credwiz.exe

  • File Path: C:\WINDOWS\SysWOW64\credwiz.exe
  • Description: Credential Backup and Restore Wizard

Screenshot

credwiz.exe

Hashes

Type Hash
MD5 53E0D935F34ABB848E74B377D70BE320
SHA1 5305D450074AA626738F73FE15CCF6AB44F4D380
SHA256 99086D3D6F4E05A08BD2A74B336DED81B92EACEC241C22626935F3AD3CD56312
SHA384 4FD907060E711BE87EA3CDFD4ED1F823DC2D171432C0C274ED4521F16986C15B476FCC9EF5A050DCA5060FEFC635C5C1
SHA512 5B87559BE7CE6B25FC005443C0D6F7A1C1E6ABD7CC364404C2263C537BC5CCCD390D0F0C906479060C4EE62EB0BF02FC0EF8B474479BD26C7D6C78570AEFEF1B
SSDEEP 384:suFGSBYGwI5xk2SdUykHEj1GFogeGiuXHNUc+t+4sV6fUopeKdZhNGjWM5WWNuKv:h1YGaYkj1GFrLXqcRj6ceZmDgST

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: credwiz.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of credwiz.exe being misused. While credwiz.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc badiis.yar $s8 = "C:\\Windows\\System32\\credwiz.exe" ascii wide © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.