keytool.exe

  • File Path: C:\program files (x86)\Amazon Corretto\jre8\bin\keytool.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 C4F986C38D989EA75380E7CBD98C5B77
SHA1 B285A11533A40CDED79DACA6AD68F6D737F50C14
SHA256 9184AFB51BFC40AEBCEBD2BB91E849C9BAD98960F1E4F9AED0468D89990A9180
SHA384 6F2F9E8F9459DD23FB2B22150A2ED3C5A4D050413CC7ADEA05612E98363EA0DE3011977CBF537D4CC0F45EF2AC00A369
SHA512 660B61571EF9571E4AA88B407A3B82779D7B2E58EAB9D4212ABD6C790B77A2AF1E738EF0B3FE8AC4E881173B387CC0E88CEB5C1725D23168592408593ACB2512
SSDEEP 384:Gpsm5hn9qQmSHhV816ee34Sz2K6jSRwbUDgf2h3:GpsYnmS/81ne3kKgDbUUf2h3

Runtime Data

Usage (stderr):

Illegal option:  help
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Loaded Modules:

Path
C:\program files (x86)\Amazon Corretto\jre8\bin\keytool.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: keytool.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020

File Similarity (ssdeep match)

File Score
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\appletviewer.exe 69
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe 85
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\bin\rmiregistry.exe 74
C:\program files (x86)\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe 88

Possible Misuse

The following table contains possible examples of keytool.exe being misused. While keytool.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml title: Suspicious Shells Spawn by Java Utility Keytool DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml description: Detects suspicious shell spawn from Java utility keytool process (e.g. adselfservice plus exploitation) DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml ParentImage\|endswith: '\keytool.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.