poqexec.exe

  • File Path: C:\Windows\system32\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 78AE381E38249513E5AA3A9976DD16BE
SHA1 8CAE565DCA0AAEBED77D22B18ECD0857B81A8AB6
SHA256 B47E181B9ACA9EDE316CAE1CA6C50CE0ABD623994E4EB0DEECADC7C044F7E6A3
SHA384 C9F5F10AC46B127D70B09599689F3A464FB86E860D3BD6DD277C94788D9DC1302F1804E0BE0F68C64118CBD23F6F2143
SHA512 F1EBB350621F521B585BD817C01705546B731421A89CD763F1AC51312263F4BD77DA6CBD3E56F0E4D19189B7028414CD74F0F75A545276B5281179E44C3910D3
SSDEEP 12288:sa08Hr0ycItJ3KEoz8XQ1C+1TEpt9MpkFoxrInyH5fKl:w8HrPj3oymC4TGMGmxrL5S
IMP BD47FF03174DF83245815823DFE013EC
PESHA1 E2A5AFBB073ECECAF262C8CD2F1F78DECA5E6E90
PE256 548DC694F01C3B2FA9C4EFE49943E8A69B2A2DA0942ED311FFBC2B20B11EA27A

Signature

  • Status: The file C:\Windows\system32\poqexec.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: poqexec.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/b47e181b9aca9ede316cae1ca6c50ce0abd623994e4eb0deecadc7c044f7e6a3/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\poqexec.exe 94
C:\Windows\system32\poqexec.exe 94
C:\Windows\system32\poqexec.exe 94

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.