apptrailers.exe

TrailerWatch

The executable apptrailers.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppTrailers’. This file is typically installed with the program AppTrailers - AppTrailers for Desktop by AppTrailers.
Publisher:
TrailerWatch  (signed and verified)

MD5:
2f244d2fe5c7e559d14574594faaf727

SHA-1:
1b5e0dba0bdce5491350b8e85f9f15dcc710105e

SHA-256:
65742344e7b3a9ad1fe0e6484329d870535ce2833260d5a3184cabc1d2602934

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/26/2024 10:12:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.13.14

File size:
45.6 MB (47,824,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 12:33:06 AM

Valid to:
2/2/2026 12:33:06 AM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 7:43:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:buK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQjDUsn:6wC64r1c6ZgnUSrLpbUAdBUQq6/BLvD1

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8735

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AppTrailers

Command:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe su


The file apptrailers.exe has been discovered within the following program.

About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-23-109-78.compute-1.amazonaws.com  (23.23.109.78:80)

TCP (HTTP SSL):
Connects to server-52-84-1-46.ord54.r.cloudfront.net  (52.84.1.46:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:443)

TCP (HTTP):
Connects to ec2-54-221-206-77.compute-1.amazonaws.com  (54.221.206.77:80)

TCP (HTTP):
Connects to ec2-174-129-6-130.compute-1.amazonaws.com  (174.129.6.130:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.swb.yahoo.com  (216.115.100.124:443)

TCP (HTTP SSL):
Connects to a23-74-51-35.deploy.static.akamaitechnologies.com  (23.74.51.35:443)

TCP (HTTP):
Connects to a23-63-227-171.deploy.static.akamaitechnologies.com  (23.63.227.171:80)

TCP (HTTP):
Connects to a23-200-231-31.deploy.static.akamaitechnologies.com  (23.200.231.31:80)

TCP (HTTP):
Connects to a23-198-171-240.deploy.static.akamaitechnologies.com  (23.198.171.240:80)

TCP (HTTP SSL):
Connects to a23-194-103-203.deploy.static.akamaitechnologies.com  (23.194.103.203:443)

TCP (HTTP):
Connects to a23-194-100-15.deploy.static.akamaitechnologies.com  (23.194.100.15:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to 208.185.50.65.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.65:443)

TCP (HTTP):
Connects to 206-53.amazon.com  (72.21.206.53:80)

TCP (HTTP):
Connects to 162-180.amazon.com  (207.171.162.180:80)

TCP (HTTP):
Connects to tags.expo9.exponential.com  (204.11.109.76:80)

TCP (HTTP):
Connects to server-54-230-0-63.lhr5.r.cloudfront.net  (54.230.0.63:80)

TCP (HTTP):
Connects to server-54-192-130-92.ams50.r.cloudfront.net  (54.192.130.92:80)

Remove apptrailers.exe - Powered by Reason Core Security