What is frmwrk32.exe

Posted In: Computer . By suwari

This is cloaked malware and malware downloader.

Also use the following names:

64439744.EXE
71698828.DAT
VRTA.TMP
TOP[n].TXT
6.TMP
8.TMP
93511318.DAT
92837428.BAD
11244301.EXE
LOADER[n].EXE
WJQS.EXE
A.EXE
SVCHOST.EXE
FRMWRK32/A.EXE
FRMWRK32/A0051148.EXE
FRMWRK32/U-STORE[n].GIF
FRMWRK32/FRMWRK32.EXE
RDL4.TMP
45049727.EXE
22690229.EXE
303350.EXE
06696265.EXE
78935166.EXE
LOADER.EXE

File activity:

Deletes c:\windows\system32\frmwrk32.exe
Copies filec:\windows\system32\frmwrk32.exe to c:\windows\system32\frmwrk32.exe
Creates c:\windows\system32\ntdll64.exe
Creates c:\windows\system32\win32hlp.cnf
Creates c:\windows\system32\warning.gif
Creates c:\windows\system32\ahtn.htm
Creates c:\docume~1\user\locals~1\temp\cscript.exe
Creates c:\windows\cscript.exe
Deletes c:\docume~1\user\locals~1\temp\ntdll64.dll
Creates c:\docume~1\user\locals~1\temp\ntdll64.dll
Deletes c:\docume~1\user\locals~1\temp\mousehook.dll
Creates c:\docume~1\user\locals~1\temp\mousehook.dll
Moves c:\windows\system32\userinit.exe to c:\windows\system32\init32.exe
Copies filec:\windows\system32\ntdll64.exe to c:\windows\system32\userinit.exe
Copies filec:\windows\system32\ntdll64.exe to c:\windows\system32\dllcache\userinit.exe
Deletes c:\windows\system32\ntdll64.ex

Registry Activity:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoSetActiveDesktop value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoChangingWallpaper value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoActiveDesktopChanges value:
HKEY_CURRENT_USER\Software 2a422c91-6984-47e4-94be-04c4fad5f8d8 value:
HKEY_CURRENT_USER\Software 1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f [REG_DWORD, value: 0000009F]
HKEY_CURRENT_USER\Software\Microsoft WinId {564F3BEB-5C60-48E6-A249-2EF6CE6B0C31}

2 Responses to What is frmwrk32.exe

oakleyses March 18, 2016 at 10:06 PM

uggs outlet, uggs on sale, ray ban sunglasses, ray ban sunglasses, louis vuitton, michael kors outlet online, oakley sunglasses wholesale, christian louboutin outlet, louis vuitton, uggs outlet, louis vuitton outlet, polo outlet, prada handbags, nike free, chanel handbags, longchamp outlet, michael kors outlet, replica watches, louis vuitton outlet, oakley sunglasses, michael kors outlet online, prada outlet, michael kors outlet online, longchamp outlet, burberry handbags, michael kors outlet, kate spade outlet, ray ban sunglasses, longchamp outlet, louis vuitton outlet, oakley sunglasses, nike air max, oakley sunglasses, replica watches, ugg boots, polo ralph lauren outlet online, ugg boots, gucci handbags, jordan shoes, cheap oakley sunglasses, michael kors outlet online, christian louboutin uk, burberry outlet, tory burch outlet, tiffany and co, christian louboutin shoes

oakleyses March 18, 2016 at 10:13 PM

doudoune moncler, pandora uk, moncler outlet, vans, converse outlet, montre pas cher, louis vuitton, moncler, moncler, canada goose, canada goose outlet, ugg uk, links of london, barbour uk, supra shoes, replica watches, lancel, nike air max, moncler, moncler, moncler outlet, coach outlet, wedding dresses, canada goose outlet, pandora jewelry, karen millen uk, ugg, marc jacobs, juicy couture outlet, converse, moncler uk, louis vuitton, ugg pas cher, swarovski, pandora jewelry, gucci, canada goose, canada goose uk, ugg,uggs,uggs canada, pandora charms, juicy couture outlet, louis vuitton, louis vuitton, ray ban, ugg,ugg australia,ugg italia, canada goose jackets, swarovski crystal, canada goose, hollister, thomas sabo, canada goose outlet, toms shoes

Something to say?