grpconv.exe

  • File Path: C:\windows\SysWOW64\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 2E84D939417DFEDB3E5DAB54CCE75EEB
SHA1 A29930DD7DC2BA835BDF648BA20A273939C7815D
SHA256 DF338DACBAA9D5C3CBEE0263DE5AB11115945A872C5E1CBB57588576E191DDCB
SHA384 C4D0613FC7637816663EEE049F1C80AB3AFDB12FE6FAD8B24AC42BB543C606EDE90A39DD0CE50F20B3A3D652986FC3C0
SHA512 7A1C637CC0D4B5245172E0B0CA9841734763911D02974E459AFF145236A80CC9FBE66D3027DD8F6AD1C2AC8BD7E5CE3080043FB0DDC26C6B2D8FDE7917998372
SSDEEP 192:aUAp8UrxBdlavjXcXunRIt+TPIZ9O+vQ3oJJI6WWwsW8C:aTyUdHBXundwZAIZu6WWwsWB

Signature

  • Status: The file C:\windows\SysWOW64\grpconv.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: GRPCONV.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.