credwiz.exe
- File Path:
C:\WINDOWS\system32\credwiz.exe - Description: Credential Backup and Restore Wizard
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | E3D1ADECE776B1780A4E0CE80A41DD4B |
| SHA1 | C51A7409EB37A3F55B06478ED09071779BB362B7 |
| SHA256 | C6350EE68A5CED47C79A32124ED86C398D5D8EE4BEBB3C703DA16D67CE292A4F |
| SHA384 | EB7408B9150A7F96DCE19587F20D8D0EE66E4B2F1EAD7C268837F7435DF27982482C8BAB6C8C691DA9E6F394BC180BD3 |
| SHA512 | AA14678EE1522D86BC1182D589E51788CD92F3EB887F8D9448836FC92E5B058F0056EAE77DF965269359F2DD891FB129B0F2E900DA5A0999FC5163F965C6A41E |
| SSDEEP | 768:TzqDycebzSCWpCn+BVhKR/05BWLtkg4V9PnrcB9GZD4Yjg:3qPrdBGRYBWLeg4V9Pr6GZD4Yj |
Signature
- Status: Signature verified.
- Serial:
330000023241FB59996DCC4DFF000000000232 - Thumbprint:
FF82BC38E1DA5E596DF374C53E3617F7EDA36B06 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: credwiz.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.18362.1 (WinBuild.160101.0800)
- Product Version: 10.0.18362.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\Windows\system32\credwiz.exe | 58 |
Possible Misuse
The following table contains possible examples of credwiz.exe being misused. While credwiz.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| malware-ioc | badiis.yar | $s8 = "C:\\Windows\\System32\\credwiz.exe" ascii wide |
© ESET 2014-2018 |
MIT License. Copyright (c) 2020-2021 Strontic.