credwiz.exe

  • File Path: C:\Windows\SysWOW64\credwiz.exe
  • Description: Credential Backup and Restore Wizard

Screenshot

credwiz.exe

Hashes

Type Hash
MD5 6BB9BCCB6406E65F5C68A42C1E8541DA
SHA1 8E96592C9B7765FAF226CDB1DD83BDE53BEDC11D
SHA256 896C66AF66FB0B23C751B79044DA47D0068D66A02A15EE4B78917DF2A0EEC337
SHA384 1AB705465CF24A88B1CA9ED7CDBDA94C7D174F72C0ADBA2FAEAE50654381D753E29E249AFB875874A53486D50C6122B8
SHA512 D9E1E2484B5E1D75A992AB2A4EB8D46737599AB2ED94D0BEDB9843B2A006EA90B3B5F7D14F42D9FCECD4E92BD478497FF72E14003FD44C9A952B01CC64861518
SSDEEP 384:OtuFGSBYyxNr7sLX0gb4+zm+goP1iJvUpHjVXwKNKsgufSQfanPiJIOu2kLWe5Wp:D1YuFQX7zng01IrufSQfA03ublZf

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: credwiz.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of credwiz.exe being misused. While credwiz.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc badiis.yar $s8 = "C:\\Windows\\System32\\credwiz.exe" ascii wide © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.