credwiz.exe

  • File Path: C:\WINDOWS\system32\credwiz.exe
  • Description: Credential Backup and Restore Wizard

Screenshot

credwiz.exe

Hashes

Type Hash
MD5 E3D1ADECE776B1780A4E0CE80A41DD4B
SHA1 C51A7409EB37A3F55B06478ED09071779BB362B7
SHA256 C6350EE68A5CED47C79A32124ED86C398D5D8EE4BEBB3C703DA16D67CE292A4F
SHA384 EB7408B9150A7F96DCE19587F20D8D0EE66E4B2F1EAD7C268837F7435DF27982482C8BAB6C8C691DA9E6F394BC180BD3
SHA512 AA14678EE1522D86BC1182D589E51788CD92F3EB887F8D9448836FC92E5B058F0056EAE77DF965269359F2DD891FB129B0F2E900DA5A0999FC5163F965C6A41E
SSDEEP 768:TzqDycebzSCWpCn+BVhKR/05BWLtkg4V9PnrcB9GZD4Yjg:3qPrdBGRYBWLeg4V9Pr6GZD4Yj

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: credwiz.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\credwiz.exe 58

Possible Misuse

The following table contains possible examples of credwiz.exe being misused. While credwiz.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc badiis.yar $s8 = "C:\\Windows\\System32\\credwiz.exe" ascii wide © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.