» instatime.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (55)

instatime.exe

InstaTime

The application instatime.exe by InstaTime has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘InstaTime’. This file is typically installed with the program InstaTime - Instagram for Desktop by InstaTime which is a potentially unwanted software program. While running, it connects to the Internet address 221.17.211.130.bc.googleusercontent.com on port 80 using the HTTP protocol.

File name:

instatime.exe

Publisher:

InstaTime (signed and verified)

MD5:

c16145196bada39b62e739d4089868b4

SHA-1:

be8b2634634c57aca81f589a305f61a106c7e68e

SHA-256:

33649e4027139f9fffee7f6a0691724c18195a9359a6813a3e1051f36052f409

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 6:23:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstaTim (M)

16.6.3.23

File size:

45.8 MB (48,034,376 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\instatime\instatime.exe

Digital Signature

Signed by:

InstaTime

Authority:

InstaTime

Valid from:

6/2/2015 2:10:01 AM

Valid to:

5/30/2025 2:10:01 AM

Subject:

E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US

Issuer:

E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US

Serial number:

00E63C0FE02346D411

File PE Metadata

Compilation timestamp:

3/5/2015 7:21:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:nLJmRGIXff9keaayimwJZHM3SD3K4mNCesWePrumsEUF0pfOUEYC:ntmRGIXff923imwJZMCDVVesWewFJUE9

Entry address:

0x1C996D1

Entry point:

E8, 9A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, 38, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, 38, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, 38, EC, 02, 02, 74, 21, 6A, 17, E8, A9, 21, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

6.8854

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

InstaTime

Command:

C:\users\{user}\appdata\roaming\instatime\instatime.exe su

The file instatime.exe has been discovered within the following program.

InstaTime - Instagram for Desktop by InstaTime

whatsapptime.herokuapp.com

About 86% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 221.17.211.130.bc.googleusercontent.com (130.211.17.221:80)

TCP (HTTP SSL):

Connects to a84-53-142-99.deploy.akamaitechnologies.com (84.53.142.99:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-ort2.fbcdn.net (157.240.2.25:443)

TCP (HTTP SSL):

Connects to ec2-52-86-22-133.compute-1.amazonaws.com (52.86.22.133:443)

TCP (HTTP SSL):

Connects to a92-123-194-147.deploy.akamaitechnologies.com (92.123.194.147:443)

TCP (HTTP SSL):

Connects to a92-123-194-140.deploy.akamaitechnologies.com (92.123.194.140:443)

TCP (HTTP SSL):

Connects to a92-123-194-108.deploy.akamaitechnologies.com (92.123.194.108:443)

TCP (HTTP SSL):

Connects to a92-122-213-249.deploy.akamaitechnologies.com (92.122.213.249:443)

TCP (HTTP SSL):

Connects to a92-122-213-211.deploy.akamaitechnologies.com (92.122.213.211:443)

TCP (HTTP SSL):

Connects to a88-221-14-243.deploy.akamaitechnologies.com (88.221.14.243:443)

TCP (HTTP SSL):

Connects to a184-51-148-26.deploy.static.akamaitechnologies.com (184.51.148.26:443)

TCP (HTTP SSL):

Connects to a104-109-129-85.deploy.static.akamaitechnologies.com (104.109.129.85:443)

TCP (HTTP SSL):

Connects to a104-108-43-126.deploy.static.akamaitechnologies.com (104.108.43.126:443)

TCP (HTTP):

Connects to ec2-34-193-29-123.compute-1.amazonaws.com (34.193.29.123:80)

TCP (HTTP SSL):

Connects to ec2-52-35-108-147.us-west-2.compute.amazonaws.com (52.35.108.147:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-frt3.fbcdn.net (31.13.92.14:443)

TCP (HTTP SSL):

Connects to net64-20-243-239.static-customer.corenap.com (64.20.243.239:443)

TCP (HTTP):

Connects to ip-45-40-155-175.ip.secureserver.net (45.40.155.175:80)

TCP (HTTP):

Connects to ec2-54-172-76-86.compute-1.amazonaws.com (54.172.76.86:80)

TCP (HTTP SSL):

Connects to ec2-52-48-217-100.eu-west-1.compute.amazonaws.com (52.48.217.100:443)

Remove instatime.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.