grpconv.exe

  • File Path: C:\Windows\SysWOW64\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 09C1AB402E7B63EDDA6D7A83E05EA76F
SHA1 484C388E846AA8598D797CE3AB0B3EDADC4029C3
SHA256 128F8B664C418B03615A74DFD2BC9A5663EEFA345FE7C0CB445CB4B261F69914
SHA384 7C7934B4F75717FF8A8B6215F0AD16E4A7E36F88709D425349B8378CD7110689F17D5C3EC27969DD4062649B06C1E74F
SHA512 0FBAACE7EEE191F9EE721DC4819FA3A89DFA641DAADBCCC1F0B29A0E40120B608335E7ED96D32340F893E0B1B1026A1744BD842FDDB11B8BBE5DBE7EB81CFDCF
SSDEEP 768:7CvIShl5RP0ugVlOQKaOfLFfTiWfV9Vf9JCiPL94uOFk8Wm:7CvIK5ngVlNjOga9NCuOFZn

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.