home

trailerwatch.exe

TrailerWatch

The executable trailerwatch.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TrailerWatch’. This file is typically installed with the program TrailerWatch - TrailerWatch for Desktop by TrailerWatch. While running, it connects to the Internet address rtr3.l7.search.vip.ir2.yahoo.com on port 443.
Publisher:
TrailerWatch  (signed and verified)

MD5:
bc7433f0b3acfb582ea0ceb178f80040

SHA-1:
676279ce62677d38c2a1cff50fbdd73c5da30b6b

SHA-256:
0e7eac48477e033ba8f6057d5ed5b5f88096ac3d400a9970bb91649e7351e272

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 2:58:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.2.14

File size:
45.9 MB (48,080,336 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe

Digital Signature
Signed by:
TrailerWatch

Authority:
TrailerWatch

Valid from:
2/5/2016 12:33:06 AM

Valid to:
2/2/2026 12:33:06 AM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 7:43:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:euK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQsDA:nwC64r1c6ZgnUSrLpbUAdBUQq6/BLAU

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8846

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TrailerWatch

Command:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe su


The file trailerwatch.exe has been discovered within the following program.

TrailerWatch - TrailerWatch for Desktop  by TrailerWatch
About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

TCP (HTTP):
Connects to m-prd-umpxl-shared-mr1-blue-a.evip.aol.com  (152.163.50.3:80)

TCP (HTTP SSL):
Connects to bam-7.nr-data.net  (162.247.242.19:443)

TCP (HTTP):
Connects to a95-101-183-163.deploy.akamaitechnologies.com  (95.101.183.163:80)

TCP (HTTP):
Connects to a92-122-180-195.deploy.akamaitechnologies.com  (92.122.180.195:80)

TCP (HTTP):
Connects to a23-193-192-114.deploy.static.akamaitechnologies.com  (23.193.192.114:80)

TCP (HTTP):
Connects to a23-193-181-41.deploy.static.akamaitechnologies.com  (23.193.181.41:80)

TCP (HTTP):
Connects to a184-26-44-95.deploy.static.akamaitechnologies.com  (184.26.44.95:80)

TCP (HTTP):
Connects to 199.83.128.108.ip.incapdns.net  (199.83.128.108:80)

TCP (HTTP):
Connects to ec2-52-3-159-97.compute-1.amazonaws.com  (52.3.159.97:80)

TCP (HTTP SSL):
Connects to a172-229-240-236.deploy.static.akamaitechnologies.com  (172.229.240.236:443)

TCP (HTTP SSL):
Connects to a104-97-75-5.deploy.static.akamaitechnologies.com  (104.97.75.5:443)

TCP (HTTP SSL):
Connects to a104-97-139-37.deploy.static.akamaitechnologies.com  (104.97.139.37:443)

TCP (HTTP SSL):
Connects to a104-97-115-40.deploy.static.akamaitechnologies.com  (104.97.115.40:443)

TCP (HTTP):
Connects to 206-53.amazon.com  (72.21.206.53:80)

TCP (HTTP SSL):
Connects to 119.244.178.107.bc.googleusercontent.com  (107.178.244.119:443)

TCP (HTTP):
Connects to 107.154.102.41.ip.incapdns.net  (107.154.102.41:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

Remove trailerwatch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.