1player.exe

Installer

Simply Tech Ltd

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application 1player.exe, “Installer Setup ” by Simply Tech has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. The file has been seen being downloaded from bigdownload.simplyinstaller.com.
Publisher:
Simply Tech Ltd  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
11.8

MD5:
eabb18d933ff39b4e1edec8e2730d57b

SHA-1:
cdf36df075ca94a18311a662949e5a05e04a0299

SHA-256:
7d85cd525c1d77674b8a1fa1fb889822ca408fb3ce3c87ffee9a994205d2016b

Scanner detections:
16 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/14/2017 12:12:18 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.163.240

Clam AntiVirus
Win.Adware.Agent-6810
0.98/21411

Dr.Web
Adware.Downware.2109
9.0.1.046

ESET NOD32
Win32/Toolbar.Widdit (variant)
10.9650

G Data
Win32.Application.SimplyTech
16.2.24

IKARUS anti.virus
BehavesLike
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.183.13432

K7 Gateway Antivirus
Adware
13.183.13230

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.655

Malwarebytes
PUP.Optional.SimplyTech
v2016.02.15.09

McAfee
Artemis!A555B070D6AA
5600.6488

McAfee Web Gateway
Artemis
7.6488

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61942

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Widdit.SimplyTech.Bundler (M)
16.2.15.21

Sophos
SimplyInstaller
4.98

File size:
898.6 KB (920,176 bytes)

Product version:
11.8

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Common path:
C:\users\{user}\downloads\1player.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/4/2012 1:00:00 AM

Valid to:
4/5/2014 12:59:59 AM

Subject:
CN=Simply Tech Ltd, O=Simply Tech Ltd, STREET=10 Zarhin street, L=Raanana, S=Raanana, PostalCode=43662, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FC78D842B3886BB8D32517578F7489C

File PE Metadata
Compilation timestamp:
10/13/2013 9:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:txGaFDpekdGp9Z1SlfscwzX0eCYRK+ILTfBLXSYoF:mau9nSSVkJ7+CKF

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file 1player.exe has been seen being distributed by the following URL.

Remove 1player.exe - Powered by Reason Core Security