trailerwatch.exe

TrailerWatch

The executable trailerwatch.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TrailerWatch’. This file is typically installed with the program TrailerWatch - TrailerWatch for Desktop by TrailerWatch. While running, it connects to the Internet address server-54-192-38-223.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
TrailerWatch  (signed and verified)

MD5:
34d2e7e46a52b7b595a3643f740d9207

SHA-1:
859d593f04861300c244389c17050e0bd002e916

SHA-256:
49901b79790f13c750c2b6d5ca47d5bdf907e491bc9fd1fcffc5c60294e81778

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/25/2024 4:27:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.2.14

File size:
45.6 MB (47,814,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 9:33:06 AM

Valid to:
2/2/2026 9:33:06 AM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 4:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:KuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQsvyV:bwC64r1c6ZgnUSrLpbUAdBUQq6/BLAKV

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TrailerWatch

Command:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe su


The file trailerwatch.exe has been discovered within the following program.

About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-192-232-171.nrt12.r.cloudfront.net  (54.192.232.171:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP SSL):
Connects to r-199-59-148-11.twttr.com  (199.59.148.11:443)

TCP (HTTP):
Connects to a104-97-141-246.deploy.static.akamaitechnologies.com  (104.97.141.246:80)

TCP (HTTP):
Connects to a104-93-204-192.deploy.static.akamaitechnologies.com  (104.93.204.192:80)

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

TCP (HTTP SSL):
Connects to 162-180.amazon.com  (207.171.162.180:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ort2.fbcdn.net  (157.240.2.25:443)

TCP (HTTP):
Connects to www.kbcc.cuny.edu  (146.111.119.41:80)

TCP (HTTP):
Connects to server-54-230-51-94.jfk5.r.cloudfront.net  (54.230.51.94:80)

TCP (HTTP):
Connects to server-54-230-51-19.jfk5.r.cloudfront.net  (54.230.51.19:80)

TCP (HTTP):
Connects to server-54-230-49-211.jfk5.r.cloudfront.net  (54.230.49.211:80)

TCP (HTTP):
Connects to server-54-192-50-152.jfk5.r.cloudfront.net  (54.192.50.152:80)

TCP (HTTP):
Connects to server-54-192-48-79.jfk5.r.cloudfront.net  (54.192.48.79:80)

TCP (HTTP):
Connects to server-54-192-48-39.jfk5.r.cloudfront.net  (54.192.48.39:80)

TCP (HTTP):
Connects to server-54-192-38-223.jfk1.r.cloudfront.net  (54.192.38.223:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-ord1.facebook.com  (31.13.74.36:443)

TCP (HTTP):
Connects to ec2-52-72-187-133.compute-1.amazonaws.com  (52.72.187.133:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-204-28-40.compute-1.amazonaws.com  (52.204.28.40:80)

Remove trailerwatch.exe - Powered by Reason Core Security