keytool.exe

  • File Path: C:\Program Files\Amazon Corretto\jre8\bin\keytool.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 5B2EED8BF1F4AD2266D1AB4DACD5EFB5
SHA1 5BE29FA2F27C7DB2871A674F4CD86D3E3C197A18
SHA256 8EBE35AFF7B018623D55DFF2F62B1F1AFDAFB50169A5940B14047398052DCB29
SHA384 5F171D3DFA4B9007141006F26ACD4E9811CCEAA5532896C307355BED372F942E631BFF7AFF9C2FC161B2ABFB9ACBF6DF
SHA512 E86E316B8BF5E8489B4DAFA0FEA6099643B9AADAA1CCB56C81A24C7B9F27B67E5E44B77B9BD921701FF91E8822E201425D170B50C017A501CFCE778223E93ADB
SSDEEP 192:tH9yTnTZd8Kho+IKEfoE+weE/W4yK6CYlLWwsUJczuG4I1p4a9sgfxIZH7E:tHSwKKKNE+weEGK6jSFzuCp4Dgf2hY
IMP 2C43CDA2243B5AF72E180E8D1F09446D
PESHA1 5DBBDB6030853E85DA83E82D976A8217B6632090
PE256 19726CF66C1CE00674B157DCE70BF808FDADC5F7DA6E45A483DF2586B8A54A0C

Runtime Data

Usage (stderr):

Illegal option:  C:\temp\strontic-xcyclopedia\notepad.exe
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Loaded Modules:

Path
C:\Program Files\Amazon Corretto\jre8\bin\keytool.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: keytool.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/8ebe35aff7b018623d55dff2f62b1f1afdafb50169a5940b14047398052dcb29/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\appletviewer.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\clhsdb.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\extcheck.exe 69
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\hsdb.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\idlj.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jar.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jarsigner.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javac.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javadoc.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javah.exe 54
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javap.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jcmd.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jconsole.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jdb.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jdeps.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jfr.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jhat.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jinfo.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jjs.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jmap.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jps.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jrunscript.exe 77
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jsadebugd.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstack.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstat.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstatd.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe 83
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\klist.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\native2ascii.exe 74
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\orbd.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\pack200.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\policytool.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\rmid.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\rmiregistry.exe 71
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\schemagen.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\serialver.exe 68
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\servertool.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\tnameserv.exe 54
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\wsgen.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\wsimport.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\xjc.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\java-rmi.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\jjs.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe 80
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\kinit.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\klist.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\ktab.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\orbd.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\pack200.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\policytool.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\rmid.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\rmiregistry.exe 69
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\servertool.exe 58
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\javadoc.exe 29
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jconsole.exe 30
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jinfo.exe 32
C:\Program Files\Amazon Corretto\jre8\bin\java-rmi.exe 58
C:\Program Files\Amazon Corretto\jre8\bin\jjs.exe 60
C:\Program Files\Amazon Corretto\jre8\bin\kinit.exe 66
C:\Program Files\Amazon Corretto\jre8\bin\klist.exe 65
C:\Program Files\Amazon Corretto\jre8\bin\ktab.exe 68
C:\Program Files\Amazon Corretto\jre8\bin\orbd.exe 57
C:\Program Files\Amazon Corretto\jre8\bin\pack200.exe 63
C:\Program Files\Amazon Corretto\jre8\bin\policytool.exe 61
C:\Program Files\Amazon Corretto\jre8\bin\rmid.exe 65
C:\Program Files\Amazon Corretto\jre8\bin\rmiregistry.exe 72
C:\Program Files\Amazon Corretto\jre8\bin\tnameserv.exe 55

Possible Misuse

The following table contains possible examples of keytool.exe being misused. While keytool.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml title: Suspicious Shells Spawn by Java Utility Keytool DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml description: Detects suspicious shell spawn from Java utility keytool process (e.g. adselfservice plus exploitation) DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml ParentImage\|endswith: '\keytool.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.