credwiz.exe

  • File Path: C:\Windows\system32\credwiz.exe
  • Description: Credential Backup and Restore Wizard

Screenshot

credwiz.exe

Hashes

Type Hash
MD5 A6001253D5FD839243DB624A2735F188
SHA1 0FEE237A8DF821F4E38BA89441B83A28DCC09D43
SHA256 9DEDB08C7F04F9C0BF33B48C4B8692A200AE62112F02FEF985F13322D6AB540E
SHA384 9606DEF02F459A4A463A1F15192BD36317B3D4F0A85924C61E6A4E9446C054B8766ED4FB8BE63359B8C8CD29F89C46E1
SHA512 519844821CDBD9A4D38C4AD93428D4C7698C9A3DC3A13AE9348187EF69A47A13BE45502FB45F1ECAE31223B7178D89BE285D5A0EFDCEA3F75921F8B567B3C5A1
SSDEEP 768:dLaECK6c9URwnAU0+tXyJYFOJLta8UbMWVPtCyHbTGsFZ:NY+qA0NYYJLta8wMWVPtCgTGsF

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: credwiz.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of credwiz.exe being misused. While credwiz.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc badiis.yar $s8 = "C:\\Windows\\System32\\credwiz.exe" ascii wide © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.