apptrailers.exe

TrailerWatch

The executable apptrailers.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppTrailers’. This file is typically installed with the program AppTrailers - AppTrailers for Desktop by AppTrailers.
Publisher:
TrailerWatch  (signed and verified)

MD5:
19d4a67ea00154b1742c7ed79be64630

SHA-1:
820047896b3237b308b90e5121ada510303e0e03

SHA-256:
f4db2d715d94250373de1df3abd58502ccf6d97a68f00b22cddec75cccd211a8

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/23/2024 10:10:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.1.9

File size:
45.6 MB (47,836,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 2:03:06 PM

Valid to:
2/2/2026 2:03:06 PM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 9:13:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:2uK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQjDNvV:vwC64r1c6ZgnUSrLpbUAdBUQq6/BLvDb

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8739

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AppTrailers

Command:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe su


The file apptrailers.exe has been discovered within the following program.

About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 162-180.amazon.com  (207.171.162.180:80)

TCP (HTTP SSL):
Connects to server-54-192-55-175.jfk6.r.cloudfront.net  (54.192.55.175:443)

TCP (HTTP SSL):
Connects to ec2-23-22-170-46.compute-1.amazonaws.com  (23.22.170.46:443)

TCP (HTTP SSL):
Connects to server-54-240-190-127.jfk6.r.cloudfront.net  (54.240.190.127:443)

TCP (HTTP SSL):
Connects to server-54-192-54-123.jfk6.r.cloudfront.net  (54.192.54.123:443)

TCP (HTTP SSL):
Connects to a23-13-224-180.deploy.static.akamaitechnologies.com  (23.13.224.180:443)

TCP (HTTP SSL):
Connects to a104-64-60-65.deploy.static.akamaitechnologies.com  (104.64.60.65:443)

TCP (HTTP SSL):
Connects to a104-100-139-185.deploy.static.akamaitechnologies.com  (104.100.139.185:443)

TCP (HTTP SSL):
Connects to 206-141.amazon.com  (72.21.206.141:443)

TCP (HTTP SSL):
Connects to a23-13-224-207.deploy.static.akamaitechnologies.com  (23.13.224.207:443)

TCP (HTTP SSL):
Connects to a173-223-239-39.deploy.static.akamaitechnologies.com  (173.223.239.39:443)

TCP (HTTP SSL):
Connects to a104-88-89-135.deploy.static.akamaitechnologies.com  (104.88.89.135:443)

TCP (HTTP):
Connects to a104-88-84-128.deploy.static.akamaitechnologies.com  (104.88.84.128:80)

TCP (HTTP SSL):
Connects to 40.1e.2fa9.ip4.static.sl-reverse.com  (169.47.30.64:443)

TCP (HTTP SSL):
Connects to r1.ycpi.vip.bf1.yahoo.net  (98.139.199.204:443)

TCP (HTTP):
Connects to ec2-50-17-189-123.compute-1.amazonaws.com  (50.17.189.123:80)

TCP (HTTP SSL):
Connects to ec2-107-21-227-55.compute-1.amazonaws.com  (107.21.227.55:443)

TCP (HTTP SSL):
Connects to a104-100-149-227.deploy.static.akamaitechnologies.com  (104.100.149.227:443)

TCP (HTTP SSL):
Connects to a104-100-144-27.deploy.static.akamaitechnologies.com  (104.100.144.27:443)

TCP (HTTP SSL):
Connects to 208.185.50.80.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.80:443)

Remove apptrailers.exe - Powered by Reason Core Security