home

vlc_media_player.exe

Installer

One Floor App

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application vlc_media_player.exe, “Installer Setup ” by One Floor App has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. The installer is marketed through download protals and search ads as the VideoLAN VLC media player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
One Floor App  (signed and verified)

Product:
Installer

Description:
Installer Setup

Version:
12.5

MD5:
c84c9160b700306e778b5ed13c0189ed

SHA-1:
e774d6cce9e0e2fb3b6c57819190539592628e3a

SHA-256:
760fbda9478e5aab9f3f279e5d22cb912475686f8d708427bf50959b381287eb

Scanner detections:
24 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 6:31:47 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OneFloorApp
2014.12.18

Avira AntiVirus
ADWARE/Adware.Gen
7.11.164.150

AVG
Onefloorap
2017.0.2853

Baidu Antivirus
PUA.Win32.Widdit
4.0.3.16125

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-7758
0.98/21411

Comodo Security
ApplicUnwnt
19114

Dr.Web
Adware.Downware.3113
9.0.1.025

ESET NOD32
Win32/Toolbar.Widdit.A potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/Widdit
1/25/2016

G Data
Win32.Application.Firstfloor
16.1.24

IKARUS anti.virus
PUA.Toolbar.Widdit
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13286

Kaspersky
not-a-virus:WebToolbar.Win32.FirstFloor
14.0.0.760

Malwarebytes
PUP.Optional.SimplyInstaller.A
v2016.01.25.09

McAfee
PUP-FNE
5600.6509

NANO AntiVirus
Trojan.Win32.WebToolbar.dejknp
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Widdit.OneFloorApp.Bundler (M)
16.1.25.21

Sophos
SimplyInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9363

Total Defense
Win32/Tnega.FeYaGFB
37.1.62.1

Trend Micro House Call
Suspicious_GEN.F47V0805
7.2.25

VIPRE Antivirus
Threat.4150696
31208

File size:
900.5 KB (922,064 bytes)

Product version:
12.5

Copyright:
Copyright (c) 2012, www.simplytech.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlc_media_player.exe

Digital Signature
Signed by:
One Floor App

Authority:
COMODO CA Limited

Valid from:
4/6/2014 9:00:00 PM

Valid to:
4/6/2016 8:59:59 PM

Subject:
CN=One Floor App, O=One Floor App, STREET=2 Ben Gurion, L=Ramat Gan, S=Israel, PostalCode=52573, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A0F147ADC25ABB7A212B2A70DB63456F

File PE Metadata
Compilation timestamp:
10/13/2013 5:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:hxGaeDp3kdGp9kyPVzECqCYRK+ILTfBLXSYo:aak9P7+CK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file vlc_media_player.exe has been seen being distributed by the following URL.

http://www.simplyinstaller.com/.../downloadmanagerhtml.ashx?src=adorika_ads_1fa&appid=205405&dp=ADSYS-5ed048d2-0cfa-11e4-8e3b-caefb28c5b80&c=1&sc=1&db=true&uus=6B-F6-38-C3-E2-67-6E-26-86-6A-FA-6B-05-D4-D2-12

Remove vlc_media_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.