keytool.exe

  • File Path: C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe
  • Description: OpenJDK Platform binary

Hashes

Type Hash
MD5 E64A133341297033FB908CF0412A32EC
SHA1 B24A810EDE126183D10DAB34445148246C0B64E0
SHA256 2A01A89188724AB531E593E431265F8B20CE8FF75465055FCB9978DE5A1DD70B
SHA384 13DC54147281D70BB9E293475B2DFEB9C358D4DE47E82FBDEE6F9957FD40CA8396D6D5FD81FC87A53AF017149F6253AA
SHA512 E014966B48E2B7A1333C7409DEC910432435F9E11644E3F939D49DCC0745E218D70D53EA3E314D2EF6E5C22850A2FF23DC48C0F318D96A3572B0F2527E5A1594
SSDEEP 192:NH9yTnTZd8Kho+IKEfoE+weEf4yK6CYlLWwsUIHSXG4xE7ia9sgfxIZH8:NHSwKKKNE+weE1K6jSRSXS7iDgf2h8
IMP 2C43CDA2243B5AF72E180E8D1F09446D
PESHA1 5DBBDB6030853E85DA83E82D976A8217B6632090
PE256 19726CF66C1CE00674B157DCE70BF808FDADC5F7DA6E45A483DF2586B8A54A0C

Runtime Data

Usage (stderr):

Illegal option:  C:\temp\strontic-xcyclopedia\notepad.exe
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Loaded Modules:

Path
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\keytool.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 2F83C35B5136353D68CE9EB669FD1B0B
  • Thumbprint: 4BAD227329ADEF18F215B6475FB7948E1629B505
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Amazon.com Services LLC, OU=Software Services, O=Amazon.com Services LLC, L=Seattle, S=Washington, C=US

File Metadata

  • Original Filename: keytool.exe
  • Product Name: OpenJDK Platform 8
  • Company Name: Amazon.com Inc.
  • File Version: 8.0.2650.1
  • Product Version: 8.0.2650.1
  • Language: Language Neutral
  • Legal Copyright: Copyright 2020
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/2a01a89188724ab531e593e431265f8b20ce8ff75465055fcb9978de5a1dd70b/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\appletviewer.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\clhsdb.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\extcheck.exe 69
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\hsdb.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\idlj.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jar.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jarsigner.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javac.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javadoc.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javah.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\javap.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jcmd.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jconsole.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jdb.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jdeps.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jfr.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jhat.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jinfo.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jjs.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jmap.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jps.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jrunscript.exe 75
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jsadebugd.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstack.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstat.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\jstatd.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\keytool.exe 80
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\klist.exe 65
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\native2ascii.exe 74
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\orbd.exe 58
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\pack200.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\policytool.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\rmid.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\rmiregistry.exe 72
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\schemagen.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\serialver.exe 69
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\servertool.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\tnameserv.exe 57
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\wsgen.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\wsimport.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\bin\xjc.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\java-rmi.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\jjs.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\kinit.exe 66
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\klist.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\ktab.exe 69
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\orbd.exe 55
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\pack200.exe 61
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\policytool.exe 60
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\rmid.exe 63
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\rmiregistry.exe 71
C:\Program Files\Amazon Corretto\jdk1.8.0_265\jre\bin\servertool.exe 61
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\javadoc.exe 25
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jconsole.exe 35
C:\program files\Amazon Corretto\jdk11.0.8_10\bin\jinfo.exe 33
C:\Program Files\Amazon Corretto\jre8\bin\java-rmi.exe 58
C:\Program Files\Amazon Corretto\jre8\bin\jjs.exe 58
C:\Program Files\Amazon Corretto\jre8\bin\keytool.exe 80
C:\Program Files\Amazon Corretto\jre8\bin\kinit.exe 66
C:\Program Files\Amazon Corretto\jre8\bin\klist.exe 68
C:\Program Files\Amazon Corretto\jre8\bin\ktab.exe 66
C:\Program Files\Amazon Corretto\jre8\bin\orbd.exe 57
C:\Program Files\Amazon Corretto\jre8\bin\pack200.exe 58
C:\Program Files\Amazon Corretto\jre8\bin\policytool.exe 60
C:\Program Files\Amazon Corretto\jre8\bin\rmid.exe 65
C:\Program Files\Amazon Corretto\jre8\bin\rmiregistry.exe 72
C:\Program Files\Amazon Corretto\jre8\bin\tnameserv.exe 58

Possible Misuse

The following table contains possible examples of keytool.exe being misused. While keytool.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml title: Suspicious Shells Spawn by Java Utility Keytool DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml description: Detects suspicious shell spawn from Java utility keytool process (e.g. adselfservice plus exploitation) DRL 1.0
sigma proc_creation_win_susp_shell_spawn_by_java_keytool.yml ParentImage\|endswith: '\keytool.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.