» instatime.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (40)

instatime.exe

InstaTime

The executable instatime.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘InstaTime’. This file is typically installed with the program InstaTime - Instagram for Desktop by InstaTime which is a potentially unwanted software program. While running, it connects to the Internet address edge-star-mini-shv-01-ams3.facebook.com on port 443.

File name:

instatime.exe

Publisher:

InstaTime (signed and verified)

MD5:

be148063fdf927b0b9b7b4552f4ba2bf

SHA-1:

9884077e981570673cb1056d8976c16bc519d722

SHA-256:

9f7633a3b3014a561e96c0b9143c9688e05dd1ef3c2678109e14866b2ce9596e

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/26/2024 7:22:37 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.9.2.17

File size:

47.2 MB (49,531,608 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\instatime\instatime.exe

Digital Signature

Signed by:

InstaTime

Authority:

InstaTime

Valid from:

6/1/2015 10:40:01 PM

Valid to:

5/29/2025 10:40:01 PM

Subject:

E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US

Issuer:

E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US

Serial number:

00E63C0FE02346D411

File PE Metadata

Compilation timestamp:

2/20/2016 3:43:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:euK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQvLlST:nwC64r1c6ZgnUSrLpbUAdBUQq6/BLrhi

Entry address:

0x1C9A031

Entry point:

E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

6.9381

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

InstaTime

Command:

C:\users\{user}\appdata\roaming\instatime\instatime.exe su

The file instatime.exe has been discovered within the following program.

InstaTime - Instagram for Desktop by InstaTime

whatsapptime.herokuapp.com

About 86% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to m-prd-umpxl-shared-mr1-blue-a.evip.aol.com (152.163.50.3:80)

TCP (HTTP SSL):

Connects to hotels.com.ssl.d2.sc.omtrdc.net (63.140.40.69:443)

TCP (HTTP):

Connects to prod-hzeu-exebid-lba-6.dca-ops.tech (136.243.131.59:80)

TCP (HTTP):

Connects to ns.dreamg8.com (76.73.236.26:80)

TCP (HTTP):

Connects to m-prd-umpxl-shared-mr1-blue-b.evip.aol.com (152.163.51.3:80)

TCP (HTTP):

Connects to m-prd-pxl-shared-mr1-blue-a.evip.aol.com (152.163.50.2:80)

TCP (HTTP SSL):

Connects to jn-in-f95.1e100.net (209.85.234.95:443)

TCP (HTTP SSL):

Connects to jl-in-f155.1e100.net (209.85.200.155:443)

TCP (HTTP SSL):

Connects to jl-in-f100.1e100.net (209.85.200.100:443)

TCP (HTTP SSL):

Connects to jg-in-f101.1e100.net (209.85.147.101:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-fra3.facebook.com (31.13.93.36:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-ams3.facebook.com (31.13.91.36:443)

TCP (HTTP):

Connects to ec2-54-85-80-169.compute-1.amazonaws.com (54.85.80.169:80)

TCP (HTTP SSL):

Connects to dynamic-75-76-44-146.knology.net (75.76.44.146:443)

TCP (HTTP SSL):

Connects to dynamic-75-76-44-145.knology.net (75.76.44.145:443)

TCP (HTTP):

Connects to ddi032.digitaldreamsinc.com (76.73.236.32:80)

TCP (HTTP):

Connects to ddi017.digitaldreamsinc.com (76.73.236.17:80)

TCP (HTTP):

Connects to ddi011.digitaldreamsinc.com (76.73.236.11:80)

TCP (HTTP SSL):

Connects to ad.amgdgt.com (207.171.14.243:443)

TCP (HTTP):

Connects to a95-101-129-98.deploy.akamaitechnologies.com (95.101.129.98:80)

Remove instatime.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.