poqexec.exe

  • File Path: C:\WINDOWS\SysWOW64\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 087C1F5AB2ADA4E859833024FC40A1BB
SHA1 19D843262AC4125B8F0618DF47A7479CFC6CB014
SHA256 FA7BB9D8C35FF3A1DA80FE16C3C7FDCC18A8D10B2619715DD3C598F6EFB7F725
SHA384 366906639A275C186E166A95612E18E3446447D6607622DA4ED06D192F8379AE9E5FBA3B6274654CB25CB2CAF4A32442
SHA512 489170137808FC4354AB7D62569AC7DAB4F02E53EEEB9EA8C4F88EB1C406EA0836E1DC573A75602D2DEF9D889775B63A0B22A68289A45D3BE508ED10A69B7984
SSDEEP 6144:1Vnz5Ljm8tfa1uhpnftwIiR38AXGjeM/d8+eB0eQfAXSqI+DSQTL7QxgNdez1zPw:1Vz53fa1uBfiR8AXGjeMW+o0eQfAXSql

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: poqexec.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.