grpconv.exe

  • File Path: C:\windows\system32\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 78A1800674AC11E52A1C5B57A6B0FAEE
SHA1 3AB65A078D946A73AC9FC0668BBE1EA437949D71
SHA256 8BCD93852EB3D0609FF10721E4862F17F25D4ADD54F3F9DA891D14022AB81F8B
SHA384 B0860EF59E809C825E6ECBD55FC4862BCB3B1870F57F074CA326B8D0DAAF8AB70F6CE3A6CC3A5377BB33F8A9B03511A0
SHA512 5664A8EC538F8503E01CD4797B50862D342B040EF7A2777F580AEF5FB1D2274383FB92BB036BB1F296B9C6205E0002A03D055A4F12EA870B4D8FA330EC4B1919
SSDEEP 384:BEFen1Y4Fkl+QMwWqGHJVc1S+uuhN7rM06WWwsW:BMuFcGpVmSiXrMC

Signature

  • Status: The file C:\windows\system32\grpconv.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: GRPCONV.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.