instatime.exe

InstaTime

The application instatime.exe by InstaTime has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘InstaTime’. This file is typically installed with the program InstaTime - Instagram for Desktop by InstaTime which is a potentially unwanted software program.
Publisher:
InstaTime  (signed and verified)

MD5:
caf5273216e950e6fa07f4330af17a06

SHA-1:
36782f10bfd485950c1b6d2759b01809b1b48ab3

SHA-256:
72e0eb7683d1c41e2ec6b86f4d4f9bc81a115d33cf96d66c052a3ca876ffa940

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 10:53:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstaTime (M)
16.10.16.22

File size:
45.7 MB (47,956,312 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\instatime\instatime.exe

Digital Signature
Signed by:

Authority:
InstaTime

Valid from:
6/1/2015 2:40:01 PM

Valid to:
5/29/2025 2:40:01 PM

Subject:
E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US

Issuer:
E=softninjas@gmail.com, CN=InstaTime, O=InstaTime, S=Some-State, C=US

Serial number:
00E63C0FE02346D411

File PE Metadata
Compilation timestamp:
3/4/2015 7:51:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:cLJmRGIXff9keaayimwJZHM3SD3K4mNCesWePrumsEUF0pfOUvB:ctmRGIXff923imwJZMCDVVesWewFJUp

Entry address:
0x1C996D1

Entry point:
E8, 9A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, 38, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, 38, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, 38, EC, 02, 02, 74, 21, 6A, 17, E8, A9, 21, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8827

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
InstaTime

Command:
C:\users\{user}\appdata\roaming\instatime\instatime.exe su


The file instatime.exe has been discovered within the following program.

whatsapptime.herokuapp.com
About 86% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to instagram-p3-shv-01-sof1.fbcdn.net  (157.240.9.52:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP):
Connects to server-54-230-226-140.gig50.r.cloudfront.net  (54.230.226.140:80)

TCP (HTTP SSL):
Connects to server-54-192-224-124.gig50.r.cloudfront.net  (54.192.224.124:443)

TCP (HTTP SSL):
Connects to instagram-p3-shv-01-gru2.fbcdn.net  (31.13.85.52:443)

TCP (HTTP):
Connects to hotelamur.ru  (62.109.15.15:80)

TCP (HTTP SSL):
Connects to ec2-52-1-41-195.compute-1.amazonaws.com  (52.1.41.195:443)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.bra.yahoo.com  (200.152.162.161:443)

TCP (HTTP SSL):
Connects to cache.google.com  (177.36.3.143:443)

TCP (HTTP):
Connects to a23-41-197-174.deploy.static.akamaitechnologies.com  (23.41.197.174:80)

TCP (HTTP):
Connects to 138-125-232-198.static.unitasglobal.net  (198.232.125.138:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sof1.fbcdn.net  (157.240.9.23:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sof1.facebook.com  (157.240.9.35:443)

TCP (HTTP SSL):
Connects to server-54-192-225-158.gig50.r.cloudfront.net  (54.192.225.158:443)

TCP (HTTP SSL):
Connects to ec2-52-4-78-167.compute-1.amazonaws.com  (52.4.78.167:443)

TCP (HTTP):
Connects to ec2-50-19-235-98.compute-1.amazonaws.com  (50.19.235.98:80)

TCP (HTTP SSL):
Connects to 190.0.196.104.bc.googleusercontent.com  (104.196.0.190:443)

TCP (HTTP SSL):
Connects to r2.ycpi.vip.ir2.yahoo.net  (217.12.13.41:443)

TCP (HTTP SSL):
Connects to ox-173-241-240-199.xa.dc.openx.org  (173.241.240.199:443)

Remove instatime.exe - Powered by Reason Core Security