poqexec.exe

  • File Path: C:\Windows\system32\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 542B537B7547E4BB334D1D3DA7A9A17C
SHA1 C2A27AB8BDB0891C5D3167E498B143E9E570B1BC
SHA256 C0C8FFC51F4BF8DD4154BCA0A55839BA360364B7D50377CE06564B24CBC6F09C
SHA384 BD5ABFABF1D7E8BAB94120A9643BF1B3DCFFFBAD3A44F814B492D9D38A94ACB4CCFADEF4A4074FAF1C19BAE56122595D
SHA512 7B8CBA30CA5BE6C01C9E1ED549BE9F469191889B2E97B9898B34E5EEB58499F32B6DE5E1DEEC5D3932AAAE0AD657DB4E4850B921AF8F5FE951595156A755B99E
SSDEEP 12288:ba08Hr0ycItJ3KEoz8XQ1C+1TEpt9MpkFoxrInyH5q7l:h8HrPj3oymC4TGMGmxrL5m
IMP BD47FF03174DF83245815823DFE013EC
PESHA1 E1CEC342A12CFBD3F75EBDEE488E602EA3D7B77E
PE256 776F139DF2848FDCD8508A0A3909D1EE4FD41E00D04237C9DB172311BF8864D6

Signature

  • Status: The file C:\Windows\system32\poqexec.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: poqexec.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/c0c8ffc51f4bf8dd4154bca0a55839ba360364b7d50377ce06564b24cbc6f09c/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\poqexec.exe 99
C:\Windows\system32\poqexec.exe 94
C:\Windows\system32\poqexec.exe 99

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.