poqexec.exe

  • File Path: C:\Windows\system32\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 E80B31DC313BB4481ED5BFE03CE902AB
SHA1 C630D14E5B3823F562F0869757079C08174AA089
SHA256 D376B08CCDDD00755AA49DA2D1645AF0A7AF938BCA65284DE1E4E7CA0D5DA80A
SHA384 994BFCDC0F5A59D9E294535855C979DA950A81202ACBDCA73EF8699C2B1724D07CF20A36C3A6D3B37D77378B98E06A3E
SHA512 F605E7C3E5054A32396290C2E1CB9C92C9F4230CB9CE523EC9D342FE7DC163C970E300BA88FCF58250CD73EAE71768FBAD4E4D1E3056070757D6558941E7AACF
SSDEEP 3072:PDzJ+oQ0eV9NRba5FoqWgHgNQDfvSpfFE4IDn+LUgj:PDzJe0eVtba5FoqRgQDfUfFE4ID+

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: poqexec.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.