grpconv.exe

  • File Path: C:\Windows\SysWOW64\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 74E9D5CD051F96AB01C3B577669CF4D6
SHA1 81BC5E6D0890E8AD28B5F936EFE1069FF42398E2
SHA256 542C4B92D2FA26E0C26771A3624440DF3EF09CCD2EAF1A2873486CE461F9DC30
SHA384 E51A6D0B5AAE49ED6C4FEE69F985EF7F53572ECF9406A376C4C1242BC68790D56BFF0537201501B04119F6177D88DA6E
SHA512 D031F80E8B07CCECEBAF34A61D0B050873F3B60C789F207039A27B485BE689152F4BA85AAA74B69CB92AB1A84354BFA722F8A39A1A175019343DA43ACFB051B6
SSDEEP 768:8K/nMfbqDir+ox/QkI8frhR3aYz75y95:8KPMfRKK11o2y95
IMP 132C218B1F2E13F78FEE548483028E32
PESHA1 55E670B23BC066E83427DD4A5C6660F2667A53BE
PE256 B080ECA85E574E9A8EE676AF9AA397FDAA67F71D4F4DE60C9288B1DA0B5F3DEB

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\grpconv.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/542c4b92d2fa26e0c26771a3624440df3ef09ccd2eaf1a2873486ce461f9dc30/detection/

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.