poqexec.exe

  • File Path: C:\windows\system32\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 A7F2A82860D42732575AED673E410506
SHA1 76C560745403222D3F51DE07B0E6FBA5B13A2596
SHA256 6B9BCA26DABF6E4E87E23F135E447AAE7CAF42B9CBF350737AFFAFBE312D07DA
SHA384 57F4845C2061F7D8AC521C9FBE4BAB94CA39C3AE06968C98721C01798B6E22C8C50A3060AED573322B61C6034B508BCD
SHA512 B26AB636BE548BD7AB55ACCD5A4AF18534876D95B5EB43332489670A25454427C666242BE9BA9C9D84CB642F22BEF2DA00558FA6C3C7911D6BE5876A360E0347
SSDEEP 3072:I0yPLZwcXHh4HT6IeBRFaxGmNlA51DEqs5:ULrXHh4bcRFaHbAn

Signature

  • Status: The file C:\windows\system32\poqexec.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: poqexec.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.