home

vlc_media_player.exe

Installer

Simply Tech Ltd

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by Simply Tech has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Simply Tech Ltd  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
9.0

MD5:
9a20b30e21e96aa4318ac47790e03f17

SHA-1:
70b22cb743cc7e9595d34cbfc3f8209999d9e376

SHA-256:
4c408b7de5ae5bb41b19db4acfef3d736f913fb4053781639e5258a15e341eec

Scanner detections:
19 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 11:14:41 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.163.240

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-6810
0.98/21411

Dr.Web
Adware.Downware.2109
9.0.1.019

ESET NOD32
Win32/Toolbar.Widdit (variant)
10.9650

F-Secure
Gen:Variant.Adware.Mplug.21
11.2016-19-01_3

G Data
Win32.Application.SimplyTech
16.1.24

IKARUS anti.virus
BehavesLike
t3scan.2.2.29

K7 AntiVirus
Adware
13.183.13305

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.794

Malwarebytes
PUP.Optional.SimplyTech
v2016.01.19.06

McAfee
Trojan.Artemis!909C53FE174D
5600.6516

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Widdit.SimplyTech.Bundler (M)
16.1.19.6

Sophos
SimplyInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9376

Total Defense
Win32/Tnega.FeYaGFB
37.1.62.1

VIPRE Antivirus
Threat.4729122
35418

File size:
943.8 KB (966,448 bytes)

Product version:
9.0

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc_media_player.exe

Digital Signature
Signed by:
Simply Tech Ltd

Authority:
COMODO CA Limited

Valid from:
4/4/2012 2:00:00 AM

Valid to:
4/5/2014 1:59:59 AM

Subject:
CN=Simply Tech Ltd, O=Simply Tech Ltd, STREET=10 Zarhin street, L=Raanana, S=Raanana, PostalCode=43662, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FC78D842B3886BB8D32517578F7489C

File PE Metadata
Compilation timestamp:
7/9/2012 3:41:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dMjhGbkzCTvDEiYGykfRPfhx/bnAOG9N4uTQ5J6m6H:UA1DEmykJnhxzXG9T4J6LH

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B8, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 56, EC, FF, FF, E8, FD, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, E8, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file vlc_media_player.exe has been seen being distributed by the following URL.

http://www.simplyinstaller.com/.../downloadmanager.ashx?src=matomy_1fa&appid=204024&programid=98601&clickid=20pIA31ECXKgqpKl1vEY3h1vvHww000.&pubid=176681&ce_cid=20pIA31ECXKgqpKl1vEY3h1vvHww000.&c=1&sc=1&db=true

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.