csmb46a.tmp

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The file csmb46a.tmp by TMRG has been detected as adware by 19 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

MD5:
580d9673e5ec5d90de1f83e2fd1742c2

SHA-1:
0dd94bcc3dc39097bf4bea145356e398665dda4f

SHA-256:
868b1aee31c6335a5fc4257f20346e2d99fbd86bc7554b415da41fc19b13b3b1

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
12/23/2024 3:46:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Relevant.AY
703

avast!
Win32:Monitor-Y [PUP]
2014.9-150303

AVG
Generic4
2016.0.3181

Bitdefender
Adware.Relevant.AY
1.0.20.310

Bkav FE
W32.Clodbd9.Trojan
1.3.0.4959

Emsisoft Anti-Malware
Adware.Relevant.AY
8.15.03.03.04

ESET NOD32
Win32/Adware.Mongoose
9.10566

F-Prot
W32/MalwareF.ZFU
v6.4.7.1.166

F-Secure
Adware.Relevant.AY
11.2015-03-03_3

G Data
Adware.Relevant.AY
15.3.24

Malwarebytes
Adware.Mongoose
v2015.03.03.04

MicroWorld eScan
Adware.Relevant.AY
16.0.0.186

NANO AntiVirus
Riskware.Win32.Mongoose.ifvt
0.28.2.62671

nProtect
Adware.Relevant.AY
14.10.15.01

Reason Heuristics
PUP.TMRG
15.3.3.16

Sophos
RelevantKnowledge
4.98

Vba32 AntiVirus
Adware.Mongoose
3.12.26.3

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
33942

Zillya! Antivirus
Trojan.Inject.Win32.61325
2.0.0.1956

File size:
148.6 KB (152,192 bytes)

Common path:
C:\users\{user}\appdata\local\temp\csmb46a.tmp

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/16/2007 9:00:00 PM

Valid to:
9/27/2009 8:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
02491544000D8C9D63F061B1EBAE8466

File PE Metadata
Compilation timestamp:
6/9/2009 6:20:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:x4FOXyZWPGXJ3jvrIoWEL1WAxZGy7wSm01bAh5JUlZVO8BQF:xWn0PGZ3jvrIjtiUyMkVAuVOqS

Entry address:
0xC4AF

Entry point:
6A, 0C, 68, 38, B2, 01, 10, E8, 75, 01, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, 54, 04, 02, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, E8, 1C, 02, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, D0, AC, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
96 KB (98,304 bytes)

Remove csmb46a.tmp - Powered by Reason Core Security