home

memusetup.b8a3dd7b-1a06-45fb-bb8c-d22eddd30d7d.exe

Memu

Brotsoft technology co., limited

The application memusetup.b8a3dd7b-1a06-45fb-bb8c-d22eddd30d7d.exe by Brotsoft technology co., limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.brotsoft.com and multiple other hosts.
Publisher:
Beijing Fantasy Game Network Technology Co., Ltd.  (signed by Brotsoft technology co., limited)

Product:
Memu

Description:
SimcakeDownload

Version:
2.6.33.0

MD5:
accf5d38bbc322ba69b87a41428327a7

SHA-1:
f53c5becfab943de61c93d9ad7933ff1fb5d82a6

SHA-256:
eb79925684fced5dbecf5211d7d8c40fc720df04b65db3c6d276e6bd654628df

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2025 8:46:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BeijingFantasyGame.Optional.Installer.Meta (L)
16.4.14.13

File size:
2.1 MB (2,152,376 bytes)

Product version:
2.6.33.0

Copyright:
Brotsoft technology co., limited.

Original file name:
SimcakeDownload.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\memusetup.b8a3dd7b-1a06-45fb-bb8c-d22eddd30d7d.exe

Digital Signature
Signed by:
Brotsoft technology co., limited

Authority:
thawte, Inc.

Valid from:
1/27/2016 10:00:00 PM

Valid to:
12/22/2016 9:59:59 PM

Subject:
CN="Brotsoft technology co., limited", OU=Software Department, O="Brotsoft technology co., limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
62657642BE93A5D3A61E53F9336E69B3

File PE Metadata
Compilation timestamp:
4/14/2016 4:37:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:sOYsP8eatdTSkfttrPm/hdYkNtGA//SO3hofr:sOg1rTprP2hdrNtGi/SO3s

Entry address:
0x8C7E9

Entry point:
E8, 71, 60, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 75, 13, E8, B2, 3D, 00, 00, 6A, 16, 5E, 89, 30, E8, 18, 6F, 00, 00, 8B, C6, EB, 24, 68, 80, 00, 00, 00, FF, 75, 10, FF, 75, 0C, E8, 17, 00, 00, 00, 83, C4, 0C, 89, 06, 85, C0, 74, 04, 33, C0, EB, 07, E8, 82, 3D, 00, 00, 8B, 00, 5E, 5D, C3, 6A, 0C, 68, A8, 35, 4F, 00, E8, AC, 67, 00, 00, 33, C9, 89, 4D, E4, 33, C0, 8B, 7D, 08, 85, FF, 0F, 95, C0, 85, C0, 75, 17, E8, 59, 3D, 00, 00, C7, 00, 16, 00, 00, 00, E8, BE, 6E, 00, 00, 33, C0...
 
[+]

Code size:
791 KB (809,984 bytes)

The file memusetup.b8a3dd7b-1a06-45fb-bb8c-d22eddd30d7d.exe has been seen being distributed by the following 50 URLs.

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=4e9322a7-9d71-4016-9497-e806b0dfe094

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=72b70386-da6e-424c-9472-ab2f2549e0f6

http://dl.brotsoft.com/.../MEmuSetup.4eaaac1e-e4d3-467e-9347-abb8d77c8607.exe

http://dl.brotsoft.com/.../MEmuSetup.e5e66065-7b8f-4308-b64a-6f9013562534.exe

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=db2ef474-ff72-48fc-8230-eb6eea265213

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=5021cd5a-b02a-434d-8320-7bba6a3edcc7

http://dl.brotsoft.com/.../MEmuSetup.6f9826f9-e8dc-4140-9f0d-4c2fe05def9a.exe

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=fff4a527-d51d-487a-8a8c-a2a704711c85

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=9d2b7b9e-3942-4f12-9341-2fe10a2da8c6

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=83d9777d-c265-4a09-9cd1-d77d77758024

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=0612fe37-d72b-41b8-9824-0bcc466707e7

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=d5d40ea4-b104-477a-a4d1-87f1c3372b5f

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=34b214b8-00d3-4196-a828-0e7f171a3307

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=7dac205c-a6bd-4ede-82f8-7dcc27833666

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=1c65227d-1261-4852-97f6-bae9101712d5

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=6366f053-260b-4ff5-acb7-1e1e584c9b96

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=d13c59b1-68f3-4973-ba6f-b29a8b0b0df9

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=2c061980-77ea-49c6-b27d-359f2980f2bd

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=d6a0d502-c863-46d0-8719-64357e02b420

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=4ef51e38-0892-4bf2-a415-57c96ae34a8c

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=375a820a-2e44-434c-9d66-12aab5be91fd

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=fa732614-bee1-494c-9cf7-d8b77a685579

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=52ddc340-5d61-4716-a896-fdfe6b19b08c

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=467a5996-61bc-4780-9487-e2c910fed498

https://launcher.mojang.com/.../Minecraft.exe

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=dc6312d8-7ece-4859-bce3-51d0d00fba42

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=bf7b1394-0d83-4aab-bed2-11d367c02554

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=f401c270-42b4-462a-a761-545689308c4d

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=91ef9b6a-29df-41f1-94ac-0bfc641d2c8f

http://dl.brotsoft.com/memuurl.php?cid=10002&imp_id=1e77c03c-2f77-41bb-95fd-c3686ec1093e

Latest 30 of 400 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to a72-246-97-9.deploy.akamaitechnologies.com  (72.246.97.9:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.