apptrailers.exe

TrailerWatch

The executable apptrailers.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppTrailers’. This file is typically installed with the program AppTrailers - AppTrailers for Desktop by AppTrailers. While running, it connects to the Internet address 206-121.amazon.com on port 80 using the HTTP protocol.
Publisher:
TrailerWatch  (signed and verified)

MD5:
53b334c353b74c366fafc51a5810f8b4

SHA-1:
250f753b2bf8af08fe2f8f9be742b1b6c3deb5e1

SHA-256:
2c8db327def7b01bd0b148a2add2edfebedbd39040d5b1da1f0431586c5486b7

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/27/2024 6:57:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.10.14

File size:
45.6 MB (47,835,928 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 7:33:06 PM

Valid to:
2/2/2026 7:33:06 PM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/17/2017 10:17:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C9A083

Entry point:
E8, 98, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, A7, 20, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 6A, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, 97, 24, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A7, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 14, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8723

Code size:
34.9 MB (36,637,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AppTrailers

Command:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe su


The file apptrailers.exe has been discovered within the following program.

About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 206-53.amazon.com  (72.21.206.53:80)

TCP (HTTP SSL):
Connects to m-prd-umpxl-adcom-mtc-b.evip.aol.com  (149.174.28.143:443)

TCP (HTTP):
Connects to a88-221-117-81.deploy.akamaitechnologies.com  (88.221.117.81:80)

TCP (HTTP SSL):
Connects to a104-80-91-88.deploy.static.akamaitechnologies.com  (104.80.91.88:443)

TCP (HTTP SSL):
Connects to a104-68-210-57.deploy.static.akamaitechnologies.com  (104.68.210.57:443)

TCP (HTTP SSL):
Connects to a104-106-238-221.deploy.static.akamaitechnologies.com  (104.106.238.221:443)

TCP (HTTP):
Connects to a104-106-232-217.deploy.static.akamaitechnologies.com  (104.106.232.217:80)

TCP (HTTP):
Connects to a88-221-117-200.deploy.akamaitechnologies.com  (88.221.117.200:80)

TCP (HTTP):
Connects to server-52-84-141-143.yto50.r.cloudfront.net  (52.84.141.143:80)

TCP (HTTP SSL):
Connects to server-52-84-137-115.yto50.r.cloudfront.net  (52.84.137.115:443)

TCP (HTTP SSL):
Connects to server-52-84-136-187.yto50.r.cloudfront.net  (52.84.136.187:443)

TCP (HTTP SSL):
Connects to a23-9-106-99.deploy.static.akamaitechnologies.com  (23.9.106.99:443)

TCP (HTTP SSL):
Connects to a23-34-218-22.deploy.static.akamaitechnologies.com  (23.34.218.22:443)

TCP (HTTP SSL):
Connects to a23-34-208-136.deploy.static.akamaitechnologies.com  (23.34.208.136:443)

TCP (HTTP):
Connects to a23-206-224-208.deploy.static.akamaitechnologies.com  (23.206.224.208:80)

TCP (HTTP):
Connects to a184-84-43-196.deploy.static.akamaitechnologies.com  (184.84.43.196:80)

TCP (HTTP SSL):
Connects to 3e.5a.17c6.ip4.static.sl-reverse.com  (198.23.90.62:443)

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

TCP (HTTP):
Connects to server-54-239-164-16.lhr50.r.cloudfront.net  (54.239.164.16:80)

TCP (HTTP):
Connects to a95-101-128-187.deploy.akamaitechnologies.com  (95.101.128.187:80)

Remove apptrailers.exe - Powered by Reason Core Security