poqexec.exe

  • File Path: C:\Windows\SysWOW64\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 28E07AA6662D0176B85337734DD62936
SHA1 9EFEE442E477EC45236674517C5790F5DCE9B10D
SHA256 0A38019D8C0F7F3C5E429BC393859576BCB9031E6EBE255BB19F15FCD30395CE
SHA384 59CC5BE1333FA6BAA0BCDF2940F44444440F72B3A3542AFC6C5445E7A3D22EBDBC96ECFB602AF962CBB13E79F0ADB4EF
SHA512 67F832C794505D72AEF354DBEC9BAE87A84993E49C96A71B480A92BF619C97F5279926492199B3EA1B9D22C257626BABC4702FEA6241A71AC65BFAB051F8C9D0
SSDEEP 3072:H0e+FSMRNliQXliXHT8v+ek6pavrL61nE2gY87egmzB:eSMRNlDXliXHT8/zpavrmtgmt

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: poqexec.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.3622 (rs1_release.200311-1737)
  • Product Version: 10.0.14393.3622
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.