home

stinst.exe

One Floor App LTD

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application stinst.exe by One Floor App has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. This file is typically installed with the program HomeTab 7.8 by One Floor App. While running, it connects to the Internet address host-213.158.188.58.tedata.net on port 443.
Publisher:
One Floor App LTD  (signed and verified)

Version:
1.0.0.0

MD5:
e58398120d42d5164a202c8c7cc228ac

SHA-1:
4367674a554d89ae56a8a0a55c0fe804c2ddd8f8

SHA-256:
6024faf607183413f3f1a5dd3aea4e308e9781931d0ce4c51218e17461441de3

Scanner detections:
4 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/16/2024 4:58:10 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3293

Malwarebytes
Trojan.MSIL
v2014.11.12.10

Reason Heuristics
PUP.OneFloorApp.G
14.11.12.10

VIPRE Antivirus
SimplyTech
34712

File size:
123.8 KB (126,768 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2012

Original file name:
STInst32.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Widdit Setup

Language:
Language Neutral

Common path:
C:\Program Files\zootoolbar\stinst.exe

Digital Signature
Signed by:
One Floor App LTD

Authority:
VeriSign, Inc.

Valid from:
6/29/2014 2:00:00 AM

Valid to:
6/24/2016 1:59:59 AM

Subject:
CN=One Floor App LTD, O=One Floor App LTD, L=Bnei Brak, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
647DCD036A8DB2A49C8C7D9D34A859E4

File PE Metadata
Compilation timestamp:
10/28/2014 11:43:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:XJJz0J3VcsCvEQHaV5jDy/KIxCIx0bxUwX9GZEYGNgRBY:Xnz0J3r7OaV5Py/v30lPXuu

Entry address:
0x1EF5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2144

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
116 KB (118,784 bytes)

The file stinst.exe has been discovered within the following program.

HomeTab 7.8  by One Floor App
About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to a23-43-75-27.deploy.static.akamaitechnologies.com  (23.43.75.27:80)

TCP (HTTP):
Connects to a23-37-43-27.deploy.static.akamaitechnologies.com  (23.37.43.27:80)

TCP (HTTP):
Connects to a23-59-139-27.deploy.static.akamaitechnologies.com  (23.59.139.27:80)

TCP (HTTP):
Connects to a23-44-251-27.deploy.static.akamaitechnologies.com  (23.44.251.27:80)

TCP (HTTP SSL):
Connects to host-213.158.188.58.tedata.net  (213.158.188.58:443)

TCP (HTTP):
Connects to a23-51-123-27.deploy.static.akamaitechnologies.com  (23.51.123.27:80)

TCP (HTTP):
Connects to a23-15-149-163.deploy.static.akamaitechnologies.com  (23.15.149.163:80)

Remove stinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.