Cuckoo report is generated in JSON file. Interpretation of json value

Question

After the analysis is done of Malware the following sample part is generated in the JSON file.

{
  "calls": [
    {
      "category": "system",
      "status": 0,
      "stacktrace": [],
      "last_error": 0,
      "nt_status": -1073741515,
      "api": "LdrLoadDll",
      "return_value": 3221225781,
      "arguments": {
        "basename": "atp",
        "module_address": "0x00000000",
        "flags": 0,
        "module_name": "atp.dll",
        "stack_pivoted": 0
      },
      "time": 1584287582.774751,
      "tid": 2396,
      "flags": {}
    }
  ]
}

What is "time": 1584287582.774751 in this json file?

score 1 · Answer 1 · answered Jul 16 '21 at 04:10

1

The time field uses the UNIX timestamp format, which represents the number of seconds that have passed since January 1, 1970. (UTC). You can search for online tools, such as https://www.unixtimestamp.com/, to help you decode.

1584287582.774751 means Sun Mar 15 2020 15:53:02 GMT+0000

Based on the JSON you posted, I guess the time field here refers to the time when the LdrLoadDll API was called.

answered Jul 16 '21 at 04:10

oalieno

46
4

Thank you oalieno for the clarification. – Laxmi Bhagwat Jul 20 '21 at 14:09

Cuckoo report is generated in JSON file. Interpretation of json value

1 Answers1