keytool.exe

  • File Path: C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 8E9FA6337C05EA19B49857407FE76324
SHA1 106E4FD0FD14956B6BB442577E465502AD5EA9AE
SHA256 18EA22B32F479B5FAED0B082285AF81AC8B62A28A8D69C5E97F133F52028F8A6
SHA384 278A2BE953090E2F92DD5477FC91714506F0F832CAAB8F49EDFEC656A9D3E85BD86B69B5F4022DD2EC4B462C4D9380F0
SHA512 39A9098361EF81107FD6A6DB26EFE02255A25D301565F765B7142388E39FD904AA16BB43117E6FE45FACDDCFE97819E0AD61543C8CA261E8DB3D77ECAC3A90D0
SSDEEP 192:OH9yTnTZd8Kho+IKEfoE+weE/W4yK6CYlLWwsUOdGnpG4sqa9sgfxIZH3bB1:OHSwKKKNE+weEGK6jSfopgqDgf2hrB1
IMP 2C43CDA2243B5AF72E180E8D1F09446D
PESHA1 5DBBDB6030853E85DA83E82D976A8217B6632090
PE256 19726CF66C1CE00674B157DCE70BF808FDADC5F7DA6E45A483DF2586B8A54A0C

Runtime Data

Usage (stderr):

Illegal option:  C:\temp\strontic-xcyclopedia\notepad.exe
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Loaded Modules:

Path
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: keytool.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/18ea22b32f479b5faed0b082285af81ac8b62a28a8d69c5e97f133f52028f8a6/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\appletviewer.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\clhsdb.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\extcheck.exe 68
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\hsdb.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\idlj.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jar.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jarsigner.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javac.exe 54
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javadoc.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javah.exe 52
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javap.exe 54
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jcmd.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jconsole.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jdb.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jdeps.exe 54
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jfr.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jhat.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jinfo.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jjs.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jmap.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jps.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jrunscript.exe 74
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jsadebugd.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstack.exe 54
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstat.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstatd.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\klist.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\native2ascii.exe 72
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\orbd.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\pack200.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\policytool.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\rmid.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\rmiregistry.exe 71
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\schemagen.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\serialver.exe 68
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\servertool.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\tnameserv.exe 54
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\wsgen.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\wsimport.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\xjc.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\java-rmi.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\jjs.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe 80
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\kinit.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\klist.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\ktab.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\orbd.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\pack200.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\policytool.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\rmid.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\rmiregistry.exe 68
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\servertool.exe 58
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\javadoc.exe 27
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jconsole.exe 32
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jinfo.exe 30
C:\Program Files\Amazon Corretto\jre8\bin\java-rmi.exe 57
C:\Program Files\Amazon Corretto\jre8\bin\jjs.exe 58
C:\Program Files\Amazon Corretto\jre8\bin\keytool.exe 83
C:\Program Files\Amazon Corretto\jre8\bin\kinit.exe 66
C:\Program Files\Amazon Corretto\jre8\bin\klist.exe 65
C:\Program Files\Amazon Corretto\jre8\bin\ktab.exe 65
C:\Program Files\Amazon Corretto\jre8\bin\orbd.exe 55
C:\Program Files\Amazon Corretto\jre8\bin\pack200.exe 63
C:\Program Files\Amazon Corretto\jre8\bin\policytool.exe 58
C:\Program Files\Amazon Corretto\jre8\bin\rmid.exe 61
C:\Program Files\Amazon Corretto\jre8\bin\rmiregistry.exe 74
C:\Program Files\Amazon Corretto\jre8\bin\tnameserv.exe 55

Possible Misuse

The following table contains possible examples of keytool.exe being misused. While keytool.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml title: Suspicious Shells Spawn by Java Utility Keytool DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml description: Detects suspicious shell spawn from Java utility keytool process (e.g. adselfservice plus exploitation) DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml ParentImage\|endswith: '\keytool.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.