keytool.exe

  • File Path: C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 96B9C189FC368FB11EAECE9FBE5CAB09
SHA1 EB159A2C301E71950FAAB91E5896D38B9FD60A58
SHA256 E14F542D4988AAA017F9AB15BC21AEB084D5EC768DB4218AB19637C53ADFD13C
SHA384 AAC4AB39CC1A0162944AF3517A724F6B31DF19CE56E5F3FD0A033FC3542F37D9D3643CB4957E6518D1C5295C956D083D
SHA512 693FE8B1D65F703C7AFF5DC813655B6485FEED098BB07297FB61D22D8B022E67C16BA1C681ECD017D32C4F3E913699A317CCDA113D4C54B4CDAA7B7465B17272
SSDEEP 384:Gpsz5hn9qQmSHhV816ee34Sz2K6jS9jzawXDgf2h8c:GpsjnmS/81ne3kKgijzaCUf2h8c

Runtime Data

Usage (stderr):

Illegal option:  help
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Loaded Modules:

Path
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: keytool.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\appletviewer.exe 69
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe 85
C:\program files (x86)\Amazon Corretto\jre8\bin\keytool.exe 85

Possible Misuse

The following table contains possible examples of keytool.exe being misused. While keytool.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml title: Suspicious Shells Spawn by Java Utility Keytool DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml description: Detects suspicious shell spawn from Java utility keytool process (e.g. adselfservice plus exploitation) DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml ParentImage\|endswith: '\keytool.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.