poqexec.exe

  • File Path: C:\Windows\SysWOW64\poqexec.exe
  • Description: Primitive Operations Queue Executor

Hashes

Type Hash
MD5 FDEC1A07993B5A85F18F421963DD301D
SHA1 BD1D3E27DDF655F8D126983F221E8B0456CDCC6E
SHA256 431631601A6646D711632D93CFA768BD522F125320BD8BFADCB2D18B67A61303
SHA384 0812D00416F9CD9ED859F96C7F6B89100523575D20A25F03471730466078A5695E38C0907C0C3C27EE38A15D47B5D38B
SHA512 70E74727A49E31CC58347E56BC72F58673C29309A864E260B513DB925216F1DE660F864DC9167D284F5DC20622D280D651F17F38B276747F234D2E213CB08F45
SSDEEP 6144:0W5uKmK3eyy33PInY24RQHMt/N+MP7ikFvm1a9ZpHBufqnPCOjvCa4aOnUWkQokN:0W5feyy339WsJN+MP7ikc1c3BufqnPCz
IMP 49D7FAB9D4B1A98A8BD1BC23B4876852
PESHA1 CFC3003F6E60C56F871D3F768A92A30C92697B7F
PE256 37A05C2C3D2BDB636E701AD7E4C6AD014760576C0D39D16D52D8B3133C91B461

Signature

  • Status: The file C:\Windows\SysWOW64\poqexec.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: poqexec.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.680 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.680
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/431631601a6646d711632d93cfa768bd522f125320bd8bfadcb2d18b67a61303/detection

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\poqexec.exe 97
C:\Windows\SysWOW64\poqexec.exe 97
C:\Windows\SysWOW64\poqexec.exe 93
C:\Windows\SysWOW64\poqexec.exe 97

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_common.yml - 'C:\Windows\System32\poqexec.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.