grpconv.exe

  • File Path: C:\Windows\system32\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 8531882ACC33CB4BDC11B305A01581CE
SHA1 1B8AFC2C821709143F4B95AC0709B6BC572E67F3
SHA256 A248E327B89F8574CB7DF9F34CD7120C0508CA1541C5520BD72F0830F85A0CEC
SHA384 CFB7F1E23EAD839688547DD80A0757B7D079E57BA928924DE5E8A0104723364ED1A1E93771DAE6037624A1AE7D992013
SHA512 C5318BC367CD192211F1CD5DCBC63025780F4262DFAC1E80BA4FCD94A907723B8DE23A3B7E112B731A4AF8415B4B1375D1688C50C27D12406F87C247C492FB6B
SSDEEP 1536:RbWdz0bCMCUzmHmVTRufNBjtlCVR0wmU05khyrE:RKd8lOBzCuUKR4
IMP 671EAFCFCFA86F159D56B51A22BF5C87
PESHA1 D9FD0A3F365DFAB280D5A9AAE37195C91506CAE1
PE256 35FE60F5E21AA510D9236C62CD159B70EB65CFA548089637480BE0EC0E4C2F82

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\system32\grpconv.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/a248e327b89f8574cb7df9f34cd7120c0508ca1541c5520bd72f0830f85a0cec/detection

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.