» minisetup.exe
Overview
Analysis
File Details
Network (16)

minisetup.exe

MEmu

Brotsoft technology co., limited

The application minisetup.exe by Brotsoft technology co., limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. While running, it connects to the Internet address c911a5b7.virtua.com.br on port 80 using the HTTP protocol.

File name:

minisetup.exe

Publisher:

Brotsoft technology co., limited (signed and verified)

Product:

MEmu

Description:

MEmu MiniSetup

Version:

1.0.0.0

MD5:

635c62d00c75ea4704566e8a029a0465

SHA-1:

9c5b08ecc3c1490ae1f38b3cf43ca5dc30cc2a2b

SHA-256:

ebbb06cd858036b9d10683c3c07144b1027ebb2adfa5693d50844c7dda42cda2

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 8:38:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BeijingFantasyGame.Optional (L)

16.10.20.10

File size:

5.5 MB (5,817,224 bytes)

Product version:

1.0.0.0

Original file name:

minisetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\memu\bin\minisetup.exe

Digital Signature

Signed by:

Brotsoft technology co., limited

Authority:

thawte, Inc.

Valid from:

1/27/2016 9:00:00 PM

Valid to:

12/22/2016 8:59:59 PM

Subject:

CN="Brotsoft technology co., limited", OU=Software Department, O="Brotsoft technology co., limited", L=Hongkong, S=Hongkong, C=HK

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

62657642BE93A5D3A61E53F9336E69B3

File PE Metadata

Compilation timestamp:

10/20/2016 12:50:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:VHidZa33Cf+BpVWMwBW+dGi6edYKden5k1kSGIVaAAKtx+IcLSEkUTX01QgswQH:cdZa33CSBwBnGtedFdeIWA/HI2Sw8

Entry address:

0xB1AB60

Entry point:

60, BE, 00, C0, 9B, 00, 8D, BE, 00, 50, A4, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

5.4 MB (5,632,000 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-67-94-16.sa-east-1.compute.amazonaws.com (52.67.94.16:80)

TCP (HTTP):

Connects to 200-157-208-235.ded.intelignet.com.br (200.157.208.235:80)

TCP (HTTP):

Connects to a96-6-123-8.deploy.akamaitechnologies.com (96.6.123.8:80)

TCP (HTTP):

Connects to a96-6-123-24.deploy.akamaitechnologies.com (96.6.123.24:80)

TCP (HTTP):

Connects to 200-157-208-202.ded.intelignet.com.br (200.157.208.202:80)

TCP (HTTP):

Connects to a72-246-97-9.deploy.akamaitechnologies.com (72.246.97.9:80)

TCP (HTTP):

Connects to cache.google.com (189.90.45.234:80)

TCP (HTTP):

Connects to c911a5b7.virtua.com.br (201.17.165.183:80)

TCP (HTTP):

Connects to b123cb2a.virtua.com.br (177.35.203.42:80)

TCP (HTTP):

Connects to a201-016-134-136.deploy.akamaitechnologies.com (201.16.134.136:80)

TCP (HTTP):

Connects to 186.216.160.251.user.vctelecom.com.br (186.216.160.251:80)

Remove minisetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.