Cotización de descuento para licencias múltiples

Cambia región

English Español Português
Base de Datos de Amenazas Software malicioso PCK.MEW

PCK.MEW

Por Sumo3000 en Software malicioso
Traducir a:

Cuadro de Mando de Amenazas

Popularity Rank: 15,053
Nivel de amenaza: 100 % (Elevado)
Computadoras infectadas: 789
Visto por primera vez: July 24, 2009
Ultima vez visto: March 14, 2026
SO(s) afectados: Windows


El PCK.MEW es un software maligno que puede descargar software nocivo adicional en el ordenador infectado sin notificar al usuario. Una vez que esto sucede, archivos nocivos se cargan en la memoria al arrancar Windows, haciéndolo difícil de detectar y de eliminar manualmente ....

Alias

11 proveedores de seguridad marcaron este archivo como malicioso.

Antivirus Vendor Detección
Prevx1 Heuristic: Suspicious File With Code Injection Tec
Ikarus Backdoor.Win32.G_Door.22
Sunbelt VIPRE.Suspicious
Sophos Mal/EncPk-BA
Prevx1 SystemPoser:Trojan-All Variants
Panda Suspicious file
Ikarus IM-Worm.Win32.Sumom.C
F-Secure Suspicious:W32/Malware!Gemini
eSafe suspicious Trojan/Worm
ClamAV PUA.Packed.MEW-1
CAT-QuickHeal W32.Brontok.Q

Reporte de análisis

Información general

Family Name: Malware.MEW.Gen
Signature status: No Signature

Known Samples

MD5: 7fcb04ee4ebc147dbccc900edbe6ffc8
SHA1: 53c0c8c74f3e01e93d6d545ab81fe405473440ea
SHA256: C4FCD493DD2EC807DA296CFECFA0C4AED9D62266841D030671E13407E1B30FF3
Tamaño del archivo: 1.61 MB, 1610779 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nombre Valor
Company Name Symantec Corporation
File Description Self-Extracting Custom Command Launcher
File Version 1.2.3.924 RELEASE
Internal Name W32SFX
Legal Copyright Copyright 2002-2003 by Symantec Corporation
Original Filename W32SFX.exe
Product Name Symantec Shared Library
Product Version 1.2.3

File Traits

  • HighEntropy
  • No Version Info
  • x86

Files Modified

File Attributes
c:\symnonav\blankmsicleanup.bat Synchronize,Write Data
c:\symnonav\cleaninstfolder.bat Synchronize,Write Data
c:\symnonav\currdir.txt Generic Write,Read Attributes
c:\symnonav\currsettings.txt Synchronize,Write Data
c:\symnonav\enummsi.bat Synchronize,Write Data
c:\symnonav\esugdir.exe Synchronize,Write Data
c:\symnonav\esugdlgcontrol.exe Synchronize,Write Data
c:\symnonav\esugenum.exe Synchronize,Write Data
c:\symnonav\esugmsi.exe Synchronize,Write Data
c:\symnonav\esugmsiconvert.exe Synchronize,Write Data
Show More
c:\symnonav\esugpm.exe Synchronize,Write Data
c:\symnonav\esugreg.exe Synchronize,Write Data
c:\symnonav\esugsleep.exe Synchronize,Write Data
c:\symnonav\esugunen.exe Synchronize,Write Data
c:\symnonav\esuguneng.exe Synchronize,Write Data
c:\symnonav\logs\date_tue_03_10_2026-time_1_59_34_66_nonav.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\symnonav\logs\date_tue_03_10_2026-time_1_59_34_66_nonav.log Generic Write,Read Attributes
c:\symnonav\logs\tmp.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\symnonav\logs\tmp.log Generic Write,Read Attributes
c:\symnonav\msiunst.bat Synchronize,Write Data
c:\symnonav\nolu.inf Synchronize,Write Data
c:\symnonav\nolu.reg Synchronize,Write Data
c:\symnonav\nonav.bat Synchronize,Write Data
c:\symnonav\nonav.inf Synchronize,Write Data
c:\symnonav\nonav.reg Synchronize,Write Data
c:\symnonav\nonav.txt Synchronize,Write Data
c:\symnonav\noquar.inf Synchronize,Write Data
c:\symnonav\noquar.reg Synchronize,Write Data
c:\symnonav\productcodes.txt Synchronize,Write Data
c:\symnonav\rtvstop.exe Synchronize,Write Data
c:\symnonav\scfuninst.bat Synchronize,Write Data
c:\symnonav\scskeys.reg Synchronize,Write Data
c:\symnonav\serviceshutdown.exe Synchronize,Write Data
c:\symnonav\serviceshutdown_in.txt Synchronize,Write Data
c:\symnonav\sevinst.exe Synchronize,Write Data
c:\symnonav\silentnonav.bat Synchronize,Write Data
c:\symnonav\sqlunst.bat Synchronize,Write Data
c:\symnonav\unengvar.bat Synchronize,Write Data
c:\symnonav\unengvar.txt Synchronize,Write Data
c:\symnonav\unregisterdlls.bat Synchronize,Write Data
c:\users\user\appdata\local\temp\~sfx69afdd75\autorun.iff Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\blankmsicleanup.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\cleaninstfolder.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\currsettings.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\enummsi.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugdir.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugdlgcontrol.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugenum.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugmsi.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugmsiconvert.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugpm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugreg.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugsleep.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esugunen.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\esuguneng.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\msiunst.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nolu.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nolu.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\nonav.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\noquar.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\noquar.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\productcodes.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\rtvstop.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\scfuninst.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\scskeys.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\serviceshutdown.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\serviceshutdown_in.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\sevinst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\silentnonav.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\sqlunst.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\unengvar.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\unengvar.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~sfx69afdd75\unregisterdlls.bat Generic Write,Read Attributes

Registry Modifications

Key::Value Datos API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㜆끬ǜ RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Shell Command Execution

NoNav.bat
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng1"
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng2"
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng3"
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng4"
Show More
C:\SymNoNav\esugunen.exe ESUGUnEn /LF".\logs\tmp.log" /DELVAL"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce" "ESUGUnEng5"
C:\SymNoNav\esugdlgcontrol.exe ESUGdlgcontrol -title "NoNav" -msg "NoNav will remove NAVCE and Symantec AV version 4

Tendencias

Correos electrónicos maliciosos sobre mejoras de...

Correo basura, Software malicioso
Mantenerse alerta al gestionar correos electrónicos inesperados es crucial en el panorama actual de amenazas. Los ciberdelincuentes suelen camuflar mensajes maliciosos como correo legítimo para manipular a los destinatarios y lograr que realicen acciones perjudiciales. Los correos electrónicos de "Mejora de habitación de hotel" son un claro ejemplo de esta táctica. Estos mensajes no están...

Estafa por correo electrónico de actualización del...

Suplantación de identidad (phishing), Correo basura
Mantenerse cauteloso al recibir correos electrónicos inesperados es fundamental en el panorama actual de amenazas, especialmente cuando se trata de activos digitales. Los ciberdelincuentes suelen suplantar marcas de confianza para crear una falsa sensación de urgencia y legitimidad. Los correos electrónicos "Actualice su Firmware de Ledger" forman parte de este tipo de esquema y no están...

Mas Visto

Cargando...