rlvknlg.exe

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlvknlg.exe by TMRG has been detected as adware by 30 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
RelevantKnowledge

Version:
1.3.324.349 (Build 324.349)

MD5:
325dd54091e84ad19d9b3a3f1a38e84e

SHA-1:
d175b254d61615825bfdd4677d1602c8f7f4de54

SHA-256:
be60b8b38ccc07dee7a2f3f073af7867d9c267c7bb1c5e0fd06f7743c6522c79

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
12/23/2024 3:52:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.Rr1@RarZ1gpi
856

Agnitum Outpost
Adware.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.MarketScore
2014.09.27

Avira AntiVirus
ADWARE/Adware.Gen
7.11.174.236

avast!
Win32:Adspy-DG [PUP]
2014.9-141002

AVG
RelevantKnowledge
2015.0.3334

Baidu Antivirus
Adware.Win32.RKToolbar
4.0.3.14102

Bitdefender
Gen:Adware.Heur.Rr1@RarZ1gpi
1.0.20.1375

Dr.Web
Program.RelKnow.2
9.0.1.0275

Emsisoft Anti-Malware
Gen:Adware.Heur.Rr1@RarZ1gpi
8.14.10.02.01

ESET NOD32
Win32/Adware.RK.AI (variant)
8.10472

Fortinet FortiGate
Riskware/OSS
10/2/2014

F-Prot
W32/Adware.AHIH
v6.4.7.1.166

F-Secure
Adware:W32/RelevantKnowledge
11.2014-02-10_5

G Data
Gen:Adware.Heur.Rr1@RarZ1gpi
14.10.24

IKARUS anti.virus
Gen.AdWare.Heur
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13504

Kaspersky
not-a-virus:WebToolbar.Win32.RK
14.0.0.3165

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.10.02.01

MicroWorld eScan
Gen:Adware.Heur.Rr1@RarZ1gpi
15.0.0.825

NANO AntiVirus
Riskware.Win32.RelKnow.csvxvd
0.28.2.62286

Norman
Adware.A!genr
11.20141002

Panda Antivirus
Spyware/MarketScore
14.10.02.01

Qihoo 360 Security
Malware.VC.Gen
1.0.0.1015

Reason Heuristics
PUP.TMRG.H
14.10.2.1

Rising Antivirus
PE:Trojan.Win32.Generic.126F7AF0!309295856
23.00.65.14930

Sophos
Generic Proxy-OSS Application
4.98

SUPERAntiSpyware
Spyware.RelevantKnowledge
10325

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
33468

Zillya! Antivirus
Adware.RK.Win32.147
2.0.0.1935

File size:
1.7 MB (1,760,896 bytes)

Product version:
1.3.324.349 (Build 324.349)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\{random}.tmp\rlvknlg.exe

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/16/2007 6:00:00 PM

Valid to:
9/27/2009 5:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
02491544000D8C9D63F061B1EBAE8466

File PE Metadata
Compilation timestamp:
9/18/2009 8:09:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:1WIqrrnLRJRSU9ABBqaEz0XuARTWw5OBTV75:1Wrf9JMUGqaEz0XuPr5

Entry address:
0x11AEEC

Entry point:
6A, 74, 68, 10, 7F, 54, 00, E8, 44, 03, 00, 00, 33, DB, 89, 5D, E0, 53, 8B, 3D, 08, 62, 54, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 44, 68, 54, 00, 59, 83, 0D, 3C, BE, 5C, 00, FF, 83...
 
[+]

Entropy:
6.4629

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
1.3 MB (1,330,176 bytes)

Remove rlvknlg.exe - Powered by Reason Core Security