apptrailers.exe

TrailerWatch

The executable apptrailers.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppTrailers’. While running, it connects to the Internet address 206-135.amazon.com on port 80 using the HTTP protocol.
Publisher:
TrailerWatch  (signed and verified)

MD5:
566f30f5b5b2d69b52e07df4527b52e4

SHA-1:
7c3c7f374ca0596992e6fac2379c8e4da87ff8a8

SHA-256:
75e78f781ca79d6ae8710eb1c2d5db7f465d4418f29a5948ab425c5744190f9a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/2/2017 8:40:07 PM UTC  (eight months ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.2.15

File size:
45.6 MB (47,837,272 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 9:33:06 AM

Valid to:
2/2/2026 9:33:06 AM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 4:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AppTrailers

Command:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe su


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a104-108-197-114.deploy.static.akamaitechnologies.com  (104.108.197.114:443)

TCP (HTTP SSL):
Connects to a104-108-196-55.deploy.static.akamaitechnologies.com  (104.108.196.55:443)

TCP (HTTP):
Connects to 206-53.amazon.com  (72.21.206.53:80)

TCP (HTTP SSL):
Connects to unknown.telstraglobal.net  (210.176.156.35:443)

TCP (HTTP SSL):
Connects to sin01-vip03.insnw.net  (103.243.13.52:443)

TCP (HTTP SSL):
Connects to server-52-84-111-28.del51.r.cloudfront.net  (52.84.111.28:443)

TCP (HTTP):
Connects to server-52-84-101-133.del51.r.cloudfront.net  (52.84.101.133:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP SSL):
Connects to ox-173-241-248-143.xf.dc.openx.org  (173.241.248.143:443)

TCP (HTTP SSL):
Connects to l1.ycs.vip.inc.yahoo.com  (203.84.220.80:443)

TCP (HTTP SSL):
Connects to ec2-54-76-70-112.eu-west-1.compute.amazonaws.com  (54.76.70.112:443)

TCP (HTTP):
Connects to ec2-54-225-154-132.compute-1.amazonaws.com  (54.225.154.132:80)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP SSL):

TCP (HTTP SSL):

TCP (HTTP SSL):
Connects to ec2-34-200-132-29.compute-1.amazonaws.com  (34.200.132.29:443)

TCP (HTTP):
Connects to 162-180.amazon.com  (207.171.162.180:80)

TCP (HTTP SSL):
Connects to ec2-34-195-153-94.compute-1.amazonaws.com  (34.195.153.94:443)

TCP (HTTP):
Connects to 206-135.amazon.com  (72.21.206.135:80)

Remove apptrailers.exe - Powered by Reason Core Security