home

vlc_media_player.exe

Installer

One Floor App

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by One Floor App has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
One Floor App  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
12.0

MD5:
fc0620039f4b13487654373f377144b3

SHA-1:
8ee3a6fa1784079f4c877d02f6dea359be1d9e38

SHA-256:
790baa7d2d8d5892087894295be0ed3c597efaa8ee089d8adf82b837430d2073

Scanner detections:
20 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 1:46:48 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.165.132

AVG
Onefloorap
2015.0.3304

Baidu Antivirus
PUA.Win32.Widdit
4.0.3.141031

Clam AntiVirus
Win.Adware.Agent-7758
0.98/19362

Dr.Web
Adware.Downware.3113
9.0.1.0304

ESET NOD32
Win32/Toolbar.Widdit.A potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
Riskware/Widdit
10/31/2014

G Data
Win32.Application.Firstfloor
14.10.24

IKARUS anti.virus
PUA.Toolbar.Widdit
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13286

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.3016

Malwarebytes
PUP.Optional.SimplyInstaller.A
v2014.10.31.07

McAfee
PUP-FNE
5600.6960

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.OneFloorApp.Q
14.10.31.19

Sophos
Generic PUA FL
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10265

Trend Micro House Call
Suspicious_GEN.F47V0805
7.2.304

VIPRE Antivirus
Trojan.Win32.Generic
31974

File size:
898.5 KB (920,072 bytes)

Product version:
12.0

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc_media_player.exe

Digital Signature
Signed by:
One Floor App

Authority:
COMODO CA Limited

Valid from:
4/7/2014 2:00:00 AM

Valid to:
4/7/2016 1:59:59 AM

Subject:
CN=One Floor App, O=One Floor App, STREET=2 Ben Gurion, L=Ramat Gan, S=Israel, PostalCode=52573, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A0F147ADC25ABB7A212B2A70DB63456F

File PE Metadata
Compilation timestamp:
10/13/2013 10:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:rxGaCDpMkdGp9qFoCazZj+AFjyCYRK+ILTfBLXSYo:Ea99qOZj57+CK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.