home

apptrailers.exe

TrailerWatch

The executable apptrailers.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AppTrailers’. This file is typically installed with the program AppTrailers - AppTrailers for Desktop by AppTrailers. While running, it connects to the Internet address 206-121.amazon.com on port 80 using the HTTP protocol.
Publisher:
TrailerWatch  (signed and verified)

MD5:
2fc821ab74fef2d82c274ad264c1debd

SHA-1:
d5754fb5d5c2fa6862aba11ba92126cc8e172ebb

SHA-256:
448ea3b64c99dd1f561ca36dd3a35b9011d43fd2ddd03c363e8fa3194e59801f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/19/2024 4:01:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.10.10

File size:
45.3 MB (47,475,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe

Digital Signature
Signed by:
TrailerWatch

Authority:
TrailerWatch

Valid from:
2/5/2016 9:33:06 AM

Valid to:
2/2/2026 9:33:06 AM

Subject:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Issuer:
CN=TrailerWatch, OU=TrailerWatch, O=TrailerWatch, S=Some-State, C=US

Serial number:
00A0FBD74B3D188329

File PE Metadata
Compilation timestamp:
2/17/2017 12:17:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C9A083

Entry point:
E8, 98, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, A7, 20, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 6A, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, 97, 24, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A7, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 14, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,637,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AppTrailers

Command:
C:\users\{user}\appdata\roaming\apptrailers\apptrailers.exe su


The file apptrailers.exe has been discovered within the following program.

AppTrailers - AppTrailers for Desktop  by AppTrailers
About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ox-173-241-240-214.xa.dc.openx.org  (173.241.240.214:80)

TCP (HTTP):
Connects to m-prd-pxl-adcom-mtc-b.evip.aol.com  (149.174.28.142:80)

TCP (HTTP):
Connects to 162-180.amazon.com  (207.171.162.180:80)

TCP (HTTP):
Connects to 206-121.amazon.com  (72.21.206.121:80)

TCP (HTTP):
Connects to a92-123-227-169.deploy.akamaitechnologies.com  (92.123.227.169:80)

TCP (HTTP):
Connects to a92-122-180-195.deploy.akamaitechnologies.com  (92.122.180.195:80)

TCP (HTTP):
Connects to server-54-230-201-125.fra50.r.cloudfront.net  (54.230.201.125:80)

TCP (HTTP SSL):
Connects to server-54-192-201-36.fra50.r.cloudfront.net  (54.192.201.36:443)

TCP (HTTP SSL):
Connects to server-52-85-178-194.fra50.r.cloudfront.net  (52.85.178.194:443)

TCP (HTTP SSL):
Connects to pprd1-rtr2.manhattan.vip.bf1.yahoo.com  (72.30.203.224:443)

TCP (HTTP):
Connects to ec2-54-243-158-73.compute-1.amazonaws.com  (54.243.158.73:80)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP SSL):
Connects to ec2-52-7-174-120.compute-1.amazonaws.com  (52.7.174.120:443)

TCP (HTTP SSL):
Connects to ec2-52-59-63-107.eu-central-1.compute.amazonaws.com  (52.59.63.107:443)

TCP (HTTP SSL):
Connects to ec2-52-28-254-9.eu-central-1.compute.amazonaws.com  (52.28.254.9:443)

TCP (HTTP):
Connects to e1.ycpi.vip.deb.yahoo.com  (87.248.118.22:80)

TCP (HTTP):
Connects to a84-53-136-12.deploy.akamaitechnologies.com  (84.53.136.12:80)

TCP (HTTP):
Connects to a104-103-123-153.deploy.static.akamaitechnologies.com  (104.103.123.153:80)

Remove apptrailers.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.