grpconv.exe

  • File Path: C:\WINDOWS\system32\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 AE67554FB55BF839BB9BE01BB1E2A112
SHA1 D6DBC50B0F3D079B9128A5EA425AC1B06FB03C42
SHA256 924B500BB243679F16DEC51A705A01CFF53F02F1584A7B5B5D8E2DE839203861
SHA384 BFFD919BD7F3953CEF3290486530909A5FCD4E2A9DE971FCA502D91F29BCAA638742AA2485BCB349836F1CCD37FA8297
SHA512 53E3341E0577724F628DAC394A22B38C636195F970D6655534796DB35A135B345E1BE2CB0FAFD933A5C76C35E7764A95351E050DBA06A566AFADCB222B6778F7
SSDEEP 768:IgTG4PpWxFUOIIY3uGWQgnqJy3y+HJNaM+TLa7LGOWp8UBJ8IiSyGt:IgTG4Pp6/n55KM+T+7LGBpLBoSyGt

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.