rlvknlg.exe

Relevant-Knowledge

TMRG Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlvknlg.exe by TMRG has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
TMRG, Inc.  (signed by TMRG Inc.)

Product:
Relevant-Knowledge

Version:
1.3.337.376 (Build 337.376)

MD5:
1ed7a16305cd816aae14c2e1fbbe1dc0

SHA-1:
9b0585dbdf3bbcbadf2b979fdc0202c1db627857

SHA-256:
a3b1bcafeffb08ab99a0c77767a55a66b2dd1dfb7e03bdd9fa558906ee5357dc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/22/2024 6:01:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TMRG (M)
17.3.16.11

File size:
3.4 MB (3,549,600 bytes)

Product version:
1.3.337.376 (Build 337.376)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rlvknlg.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
1/17/2016 4:00:00 PM

Valid to:
2/16/2018 3:59:59 PM

Subject:
CN=TMRG Inc., O=TMRG Inc., L=Reston, S=Virginia, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
7E36C4BE2CEB69DF7BCEDB3B868E9EF9

File PE Metadata
Compilation timestamp:
4/22/2016 12:48:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x239E6B

Entry point:
E8, 8D, 54, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, E7, 9E, 63, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 4D, 0E, 04, 00, 8B, 45, 0C, 8B...
 
[+]

Entropy:
6.5285

Code size:
2.6 MB (2,768,384 bytes)

Remove rlvknlg.exe - Powered by Reason Core Security