poqexec.exe

  • File Path: C:\Windows\system32\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 B01261CE4E3B152E4E1AF02AB4DDBFAC
SHA1 02409B166485CC76BEE033F13DBF2148605B6AC8
SHA256 05F6277B91D780D5EC7BDE8FD12A93003EFDAE030F6194A7C91502B13AA55AAB
SHA384 2FF5DBC0C85D43106839362F31DB9A8CAFCAC76EDB83C18207AE76DACE29728FE60BF894B09D1EB35157EA836EB126B7
SHA512 D60A00778AE99E478659C5D3E2036B50629A09D3503D6115B21D0C1E9AA0E179128EE7DAA3026A5E1EA29C174510AD281B99EFCF440B2A858DF5529607EF2F2A
SSDEEP 12288:EKENUKKcWqfs+v6+jafJt+PXAl1H8o2mJfvpH5PL:oNUFVmaK4AIlRL2mVR5j
IMP BD47FF03174DF83245815823DFE013EC
PESHA1 FCA338B7363C7C3AC9697DD947AD362BF7FB6AA4
PE256 C59065410BC7533C06D864840A96F46ABDF86A7FD0FA21268E04172CDC38FD4A

Signature

  • Status: The file C:\Windows\system32\poqexec.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: poqexec.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/05f6277b91d780d5ec7bde8fd12a93003efdae030f6194a7c91502b13aa55aab/detection

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.