Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.TimeSink.D

Adware.TimeSink.D

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 25,694
Threat Level: 20 % (Normal)
Infected Computers: 1
First Seen: September 10, 2024
Last Seen: November 5, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.TimeSink.D
Signature status: No Signature

Known Samples

MD5: cb278de70e173dc86ca0ef9fd27dfac7
SHA1: 1f6c8b281d4d6aabdb0146be7b20f76f6e58069e
SHA256: C5E2F37AF3D986C810ED0DB16A7940FBA8E62D9E949813265AA607B1FD18A07A
File Size: 994.77 KB, 994769 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • big overlay
  • No Version Info
  • x86

Block Information

Total Blocks: 311
Potentially Malicious Blocks: 41
Whitelisted Blocks: 270
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x x x x x x x x x x x x x 0 0 x x x x 0 0 1 1 x x x x x x x 1 x x x 0 x x x x x x x x x x 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.JIA
  • Antavmu.A
  • TimeSink.A
  • TimeSink.D

Files Modified

File Attributes
c:\users\user\downloads\tmp1.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tmp2.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tmp3.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tmp4.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tmp5.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\tmp6.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\primavera_2001.scr Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\control panel\desktop::scrnsave.exe C:\WINDOWS\PRIMAV~1.SCR RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@mmres.dll,-800 Windows Default RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@c:\windows\system32\mmres.dll,-800 Windows Default RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@themeui.dll,-850 High Contrast #1 RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@themeui.dll,-851 High Contrast #2 RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@themeui.dll,-852 High Contrast Black RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@themeui.dll,-853 High Contrast White RegNtPreCreateKey
HKCU\software\solonewage.it\primavera_2001\screen saver::id105  RegNtPreCreateKey
HKCU\software\solonewage.it\primavera_2001\screen saver::id114 ( RegNtPreCreateKey
HKCU\software\solonewage.it\primavera_2001\effects::id100  RegNtPreCreateKey
Show More
HKCU\software\solonewage.it\primavera_2001\effects::id105  RegNtPreCreateKey
HKCU\software\solonewage.it\primavera_2001\advanced image::id101  RegNtPreCreateKey
HKCU\software\solonewage.it\primavera_2001\advanced image::id107  RegNtPreCreateKey
HKCU\software\solonewage.it\primavera_2001\advanced image::id110  RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation
Keyboard Access
  • GetKeyState

Shell Command Execution

rundll32.exe shell32.dll,Control_RunDLL desk.cpl,@0,1

Trending

Most Viewed

Loading...