home

vlc_media_player.exe

Installer

One Floor App LTD

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by One Floor App has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. With this installer, users are expecting to download the VideoLAN VLC media player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
One Floor App LTD  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
13.1

MD5:
89b96b11e91daf703f99fa26112af27c

SHA-1:
dd9f97e9fe64bba31fef8ffee727e9f757c44d5a

SHA-256:
971dd718e1f84bd9501a7c6fdc20def9481f2b57c0b3e81f69e35ca7c6f60219

Scanner detections:
20 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 10:21:00 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.169.150

AVG
Generic
2016.0.3001

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-7758
0.98/19360

Dr.Web
Adware.Downware.3113
9.0.1.0242

ESET NOD32
Win32/Toolbar.Widdit.A potentially unwanted application
9.7.0.302.0

F-Secure
Trojan.Generic.11615756
11.2015-30-08_1

G Data
Win32.Application.Firstfloor
15.8.24

herdProtect (fuzzy)
variant of 1player.exe (Adware)
2015.10.27.1

IKARUS anti.virus
PUA.Toolbar.Widdit
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13504

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.1501

Malwarebytes
PUP.Optional.SimplyInstaller
v2015.08.30.08

McAfee
PUP-FNE
5600.6657

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Widdit.OneFloorApp.Bundler (M)
15.8.30.20

SUPERAntiSpyware
PUP.BProtector/Variant
9659

Total Defense
Win32/Tnega.FeYaGFB
37.1.62.1

VIPRE Antivirus
Threat.4150696
32210

File size:
900.3 KB (921,904 bytes)

Product version:
13.1

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc_media_player.exe

Digital Signature
Signed by:
One Floor App LTD

Authority:
VeriSign, Inc.

Valid from:
6/28/2014 9:00:00 PM

Valid to:
6/23/2016 8:59:59 PM

Subject:
CN=One Floor App LTD, O=One Floor App LTD, L=Bnei Brak, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
647DCD036A8DB2A49C8C7D9D34A859E4

File PE Metadata
Compilation timestamp:
10/13/2013 5:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:PxGa4DpzkdGp9JcK68JlCYRK+ILTfBLXSYo:4aq9GKC7+CK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.