grpconv.exe

  • File Path: C:\Windows\system32\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 923442E8D3FC0288782D2945EF0E24D4
SHA1 4C572D4C2826530451D374152D3C19D05ADA053C
SHA256 DC0F3E3A852BC334B148D5F2F0D9D20E4C99839F81831D42305B455A97D53163
SHA384 227AA8BDCCEE400575B0FAB4A997FE3C3DB97682AF9054E8C1B5B289AAC24A60E5E4EF408A18062B3E761BC1F1DA244D
SHA512 3F96C76B083CE505F4514075F5CDE3511CAD25945DBC64777BDB669B51B2A7A27E005F394954DC7544ADBFDDD6205A7C551D4B18759E32F7252D21CE1F34F00C
SSDEEP 768:cEHjAW5nfyq4m2cQDz/i0pSfU+YOUSSay/+pT2NlVT5RqImK8e7n7GmL:cEHjA+9V2hKZUrT/IQzT5RqI7p7GmL

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.