home

vlc_media_player.exe

Installer

One Floor App

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by One Floor App has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
One Floor App  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
12.5

MD5:
add13d597f9405746036cd4ea37bc187

SHA-1:
d1a90157192a8cc5ecbcfb2fd979b6b240973c9c

SHA-256:
0054e5fdc83e0fd9d65b46ad9ecc65ae72ec2c9828c4bd3ca4b70ac8a98495af

Scanner detections:
24 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/23/2024 8:33:30 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OneFloorApp
2014.12.18

Avira AntiVirus
ADWARE/Adware.Gen
7.11.164.150

AVG
Onefloorap
2017.0.2851

Baidu Antivirus
PUA.Win32.Widdit
4.0.3.16127

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-7758
0.98/21411

Comodo Security
ApplicUnwnt
19114

Dr.Web
Adware.Downware.3113
9.0.1.027

ESET NOD32
Win32/Toolbar.Widdit.A potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/Widdit
1/27/2016

G Data
Win32.Application.Firstfloor
16.1.24

IKARUS anti.virus
PUA.Toolbar.Widdit
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13286

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.752

Malwarebytes
PUP.Optional.SimplyInstaller.A
v2016.01.27.04

McAfee
PUP-FNE
5600.6507

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Widdit.OneFloorApp.Bundler (M)
16.1.27.16

Sophos
SimplyInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9360

Total Defense
Win32/Tnega.FeYaGFB
37.1.62.1

Trend Micro House Call
Suspicious_GEN.F47V0805
7.2.27

VIPRE Antivirus
Threat.4150696
31208

File size:
900.5 KB (922,064 bytes)

Product version:
12.5

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Digital Signature
Signed by:
One Floor App

Authority:
COMODO CA Limited

Valid from:
4/6/2014 9:00:00 PM

Valid to:
4/6/2016 8:59:59 PM

Subject:
CN=One Floor App, O=One Floor App, STREET=2 Ben Gurion, L=Ramat Gan, S=Israel, PostalCode=52573, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A0F147ADC25ABB7A212B2A70DB63456F

File PE Metadata
Compilation timestamp:
10/13/2013 5:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:YxGaeDp3kdGp9kyPVzECqCYRK+ILTfBLXSYo:dak9P7+CK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file vlc_media_player.exe has been seen being distributed by the following URL.

http://www.simplyinstaller.com/.../downloadmanagerhtml.ashx?src=adorika_ads_1fa&appid=205405&dp=ADSYS-95e63922-24aa-11e4-bb26-ce0dd57a42b0&c=1&sc=1&db=true&uus=CB-77-A7-0D-65-62-D7-CC-55-A6-B0-90-62-D1-54-C0

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.