home

vlc_media_player.exe

Installer

One Floor App LTD

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by One Floor App has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
One Floor App LTD  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
13.1

MD5:
d5c8707090a04579e3216cafaee0d75b

SHA-1:
b654e7a7b0ac3ad8c911794577af1cb215b554ca

SHA-256:
e1be366f0603167c5c09dd54ddbcfc183a9b18b957d96b84d26957c79695755f

Scanner detections:
19 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 5:18:40 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.169.150

AVG
Generic
2017.0.2850

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-7758
0.98/19360

Dr.Web
Adware.Downware.3113
9.0.1.029

ESET NOD32
Win32/Toolbar.Widdit.A potentially unwanted application
10.7.0.302.0

F-Secure
Trojan.Generic.11615756
11.2016-29-01_6

G Data
Win32.Application.Firstfloor
16.1.24

IKARUS anti.virus
PUA.Toolbar.Widdit
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13504

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.744

Malwarebytes
PUP.Optional.SimplyInstaller
v2016.01.29.02

McAfee
PUP-FNE
5600.6506

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61942

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Widdit.OneFloorApp.Bundler (M)
16.1.29.2

SUPERAntiSpyware
PUP.BProtector/Variant
9357

Total Defense
Win32/Tnega.FeYaGFB
37.1.62.1

VIPRE Antivirus
Threat.4150696
32938

File size:
900.3 KB (921,904 bytes)

Product version:
13.1

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc_media_player.exe

Digital Signature
Signed by:
One Floor App LTD

Authority:
VeriSign, Inc.

Valid from:
6/29/2014 2:00:00 AM

Valid to:
6/24/2016 1:59:59 AM

Subject:
CN=One Floor App LTD, O=One Floor App LTD, L=Bnei Brak, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
647DCD036A8DB2A49C8C7D9D34A859E4

File PE Metadata
Compilation timestamp:
10/13/2013 10:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:5xGa4DpzkdGp9JcK68JlCYRK+ILTfBLXSYo:Saq9GKC7+CK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file vlc_media_player.exe has been seen being distributed by the following URL.

http://www.simplyinstaller.com/.../downloadmanagerhtml.ashx?appId=334341&programid=116701&clickid=20yEaX4yOwJia9oj02Awpd1xLLOg000.&pubid=518041&ce_cid=20yEaX4yOwJia9oj02Awpd1xLLOg000.&c=1&sc=1&db=true&uus=FF-AA-56-4A-32-03-0A-9D-3E-1C-B2-6A-43-79-C7-AD&nf=0

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.