Neobar

Category: Adware and PUAs Protection available since:20 Jan 2016 14:45:00 (GMT)
Type: Unspecified PUA Last Updated:17 Mar 2017 06:35:41 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Neobar include:

Example 1

File Information

Size
113K
SHA-1
00aac17688a49044da96a8a190327c218f4d9988
MD5
d8cb498de28a3cc1a60f91ea22b795f7
CRC-32
63a11448
File type
Windows executable
First seen
2015-03-16

Example 2

File Information

Size
1.9M
SHA-1
00b605bba1c487066d3366b8ff4de483e96c76c6
MD5
c3d50937f093a35dcb9f647d20fe487b
CRC-32
34b3ee94
File type
Windows executable
First seen
2012-01-27

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\extensionInstallerHelperFolder_install_122954\test_item.exe
Dropped Files
  • C:\Program Files\VK Downloader\files\_locales\be\messages.json
  • C:\Program Files\VK Downloader\files\_locales\es_419\messages.json
  • C:\Program Files\VK Downloader\files\_locales\fi\messages.json
  • c:\Documents and Settings\test user\Local Settings\Temp\extensionInstallerHelperFolder_403814\InstallerSearchHelper.dll
  • C:\Program Files\VK Downloader\files\_locales\bn\messages.json
  • c:\Documents and Settings\test user\Local Settings\Temp\extensionInstallerHelperFolder_403814\Chromium.dll
    Size
    186K
    SHA-1
    da8988711c98492fcb7790b6f23c1274a0eeeb5e
    MD5
    6458570d341b9c28e95d9557e07537c0
    CRC-32
    1cca9494
    File type
    Windows executable
    First seen
    2016-09-03
  • C:\Program Files\VK Downloader\files\_locales\ca\messages.json
  • C:\Program Files\VK Downloader\files\_locales\cs\messages.json
  • C:\Program Files\VK Downloader\files\_locales\id\messages.json
  • C:\Program Files\VK Downloader\files\_locales\fa\messages.json
  • c:\Documents and Settings\test user\Local Settings\Temp\extensionInstallerHelperFolder_403814\KompexSQLiteWrapper.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\extensionInstallerHelperFolder_403814\InstallerHelper.dll
  • C:\Program Files\VK Downloader\files\_locales\de\messages.json
  • C:\Program Files\VK Downloader\files\_locales\hu\messages.json
  • c:\Documents and Settings\test user\Local Settings\Temp\nsf4.tmp\System.dll
  • C:\Program Files\VK Downloader\files\_locales\et\messages.json
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc7.tmp\nsProcess.dll
    Size
    12K
    SHA-1
    0bbbb49df440598edb51f4f1da282847d7627581
    MD5
    bcb46f23acb1e77f28600d79a6a32eb6
    CRC-32
    12a6a37b
    File type
    Windows executable
    First seen
    2015-02-18
  • C:\Program Files\VK Downloader\files\background.html
  • C:\Program Files\VK Downloader\files\_locales\pt_PT\messages.json
  • C:\Program Files\VK Downloader\files\_locales\ja\messages.json
  • C:\Program Files\VK Downloader\files\_locales\en\messages.json
  • C:\Program Files\VK Downloader\files\_locales\fr\messages.json
  • C:\Program Files\VK Downloader\files\_locales\en_GB\messages.json
  • C:\Program Files\VK Downloader\files\_locales\mr\messages.json
  • C:\Program Files\VK Downloader\files\files\main.css
  • C:\Program Files\VK Downloader\files\_locales\es\messages.json
  • C:\Program Files\VK Downloader\BackgroundSingleton.tlb
  • C:\Program Files\VK Downloader\files\_locales\ro\messages.json
  • C:\Program Files\VK Downloader\files\_locales\pl\messages.json
  • C:\Program Files\VK Downloader\files\files\background.js
  • C:\Program Files\VK Downloader\files\_locales\pt\messages.json
  • C:\Program Files\VK Downloader\files\_locales\kn\messages.json
  • C:\Program Files\VK Downloader\files\_locales\pt_BR\messages.json
  • C:\Program Files\VK Downloader\files\files\foreground.js
  • C:\Program Files\VK Downloader\files\files\com.ab.vksaver.custom\download.png
  • C:\Program Files\VK Downloader\files\BrowsersFix.js
  • C:\Program Files\VK Downloader\files\_locales\ko\messages.json
  • C:\Program Files\VK Downloader\files\_locales\lt\messages.json
  • C:\Program Files\VK Downloader\files\_locales\lv\messages.json
  • C:\Program Files\VK Downloader\files\files\proxy.js
  • C:\Program Files\VK Downloader\files\_locales\am\messages.json
  • C:\Program Files\VK Downloader\files\Kernel.js
  • C:\Program Files\VK Downloader\files\_locales\it\messages.json
  • C:\Program Files\VK Downloader\BackgroundSingleton.exe
    Size
    643K
    SHA-1
    de911c9ddc6b260acfe6dcd85706dd5315941898
    MD5
    c13f4d91087bb81ea1d8c9575f0442f8
    CRC-32
    ccb9c940
    File type
    Windows executable
    First seen
    2015-02-16
  • C:\Program Files\VK Downloader\files\_locales\hi\messages.json
  • C:\Program Files\VK Downloader\files\_locales\ml\messages.json
  • C:\Program Files\VK Downloader\files\_locales\mk\messages.json
  • C:\Program Files\VK Downloader\files\_locales\ar\messages.json
  • C:\Program Files\VK Downloader\files\_locales\el\messages.json
  • C:\Program Files\VK Downloader\files\_locales\da\messages.json
  • C:\Program Files\VK Downloader\files\_locales\hr\messages.json
  • C:\Program Files\VK Downloader\files\_locales\sk\messages.json
  • C:\Program Files\VK Downloader\files\_locales\gu\messages.json
  • C:\Program Files\VK Downloader\files\_locales\sl\messages.json
  • C:\Program Files\VK Downloader\files\_locales\nl\messages.json
  • C:\Program Files\VK Downloader\files\_locales\ms\messages.json
  • C:\Program Files\VK Downloader\files\_locales\no\messages.json
  • C:\Program Files\VK Downloader\files\_locales\sw\messages.json
  • C:\Program Files\VK Downloader\files\_locales\bg\messages.json
  • C:\Program Files\VK Downloader\files\_locales\en_US\messages.json
  • C:\Program Files\VK Downloader\files\_locales\sv\messages.json
  • C:\Program Files\VK Downloader\files\_locales\he\messages.json
  • C:\Program Files\VK Downloader\files\_locales\fil\messages.json
  • C:\Program Files\VK Downloader\files\_locales\te\messages.json
  • C:\Program Files\VK Downloader\files\_locales\tr\messages.json
  • C:\Program Files\VK Downloader\files\_locales\ta\messages.json
  • C:\Program Files\VK Downloader\Basement\ExtensionUpdaterService.exe
    Size
    135K
    SHA-1
    fea825213f54584d0b036b58ffc4184655739650
    MD5
    c9f64e6153ddc831ac32fe6cd2530891
    CRC-32
    ddb7dc4c
    File type
    Windows executable
    First seen
    2015-02-16
  • C:\Program Files\VK Downloader\files\_locales\ru\messages.json
  • C:\Program Files\VK Downloader\files\_locales\th\messages.json
  • C:\Program Files\VK Downloader\Loader.exe
    Size
    157K
    SHA-1
    197b4a783cec88737cb360f35f31b0cedca6809a
    MD5
    186cdda8d8b0e329a0960da2fe9b9a56
    CRC-32
    c02c8f41
    File type
    Windows executable
    First seen
    2015-02-16
  • C:\Program Files\VK Downloader\files\_locales\uk\messages.json
  • C:\Program Files\VK Downloader\files\_locales\vi\messages.json
  • C:\Program Files\VK Downloader\files\_locales\zh_CN\messages.json
  • C:\Program Files\VK Downloader\files\_locales\zh_TW\messages.json
  • C:\Program Files\VK Downloader\files\_locales\sr\messages.json
  • C:\Program Files\VK Downloader\info.json
  • C:\Program Files\VK Downloader\files\_locales\sq\messages.json
  • C:\Program Files\VK Downloader\install.inf
  • C:\Program Files\VK Downloader\install.bat
  • C:\Program Files\VK Downloader\install.html
  • C:\Program Files\VK Downloader\Toolbar64.dll
    Size
    331K
    SHA-1
    ef69996be91681b51e89a70c9db428e581677baf
    MD5
    760da42adaacd73ffbf5c590201d4c92
    CRC-32
    2bd19bf2
    File type
    Windows executable
    First seen
    2015-02-16
  • C:\Program Files\VK Downloader\Uninstaller.exe
    Size
    152K
    SHA-1
    1c8521d74e9aa48105996e46762916ab626f1046
    MD5
    37f647d4d5b481249ab1c664afda6ccd
    CRC-32
    2cb0c72d
    File type
    Windows executable
    First seen
    2015-02-16
  • C:\Program Files\VK Downloader\uninstall.exe
  • C:\Program Files\VK Downloader\Toolbar32.tlb
  • C:\Program Files\VK Downloader\Toolbar64.tlb
  • C:\WINDOWS\system32\GroupPolicy\Adm\chrome.adm
  • C:\Program Files\VK Downloader\update.xml
  • C:\Program Files\VK Downloader\Interfaces64.dll
    Size
    190K
    SHA-1
    52dde8b7ef99a80b3943767c2df93c07a2d86f96
    MD5
    e5f450f04df63234705f7dfbb680396d
    CRC-32
    58e80f8a
    File type
    Windows executable
    First seen
    2015-02-16
  • C:\Program Files\VK Downloader\Toolbar32.dll
  • C:\Program Files\VK Downloader\Interfaces32.dll
    Size
    156K
    SHA-1
    a781d22cc97752e8e49b36a49cf336bce610aee2
    MD5
    91482bcc1f90c48575dd7768b9be8b78
    CRC-32
    a6164a7f
    File type
    Windows executable
    First seen
    2015-02-16
Modified Files
  • %SYSTEM%\GroupPolicy\gpt.ini
    • Changed the file contents
  • %SYSTEM%\GroupPolicy\Machine\Registry.pol
    • Changed the file contents
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    BackgroundSingleton.exe
    0x0000270f
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}
    TopResultURLFallback
  • HKCR\Interface\{C1AE68D2-03A5-46EE-B766-961771B09CE4}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{01037FC2-4778-455C-A8F9-C1BAEBC46268}\1.0\0\win32
    (Default)
    C:\Program Files\VK Downloader\BackgroundSingleton.exe
  • HKCR\TypeLib\{77EC5F61-3E67-46B5-86D0-21A0B6286C66}\1.0\HELPDIR
    (Default)
    C:\Program Files\VK Downloader
  • HKCR\Interface\{C1AE68D2-03A5-46EE-B766-961771B09CE4}\ProxyStubClsid32
    (Default)
    {00020420-0000-0000-C000-000000000046}
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D64A468C-280F-4A9A-8BFF-E3C724F0C0F9}
    Policy
    0x00000003
  • HKLM\SOFTWARE\VK Downloader\Components
    Main
    1
  • HKLM\SYSTEM\CurrentControlSet\Services\Update Service for VK Downloader\Enum
    NextInstance
    0x00000001
  • HKCR\Interface\{B79EC7F1-700B-4159-AC2F-40B976B9F256}
    (Default)
    IBackgroundSingleton
  • HKCR\Interface\{905BD9A6-01E4-416D-B0DE-E20F0A096F60}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{905BD9A6-01E4-416D-B0DE-E20F0A096F60}\TypeLib
    Version
    1.0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VK Downloader
    NoRepair
    0x00000001
  • HKCR\Interface\{780F8653-BB91-4985-BF11-621F9EC3BFAF}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{C1AE68D2-03A5-46EE-B766-961771B09CE4}
    (Default)
    _IBackgroundSingletonEvents
  • HKCR\Interface\{C1AE68D2-03A5-46EE-B766-961771B09CE4}\ProxyStubClsid
    (Default)
    {00020420-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{01037FC2-4778-455C-A8F9-C1BAEBC46268}\1.0\FLAGS
    (Default)
  • HKCR\Interface\{B79EC7F1-700B-4159-AC2F-40B976B9F256}\TypeLib
    Version
    1.0
  • HKCR\CLSID\{D64A468C-280F-4A9A-8BFF-E3C724F0C0F9}
    (Default)
    BackgroundScriptEngine Class
  • HKCR\CLSID\{D64A468C-280F-4A9A-8BFF-E3C724F0C0F9}\Programmable
    (Default)
  • HKCR\TypeLib\{01037FC2-4778-455C-A8F9-C1BAEBC46268}\1.0
    (Default)
    BackgroundSingleton 1.0 Type Library
  • HKCR\CLSID\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}\Programmable
    (Default)
  • HKCR\Interface\{780F8653-BB91-4985-BF11-621F9EC3BFAF}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
    {3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}
  • HKCR\Interface\{B79EC7F1-700B-4159-AC2F-40B976B9F256}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{01037FC2-4778-455C-A8F9-C1BAEBC46268}\1.0\HELPDIR
    (Default)
    C:\Program Files\VK Downloader
  • HKLM\SYSTEM\CurrentControlSet\Services\Update Service for VK Downloader
    ObjectName
    LocalSystem
  • HKCR\Interface\{B79EC7F1-700B-4159-AC2F-40B976B9F256}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{905BD9A6-01E4-416D-B0DE-E20F0A096F60}
    (Default)
    IToolbarButton
  • HKCR\TypeLib\{77EC5F61-3E67-46B5-86D0-21A0B6286C66}\1.0\0\win32
    (Default)
    C:\Program Files\VK Downloader\Toolbar32.dll
  • HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D64A468C-280F-4A9A-8BFF-E3C724F0C0F9}
    Policy
    0x00000003
  • HKCR\CLSID\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}\InprocServer32
    ThreadingModel
    Apartment
  • HKCU\Software\VK Downloader\Components
    Main
    1
  • HKLM\SYSTEM\CurrentControlSet\Services\Update Service for VK Downloader\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKCR\Interface\{780F8653-BB91-4985-BF11-621F9EC3BFAF}\TypeLib
    Version
    1.0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}
    NoExplorer
    0x00000001
  • HKCR\TypeLib\{77EC5F61-3E67-46B5-86D0-21A0B6286C66}\1.0
    (Default)
    Toolbar 1.0 Type Library
  • HKCR\Interface\{905BD9A6-01E4-416D-B0DE-E20F0A096F60}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\VK Downloader
    Uninstalled
    1
  • HKCR\CLSID\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}
    TypeLib
    {1D5A4199-956E-49BC-B89F-6A35C57C0D13}
  • HKCR\CLSID\{D64A468C-280F-4A9A-8BFF-E3C724F0C0F9}\LocalServer32
    (Default)
    C:\Program Files\VK Downloader\BackgroundSingleton.exe
  • HKLM\SOFTWARE\VK Downloader
    Uninstalled
    1
  • HKCR\Interface\{780F8653-BB91-4985-BF11-621F9EC3BFAF}
    (Default)
    IToolbarHelperObject
  • HKCR\TypeLib\{77EC5F61-3E67-46B5-86D0-21A0B6286C66}\1.0\FLAGS
    (Default)
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
Processes Created
  • c:\program files\vk downloader\backgroundsingleton.exe
  • c:\program files\vk downloader\basement\extensionupdaterservice.exe
  • c:\program files\vk downloader\uninstaller.exe
  • c:\windows\system32\regsvr32.exe
DNS Requests
  • installsyst.com

Example 3

File Information

Size
152K
SHA-1
0ba2b26111c5bf7439dd9b0e22fb18eb23293b23
MD5
0bbe9ccef41251484e75f559009f1c73
CRC-32
a2a11273
File type
Windows executable
First seen
2015-03-16

download Try Sophos products for free
Download now