7

Runtime Data

Usage (stderr):

Illegal option:  help
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Loaded Modules:

Path
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: keytool.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\appletviewer.exe 69
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe 85
C:\program files (x86)\Amazon Corretto\jre8\bin\keytool.exe 88

Possible Misuse

The following table contains possible examples of keytool.exe being misused. While keytool.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml title: Suspicious Shells Spawn by Java Utility Keytool DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml description: Detects suspicious shell spawn from Java utility keytool process (e.g. adselfservice plus exploitation) DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml ParentImage\|endswith: '\keytool.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.