keytool.exe

  • File Path: C:\program files\Amazon Corretto\jdk11.0.8_10\bin\keytool.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 6045C32AB7C9FE9F5292B494A1B2E232
SHA1 A3E22871EFB9F9F2CCE01F275C3FAC496D7EC985
SHA256 CB1161713E8FB27B1C960B4C74459687FC91AF53E4E8D1A1BE4DC251983E0C0F
SHA384 58BF380CDEBAA117362F7D7DCD327431B5B55FF2A9D3899E998619CF6C5C6DBEFEF251E3919EF955326FA7CB669FB5FD
SHA512 42C4673EA9FCEE568AEE13B9C2C0CBE2759D4AA2AE0831EFE8510C9802562B366CE59B21B0AF616AD85B5E5BFFBAEA2F7548383B8255DD1232B991D013C53299
SSDEEP 384:PTgbdNt3SyKzBbF0g5AW9K6jS5Dgf2hWE:Au/F0g5zKgCUf2hL

Runtime Data

Usage (stderr):

Illegal option:  help
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -?, -h, or --help" for this help message
Use "keytool -command_name --help" for usage of command_name.
Use the -conf <url> option to specify a pre-configured options file.

Loaded Modules:

Path
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\keytool.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: keytool.exe
  • Product Name: OpenJDK Platform 11
  • Company Name: Amazon.com Inc.
  • File Version: 11.0.8
  • Product Version: 11.0.8
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\Amazon Corretto\jre8\bin\klist.exe 47
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jarsigner.exe 43
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jdb.exe 47
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jdeprscan.exe 47
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jhsdb.exe 49
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\jshell.exe 49
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\keytool.exe 52
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\pack200.exe 44
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\rmiregistry.exe 44
C:\program files\AdoptOpenJDK\jdk-11.0.8.10-hotspot\bin\serialver.exe 44
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\keytool.exe 52
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\pack200.exe 49
C:\program files\AdoptOpenJDK\jre-11.0.8.10-hotspot\bin\rmiregistry.exe 47
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\rmic.exe 41
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jarsigner.exe 61
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jdb.exe 69
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jdeprscan.exe 68
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jhsdb.exe 68
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jshell.exe 63
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\pack200.exe 72
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\rmiregistry.exe 65
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\serialver.exe 65

Possible Misuse

The following table contains possible examples of keytool.exe being misused. While keytool.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml title: Suspicious Shells Spawn by Java Utility Keytool DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml description: Detects suspicious shell spawn from Java utility keytool process (e.g. adselfservice plus exploitation) DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml ParentImage\|endswith: '\keytool.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.