home

memusetup.174040881675..exe

Memu

Brotsoft technology co., limited

The application memusetup.174040881675..exe by Brotsoft technology co., limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.brotsoft.com and multiple other hosts.
Publisher:
Beijing Fantasy Game Network Technology Co., Ltd.  (signed by Brotsoft technology co., limited)

Product:
Memu

Description:
SimcakeDownload

Version:
2.6.33.0

MD5:
23b313152c86990a36e8a0605af391c1

SHA-1:
75c6a29ac720ba201155ae32dd4faa9f0ac15243

SHA-256:
07d1395b1dff1f058fc47d3391935cf152a6060f1185623406515a823482c63b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2025 12:01:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BeijingFantasyGame.Optional.Installer.Meta (L)
16.4.20.13

File size:
2.1 MB (2,152,376 bytes)

Product version:
2.6.33.0

Copyright:
Brotsoft technology co., limited.

Original file name:
SimcakeDownload.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\memusetup.174040881675..exe

Digital Signature
Signed by:
Brotsoft technology co., limited

Authority:
thawte, Inc.

Valid from:
1/27/2016 10:00:00 PM

Valid to:
12/22/2016 9:59:59 PM

Subject:
CN="Brotsoft technology co., limited", OU=Software Department, O="Brotsoft technology co., limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
62657642BE93A5D3A61E53F9336E69B3

File PE Metadata
Compilation timestamp:
4/14/2016 4:37:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:GOYsP8eatdTSkftLrPm/hdYkNtGA//SO3gofM:GOg1rTvrP2hdrNtGi/SO3I

Entry address:
0x8C7E9

Entry point:
E8, 71, 60, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 75, 13, E8, B2, 3D, 00, 00, 6A, 16, 5E, 89, 30, E8, 18, 6F, 00, 00, 8B, C6, EB, 24, 68, 80, 00, 00, 00, FF, 75, 10, FF, 75, 0C, E8, 17, 00, 00, 00, 83, C4, 0C, 89, 06, 85, C0, 74, 04, 33, C0, EB, 07, E8, 82, 3D, 00, 00, 8B, 00, 5E, 5D, C3, 6A, 0C, 68, A8, 35, 4F, 00, E8, AC, 67, 00, 00, 33, C9, 89, 4D, E4, 33, C0, 8B, 7D, 08, 85, FF, 0F, 95, C0, 85, C0, 75, 17, E8, 59, 3D, 00, 00, C7, 00, 16, 00, 00, 00, E8, BE, 6E, 00, 00, 33, C0...
 
[+]

Code size:
791 KB (809,984 bytes)

The file memusetup.174040881675..exe has been seen being distributed by the following 50 URLs.

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=176021174437

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=174333829738

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=174952882578

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=172859353534

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=187412399053

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=172195335131

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=176658990597

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=190436513742

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=170823022184

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=185341587753

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=172584375911

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=172176952051

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=189346149482

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=174115646575

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=172192607671

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=174485542104

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=185761496952

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=175649271596

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=172810875804

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=171112859784

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=187576639012

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=176875222157

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=177309643155

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=176425369598

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=169536055811

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=175640866014

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=176891469038

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=177161680535

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=174280410011

http://dl.brotsoft.com/memuurl.php?cid=10001&visitor_id=187735724673

Latest 30 of 93 download URLs

Remove memusetup.174040881675..exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.