grpconv.exe

  • File Path: C:\Windows\SysWOW64\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 5A13926732E6D349FD060C072BC7FB74
SHA1 515EA092604E6A3EAD70E702573DE0C54D769620
SHA256 3B496786568A0A35780B0AF76AC486C24FEFA867C663DD931A86DB6A263E992C
SHA384 F06FDA096807C1C0682656EA6CDF550CC8B1460A0EF485E6309FE1C633C2D5CFE0EC6D334F22332C09853DDE512EE914
SHA512 99FA12C4555C2D62C733D42991865DD50A5F59F9443979F776C50ADC661E67F2F99CB9F680E43A9D248925CB9BE944B382D22E164F4BFF70397F0F3A46825C36
SSDEEP 768:Ayr0h7j4JEoo2BR/6kbdR6zuFZFBVM4NTqyd213k:Ayr0hX4JEo/R/PdRTTBGyd210
IMP 132C218B1F2E13F78FEE548483028E32
PESHA1 06822DBBD836E820A6A6D09890F5FA198323704F
PE256 986F46CB76AB08801B8D94253EBD662022B4EBD218BE61B49F31D3C44071E5FA

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\grpconv.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/3b496786568a0a35780b0af76ac486c24fefa867c663dd931a86db6a263e992c/detection

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.