trailerwatch.exe

TrailerWatch

The executable trailerwatch.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TrailerWatch’. This file is typically installed with the program TrailerWatch - TrailerWatch for Desktop by TrailerWatch. While running, it connects to the Internet address 162-180.amazon.com on port 443.
Publisher:
TrailerWatch  (signed and verified)

MD5:
dea1c316813bf38527ebd6cd7f518040

SHA-1:
0513d82a16a5553961be10f3ac1a5e8828895265

SHA-256:
88cc2131653050b85b603c44026a7de432f2c092cda65a70c9e21060e6286aa7

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 3:50:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.2.14

File size:
47.3 MB (49,554,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 2:03:06 PM

Valid to:
2/2/2026 2:03:06 PM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 9:13:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:YuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQsbSw9:1wC64r1c6ZgnUSrLpbUAdBUQq6/BLA2i

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.9390

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TrailerWatch

Command:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe su


The file trailerwatch.exe has been discovered within the following program.

About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 162-180.amazon.com  (207.171.162.180:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP SSL):
Connects to unknown.telstraglobal.net  (210.176.156.61:443)

TCP (HTTP SSL):
Connects to t2-ha.ycpi.sgb.yahoo.com  (119.161.10.198:443)

TCP (HTTP SSL):
Connects to t1-ha.ycpi.sgb.yahoo.com  (119.161.10.101:443)

TCP (HTTP):
Connects to server-54-192-149-169.sin2.r.cloudfront.net  (54.192.149.169:80)

TCP (HTTP):
Connects to node-202-78-239-186.alliancebroadband.in  (202.78.239.186:80)

TCP (HTTP):
Connects to node-202-78-239-184.alliancebroadband.in  (202.78.239.184:80)

TCP (HTTP):
Connects to node-202-78-239-177.alliancebroadband.in  (202.78.239.177:80)

TCP (HTTP):
Connects to mail.stellaron.in  (88.150.164.58:80)

TCP (HTTP):
Connects to ec2-54-243-158-73.compute-1.amazonaws.com  (54.243.158.73:80)

TCP (HTTP):
Connects to ec2-54-225-154-132.compute-1.amazonaws.com  (54.225.154.132:80)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP):
Connects to a104-114-80-72.deploy.static.akamaitechnologies.com  (104.114.80.72:80)

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

TCP (HTTP):
Connects to node-202-78-239-170.alliancebroadband.in  (202.78.239.170:80)

TCP (HTTP SSL):
Connects to server-54-192-95-104.fra2.r.cloudfront.net  (54.192.95.104:443)

TCP (HTTP):
Connects to server-54-192-92-65.fra2.r.cloudfront.net  (54.192.92.65:80)

TCP (HTTP):
Connects to server-54-192-203-5.fra50.r.cloudfront.net  (54.192.203.5:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (72.21.207.136:80)

Remove trailerwatch.exe - Powered by Reason Core Security