trailertime.exe

TrailerTime

The application trailertime.exe by TrailerTime has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TrailerTime’. This file is typically installed with the program TrailerTime - TrailerTime for Desktop by TrailerTime. While running, it connects to the Internet address 206-53.amazon.com on port 80 using the HTTP protocol.
Publisher:
TrailerTime  (signed and verified)

MD5:
a4ea9d54c564c4d2866f6cd457454b38

SHA-1:
f0daa3d2cbf82bdc05fef1c98bff531c5eee2bb1

SHA-256:
fdcca5f1c4ab8458ed502828abec92b0862b99e9ccc154d9453c313d232fc523

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:56:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TrailerTime.Meta (M)
16.2.21.23

File size:
47.2 MB (49,475,144 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\trailertime\trailertime.exe

Digital Signature
Signed by:

Authority:
TrailerTime

Valid from:
11/28/2015 10:04:49 PM

Valid to:
11/25/2025 10:04:49 PM

Subject:
CN=TrailerTime, O=TrailerTime, S=Some-State, C=US

Issuer:
CN=TrailerTime, O=TrailerTime, S=Some-State, C=US

Serial number:
00CC871E9E75C19DD2

File PE Metadata
Compilation timestamp:
3/5/2015 4:51:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:KLJmRGIXff9keaayimwJZHM3SD3K4mNCesWePrumsEUF0pf5UGCrN+Z:KtmRGIXff923imwJZMCDVVesWewFCUGL

Entry address:
0x1C996D1

Entry point:
E8, 9A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, 38, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, 38, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, 38, EC, 02, 02, 74, 21, 6A, 17, E8, A9, 21, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.9382

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TrailerTime

Command:
C:\users\{user}\appdata\roaming\trailertime\trailertime.exe su


The file trailertime.exe has been discovered within the following program.

About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-217-153.cdg51.r.cloudfront.net  (52.85.217.153:80)

TCP (HTTP):
Connects to a23-200-86-160.deploy.static.akamaitechnologies.com  (23.200.86.160:80)

TCP (HTTP):
Connects to 206-53.amazon.com  (72.21.206.53:80)

TCP (HTTP):

TCP (HTTP):
Connects to s3-1.amazonaws.com  (72.21.207.136:80)

TCP (HTTP SSL):
Connects to server-54-192-184-36.cdg51.r.cloudfront.net  (54.192.184.36:443)

TCP (HTTP SSL):
Connects to server-54-192-184-85.cdg51.r.cloudfront.net  (54.192.184.85:443)

TCP (HTTP SSL):
Connects to 162-180.amazon.com  (207.171.162.180:443)

TCP (HTTP):
Connects to server-54-230-187-81.cdg51.r.cloudfront.net  (54.230.187.81:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.lob.yahoo.com  (87.248.114.11:443)

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

TCP (HTTP):
Connects to a92-123-180-200.deploy.akamaitechnologies.com  (92.123.180.200:80)

TCP (HTTP):
Connects to a88-221-113-144.deploy.akamaitechnologies.com  (88.221.113.144:80)

TCP (HTTP):
Connects to a23-200-86-198.deploy.static.akamaitechnologies.com  (23.200.86.198:80)

TCP (HTTP):
Connects to server-54-230-187-253.cdg51.r.cloudfront.net  (54.230.187.253:80)

TCP (HTTP SSL):
Connects to server-54-230-187-218.cdg51.r.cloudfront.net  (54.230.187.218:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-cdg2.facebook.com  (179.60.192.10:443)

TCP (HTTP):
Connects to ec2-54-221-206-77.compute-1.amazonaws.com  (54.221.206.77:80)

TCP (HTTP SSL):
Connects to ec2-52-16-165-25.eu-west-1.compute.amazonaws.com  (52.16.165.25:443)

Remove trailertime.exe - Powered by Reason Core Security