Multi-License Discount Quote

Change Region

English Español Português
Threat Database Malware PCK.MEW

PCK.MEW

By Sumo3000 in Malware
Translate To:

Threat Scorecard

Popularity Rank: 15,053
Threat Level: 100 % (High)
Infected Computers: 789
First Seen: July 24, 2009
Last Seen: March 14, 2026
OS(es) Affected: Windows

PCK.MEW is malicious software that has the ability to download other malware onto the infected computer without notification to the computer user. Once this action takes place, malicious files can load into memory at startup of Windows making it difficult to manually detect and remove PCK.MEW.

Aliases

11 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Prevx1 Heuristic: Suspicious File With Code Injection Tec
Ikarus Backdoor.Win32.G_Door.22
Sunbelt VIPRE.Suspicious
Sophos Mal/EncPk-BA
Prevx1 SystemPoser:Trojan-All Variants
Panda Suspicious file
Ikarus IM-Worm.Win32.Sumom.C
F-Secure Suspicious:W32/Malware!Gemini
eSafe suspicious Trojan/Worm
ClamAV PUA.Packed.MEW-1
CAT-QuickHeal W32.Brontok.Q

Analysis Report

General information

Family Name: Malware.MEW.Gen
Signature status: No Signature

Known Samples

MD5: 7fcb04ee4ebc147dbccc900edbe6ffc8
SHA1: 53c0c8c74f3e01e93d6d545ab81fe405473440ea
SHA256: C4FCD493DD2EC807DA296CFECFA0C4AED9D62266841D030671E13407E1B30FF3
File Size: 1.61 MB, 1610779 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Symantec Corporation
File Description Self-Extracting Custom Command Launcher
File Version 1.2.3.924 RELEASE
Internal Name W32SFX
Legal Copyright Copyright 2002-2003 by Symantec Corporation
Original Filename W32SFX.exe
Product Name Symantec Shared Library
Product Version 1.2.3

File Traits

  • HighEntropy
  • No Version Info
  • x86

Files Modified

File Attributes
c:\symnonav\blankmsicleanup.bat Synchronize,Write Data
c:\symnonav\cleaninstfolder.bat Synchronize,Write Data
c:\symnonav\currdir.txt Generic Write,Read Attributes
c:\symnonav\currsettings.txt Synchronize,Write Data
c:\symnonav\enummsi.bat Synchronize,Write Data
c:\symnonav\esugdir.exe Synchronize,Write Data
c:\symnonav\esugdlgcontrol.exe Synchronize,Write Data
c:\symnonav\esugenum.exe Synchronize,Write Data
c:\symnonav\esugmsi.exe Synchronize,Write Data
c:\symnonav\esugmsiconvert.exe Synchronize,Write Data
Show More
c:\symnonav\esugpm.exe Synchronize,Write Data
c:\symnonav\esugreg.exe Synchronize,Write Data
c:\symnonav\esugsleep.exe Synchronize,Write Data
c:\symnonav\esugunen.exe Synchronize,Write Data
c:\symnonav\esuguneng.exe Synchronize,Write Data
c:\symnonav\logs\date_tue_03_10_2026-time_1_59_34_66_nonav.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\symnonav\logs\date_tue_03_10_2026-time_1_59_34_66_nonav.log Generic Write,Read Attributes
c:\symnonav\logs\tmp.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\symnonav\logs\tmp.log Generic Write,Read Attributes
c:\symnonav\msiunst.bat Synchronize,Write Data
c:\symnonav\nolu.inf Synchronize,Write Data
c:\symnonav\nolu.reg Synchronize,Write Data
c:\symnonav\nonav.bat Synchronize,Write Data
c:\symnonav\nonav.inf Synchronize,Write Data
c:\symnonav\nonav.reg Synchronize,Write Data
c:\symnonav\nonav.txt Synchronize,Write Data
c:\symnonav\noquar.inf Synchronize,Write Data
c:\symnonav\noquar.reg Synchronize,Write Data
c:\symnonav\productcodes.txt Synchronize,Write Data
c:\symnonav\rtvstop.exe Synchronize,Write Data
c:\symnonav\scfuninst.bat Synchronize,Write Data
c:\symnonav\scskeys.reg Synchronize,Write Data
c:\symnonav\serviceshutdown.exe Synchronize,Write Data
c:\symnonav\serviceshutdown_in.txt Synchronize,Write Data
c:\symnonav\sevinst.exe Synchronize,Write Data
c:\symnonav\silentnonav.bat Synchronize,Write Data
c:\symnonav\sqlunst.bat Synchronize,Write Data
c:\symnonav\unengvar.bat Synchronize,Write Data
c:\symnonav\unengvar.txt Synchronize,Write Data
c:\symnonav\unregisterdlls.bat Synchronize,Write Data
c:\users\user\appdata\local\temp\~sfx69afdd75\autorun.iff Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\blankmsicleanup.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\cleaninstfolder.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\currsettings.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\enummsi.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugdir.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugdlgcontrol.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugenum.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugmsi.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugmsiconvert.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugpm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugreg.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugsleep.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugunen.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esuguneng.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\msiunst.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nolu.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nolu.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\noquar.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\noquar.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\productcodes.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\rtvstop.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\scfuninst.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\scskeys.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\serviceshutdown.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\serviceshutdown_in.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\sevinst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\silentnonav.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\sqlunst.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\unengvar.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\unengvar.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\unregisterdlls.bat Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㜆끬ǜ RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Shell Command Execution

NoNav.bat
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng1"
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng2"
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng3"
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng4"
Show More
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng5"
C:\SymNoNav\esugdlgcontrol.exe ESUGdlgcontrol -title "NoNav" -msg "NoNav will remove NAVCE and Symantec AV version 4

Trending

Most Viewed

Loading...