» apptrailers.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (29)

apptrailers.exe

TrailerWatch

The executable apptrailers.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppTrailers’. This file is typically installed with the program AppTrailers - AppTrailers for Desktop by AppTrailers. While running, it connects to the Internet address unknown.telstraglobal.net on port 443.

File name:

apptrailers.exe

Publisher:

TrailerWatch (signed and verified)

MD5:

42e89cd86b953bf1ccdbb406eb143564

SHA-1:

b760e5f3d9dfda2a24a1427b3b24af902e61ecf6

SHA-256:

02ffc0d5d07ed4a168b3cf10b7680cf8305156ca1ab378d8614dd10e9bdea60d

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/23/2024 8:23:49 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.9.29.12

File size:

45.6 MB (47,824,832 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe

Digital Signature

Signed by:

TrailerWatch

Authority:

TrailerWatch

Valid from:

2/5/2016 2:03:06 PM

Valid to:

2/2/2026 2:03:06 PM

Subject:

CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:

CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:

00A0FBD74B3D188329

File PE Metadata

Compilation timestamp:

2/20/2016 9:13:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:RuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQjD8+7:MwC64r1c6ZgnUSrLpbUAdBUQq6/BLvDP

Entry address:

0x1C9A031

Entry point:

E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

6.8735

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AppTrailers

Command:

C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe su

The file apptrailers.exe has been discovered within the following programs.

AppTrailers - AppTrailers for Desktop by AppTrailers

About 5% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 206-121.amazon.com (72.21.206.121:80)

TCP (HTTP):

Connects to 206-135.amazon.com (72.21.206.135:80)

TCP (HTTP):

Connects to 162-180.amazon.com (207.171.162.180:80)

TCP (HTTP SSL):

Connects to server-52-84-111-112.del51.r.cloudfront.net (52.84.111.112:443)

TCP (HTTP):

Connects to server-54-192-149-169.sin2.r.cloudfront.net (54.192.149.169:80)

TCP (HTTP):

Connects to a23-15-35-8.deploy.static.akamaitechnologies.com (23.15.35.8:80)

TCP (HTTP):

Connects to a104-108-195-144.deploy.static.akamaitechnologies.com (104.108.195.144:80)

TCP (HTTP):

Connects to 206-53.amazon.com (72.21.206.53:80)

TCP (HTTP):

Connects to unknown.telstraglobal.net (210.176.156.45:80)

TCP (HTTP):

Connects to a184-25-108-9.deploy.static.akamaitechnologies.com (184.25.108.9:80)

TCP (HTTP):

Connects to a184-25-108-41.deploy.static.akamaitechnologies.com (184.25.108.41:80)

TCP (HTTP):

Connects to a184-25-108-35.deploy.static.akamaitechnologies.com (184.25.108.35:80)

TCP (HTTP):

Connects to a173-222-70-12.deploy.static.akamaitechnologies.com (173.222.70.12:80)

TCP (HTTP):

Connects to a104-112-227-56.deploy.static.akamaitechnologies.com (104.112.227.56:80)

TCP (HTTP SSL):

Connects to server-52-84-111-26.del51.r.cloudfront.net (52.84.111.26:443)

TCP (HTTP):

Connects to dhcp-192-223-202.in2cable.com (203.192.223.202:80)

TCP (HTTP):

Connects to server-52-84-101-133.del51.r.cloudfront.net (52.84.101.133:80)

TCP (HTTP SSL):

Connects to bam-3.nr-data.net (50.31.164.173:443)

TCP (HTTP):

Connects to a184-25-109-40.deploy.static.akamaitechnologies.com (184.25.109.40:80)

TCP (HTTP):

Connects to a95-101-81-90.deploy.akamaitechnologies.com (95.101.81.90:80)

Remove apptrailers.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.