trailerwatch.exe

TrailerWatch

The executable trailerwatch.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TrailerWatch’. This file is typically installed with the program TrailerWatch - TrailerWatch for Desktop by TrailerWatch. While running, it connects to the Internet address unknown.telstraglobal.net on port 443.
Publisher:
TrailerWatch  (signed and verified)

MD5:
656ee5fa94c408c014c6a68a8c14f34a

SHA-1:
a512bcdd5224afb18c3f89e1916b4b253fd5b1d6

SHA-256:
e071c5dd4962c8c18f055e2f412998c5d06913aa4c52d5162cde05bb8905fcbe

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 12:28:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.2.14

File size:
47.3 MB (49,554,320 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 12:33:06 AM

Valid to:
2/2/2026 12:33:06 AM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 7:43:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:/uK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQs/hMZ:WwC64r1c6ZgnUSrLpbUAdBUQq6/BLApe

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.9386

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TrailerWatch

Command:
C:\users\{user}\appdata\roaming\trailerwatch\trailerwatch.exe su


The file trailerwatch.exe has been discovered within the following program.

About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP SSL):
Connects to l1.ycs.vip.inc.yahoo.com  (203.84.220.80:443)

TCP (HTTP):
Connects to ec2-54-208-19-128.compute-1.amazonaws.com  (54.208.19.128:80)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP):
Connects to a104-108-195-144.deploy.static.akamaitechnologies.com  (104.108.195.144:80)

TCP (HTTP):
Connects to a118-214.142-29.deploy.akamaitechnologies.com  (118.214.142.29:80)

TCP (HTTP SSL):
Connects to unknown.telstraglobal.net  (210.176.156.81:443)

TCP (HTTP):
Connects to msnbot-207-46-194-14.search.msn.com  (207.46.194.14:80)

TCP (HTTP):
Connects to host18-rangeA-akamai-aanp.cdn.bllon.isp.sky.com  (176.255.202.18:80)

TCP (HTTP):
Connects to host10-rangeA-akamai-aanp.cdn.bllon.isp.sky.com  (176.255.202.10:80)

TCP (HTTP):
Connects to ec2-23-21-45-51.compute-1.amazonaws.com  (23.21.45.51:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 206-140.amazon.com  (72.21.206.140:443)

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

Remove trailerwatch.exe - Powered by Reason Core Security