apptrailers.exe

TrailerWatch

The executable apptrailers.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppTrailers’. This file is typically installed with the program AppTrailers - AppTrailers for Desktop by AppTrailers. While running, it connects to the Internet address unknown.telstraglobal.net on port 443.
Publisher:
TrailerWatch  (signed and verified)

MD5:
42e89cd86b953bf1ccdbb406eb143564

SHA-1:
b760e5f3d9dfda2a24a1427b3b24af902e61ecf6

SHA-256:
02ffc0d5d07ed4a168b3cf10b7680cf8305156ca1ab378d8614dd10e9bdea60d

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2017 7:31:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.29.12

File size:
45.6 MB (47,824,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe

Digital Signature
Signed by:

Authority:
TrailerWatch

Valid from:
2/5/2016 2:03:06 PM

Valid to:
2/2/2026 2:03:06 PM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/20/2016 9:13:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:RuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQjD8+7:MwC64r1c6ZgnUSrLpbUAdBUQq6/BLvDP

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8735

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AppTrailers

Command:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe su


The file apptrailers.exe has been discovered within the following program.

About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

TCP (HTTP):
Connects to 206-135.amazon.com  (72.21.206.135:80)

TCP (HTTP):
Connects to 162-180.amazon.com  (207.171.162.180:80)

TCP (HTTP SSL):
Connects to server-52-84-111-112.del51.r.cloudfront.net  (52.84.111.112:443)

TCP (HTTP):
Connects to server-54-192-149-169.sin2.r.cloudfront.net  (54.192.149.169:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-108-195-144.deploy.static.akamaitechnologies.com  (104.108.195.144:80)

TCP (HTTP):
Connects to 206-53.amazon.com  (72.21.206.53:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.45:80)

TCP (HTTP):

TCP (HTTP):
Connects to a184-25-108-41.deploy.static.akamaitechnologies.com  (184.25.108.41:80)

TCP (HTTP):
Connects to a184-25-108-35.deploy.static.akamaitechnologies.com  (184.25.108.35:80)

TCP (HTTP):
Connects to a173-222-70-12.deploy.static.akamaitechnologies.com  (173.222.70.12:80)

TCP (HTTP):
Connects to a104-112-227-56.deploy.static.akamaitechnologies.com  (104.112.227.56:80)

TCP (HTTP SSL):
Connects to server-52-84-111-26.del51.r.cloudfront.net  (52.84.111.26:443)

TCP (HTTP):
Connects to dhcp-192-223-202.in2cable.com  (203.192.223.202:80)

TCP (HTTP):
Connects to server-52-84-101-133.del51.r.cloudfront.net  (52.84.101.133:80)

TCP (HTTP SSL):
Connects to bam-3.nr-data.net  (50.31.164.173:443)

TCP (HTTP):
Connects to a184-25-109-40.deploy.static.akamaitechnologies.com  (184.25.109.40:80)

TCP (HTTP):
Connects to a95-101-81-90.deploy.akamaitechnologies.com  (95.101.81.90:80)

Remove apptrailers.exe - Powered by Reason Core Security