grpconv.exe

  • File Path: C:\WINDOWS\SysWOW64\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 91D455C47F71B38647ACAA3D18018B7F
SHA1 F34D31A656DF7C79F7415E916CE5A4229A0B9DA9
SHA256 BFFCD5F21FCAD5D54A29CF657CD8EB620250E9134A1B870DEB3D77ED5EE83048
SHA384 88066DB33A9067F8A74E697AF8166DAA033E83EA0D5C624E73AC79F31E36E17020573391ED9D312B6DCB85EC9724006D
SHA512 8CCD300418F124009A09C1052043D8555A911066100ABFC5E52812AC1633876E90546C006707D73C627CB93A84CAA7509317B040EE5455A789CF0E933AAE6001
SSDEEP 768:KA+f+v9fYSbHF6N9PoM981ZS9Dk9RQu9lJ+Nl3GNujVd4z4IydjU:KA+2v9fzF6d981ZS9Dk9RQu9lJ+yNua2

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.