home

vlc_media_player.exe

Installer

One Floor App

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by One Floor App has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
One Floor App  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
12.0

MD5:
775237408bc3e5836b816338d7523b58

SHA-1:
53eaa398f5ee89957219b1bb00183a7d714d8261

SHA-256:
f5986a663eb043bebdd6bb5c75ca4f21c970323ca8399339ee2fef0ce5c8e232

Scanner detections:
20 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 7:16:10 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.165.132

AVG
Onefloorap
2015.0.3312

Baidu Antivirus
PUA.Win32.Widdit
4.0.3.141024

Clam AntiVirus
Win.Adware.Agent-7758
0.98/19362

Dr.Web
Adware.Downware.3113
9.0.1.05190

ESET NOD32
Win32/Toolbar.Widdit.A potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Widdit
10/24/2014

G Data
Win32.Application.Firstfloor
14.10.24

IKARUS anti.virus
PUA.Toolbar.Widdit
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13286

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
15.0.0.494

Malwarebytes
PUP.Optional.SimplyInstaller.A
v2014.10.24.02

McAfee
PUP-FNE
5600.6968

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.OneFloorApp.Q
14.10.24.2

Sophos
Generic PUA FL
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10281

Trend Micro House Call
Suspicious_GEN.F47V0805
7.2.297

VIPRE Antivirus
Trojan.Win32.Generic
31974

File size:
898.5 KB (920,072 bytes)

Product version:
12.0

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\vlc_media_player.exe

Digital Signature
Signed by:
One Floor App

Authority:
COMODO CA Limited

Valid from:
4/7/2014 5:30:00 AM

Valid to:
4/7/2016 5:29:59 AM

Subject:
CN=One Floor App, O=One Floor App, STREET=2 Ben Gurion, L=Ramat Gan, S=Israel, PostalCode=52573, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A0F147ADC25ABB7A212B2A70DB63456F

File PE Metadata
Compilation timestamp:
10/13/2013 1:49:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:axGaCDpMkdGp9qFoCazZj+AFjyCYRK+ILTfBLXSYo:fa99qOZj57+CK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.8677

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.