poqexec.exe

  • File Path: C:\WINDOWS\system32\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 5CCF728D271601A8135ED970B13F14FD
SHA1 17D1EAB32DD7993D431D670B3F372BBDFBC25568
SHA256 030618FBF96393C100B56D97AFE01C0EA752C657FD982E29653DE9EA4D7074EE
SHA384 F3173199906C8D3297A5E8506F6E7C250CC0ED0015FD7802CF1D89ACE5932AE0C764764E623CB36F29CE4FBA6D197492
SHA512 1CD24C27CA8501EC598951B704B9F02E51DE7948FE6F65818A840B3226A98F751D640CAD00760860E2E685B30721B5E0DD13A3F85D532B763A99E78D737D8415
SSDEEP 12288:3LvyayW9hu2jXJjJsoHGJmlIsJEadzz+iOqN8L5Y:7aavbBGJQiiQ5

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: poqexec.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.