grpconv.exe

  • File Path: C:\WINDOWS\SysWOW64\grpconv.exe
  • Description: Windows Progman Group Converter

Hashes

Type Hash
MD5 DEE92D75831BB1EA2238F0C349123DF5
SHA1 671BF2D9486F59F0C666880B2FC99D5431870CF0
SHA256 120A97F285DE6C386301F7208F8194F813D3A14ABF09475173FBF929FC6AE220
SHA384 9F4ACE12F07D7C418AC9078E1CC7DF644ADE1AEF1491A84E7D716AB7E87FDFEE95DE8B2910A93052703B7477D0648468
SHA512 0293062D77D56EE3D9225DC835733FC5624A5907E5E995E0D463470115E10578507232E7F68CC3881791A1AAC799881702C10B8FAC6096453BB8B2D23DAD3026
SSDEEP 192:/O+YBfoZnxc2viPTbiJ78GdwyZUQ2ZDDew3M60sFY6zPEUiZ1vJI6GWtsWZyGb:m6vLyPJGlux8wNzqZ1vu6GWtsWZyG
IMP 53F2EC8A4091B21C48CF8E7F125EDA29
PESHA1 9CBA66B35EC5896F3A4A8F52504FC178C4B53223
PE256 0C5FB1987907B4CC174DB1DA844779B9A17E4A71A88EAB5F8CD6E7913F946C41

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\grpconv.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: GRPCONV.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/120a97f285de6c386301f7208f8194f813d3a14abf09475173fbf929fc6ae220/detection

Possible Misuse

The following table contains possible examples of grpconv.exe being misused. While grpconv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - Details: 'grpconv -o' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.