home

vlc_media_player.exe

Installer

One Floor App

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by One Floor App has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
One Floor App  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
12.5

MD5:
b20b8f62d4e1e698f54ad60a6042ffee

SHA-1:
27354c71083b97f55c66ec8d14f3bb562a85ff22

SHA-256:
2d3eb61814aa297bc69d6f3febe7517cc55546bac705705ae8e673ed07ecbff2

Scanner detections:
24 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 4:39:11 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OneFloorApp
2014.12.18

Avira AntiVirus
ADWARE/Adware.Gen
7.11.164.150

AVG
Onefloorap
2017.0.2853

Baidu Antivirus
PUA.Win32.Widdit
4.0.3.16126

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-7758
0.98/21411

Comodo Security
ApplicUnwnt
19114

Dr.Web
Adware.Downware.3113
9.0.1.026

ESET NOD32
Win32/Toolbar.Widdit.A potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/Widdit
1/26/2016

G Data
Win32.Application.Firstfloor
16.1.24

IKARUS anti.virus
PUA.Toolbar.Widdit
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13286

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.759

Malwarebytes
PUP.Optional.SimplyInstaller.A
v2016.01.26.04

McAfee
PUP-FNE
5600.6509

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Widdit.OneFloorApp.Bundler (M)
16.1.26.4

Sophos
SimplyInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9363

Total Defense
Win32/Tnega.FeYaGFB
37.1.62.1

Trend Micro House Call
Suspicious_GEN.F47V0805
7.2.26

VIPRE Antivirus
Threat.4150696
31208

File size:
900.5 KB (922,064 bytes)

Product version:
12.5

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc_media_player.exe

Digital Signature
Signed by:
One Floor App

Authority:
COMODO CA Limited

Valid from:
4/6/2014 9:00:00 PM

Valid to:
4/6/2016 8:59:59 PM

Subject:
CN=One Floor App, O=One Floor App, STREET=2 Ben Gurion, L=Ramat Gan, S=Israel, PostalCode=52573, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A0F147ADC25ABB7A212B2A70DB63456F

File PE Metadata
Compilation timestamp:
10/13/2013 5:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:JxGaeDp3kdGp9kyPVzECqCYRK+ILTfBLXSYo:Cak9P7+CK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file vlc_media_player.exe has been seen being distributed by the following URL.

http://www.simplyinstaller.com/.../downloadmanagerhtml.ashx?src=adorika_ads_1fa&appid=205405&dp=ADSYS-539b80eb-16ca-11e4-b469-d8a67d8e8e5b&c=1&sc=1&db=true&uus=33-B0-AF-59-82-85-A1-08-F2-0F-EF-E1-88-AD-5E-3A&nf=0

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.