home

rlvknlg.exe

Relevant-Knowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlvknlg.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address wwwc.ri6.securestudies.com on port 80 using the HTTP protocol.
Publisher:
TMRG, Inc.

Product:
Relevant-Knowledge

Version:
1.3.337.392 (Build 337.392)

MD5:
d1a076a18cf4235ff4a85c2b18d10d3b

SHA-1:
dd5218b11eb33c5651cb7f40e41dc9e68e483fc0

SHA-256:
330fc31cfd4fe477cf85151d2c408f8cc4d35e48df1476db8dca50187dd2b76a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 11:51:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TMRG
17.3.9.11

File size:
3.6 MB (3,818,400 bytes)

Product version:
1.3.337.392 (Build 337.392)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\relevantknowledge\rlvknlg.exe

File PE Metadata
Compilation timestamp:
12/28/2016 11:24:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x245F0C

Entry point:
78, 09, C6, C2, 3B, F7, C6, E6, C9, D3, 3A, 69, C5, 4D, 6B, 44, 78, 04, C6, 2B, FE, 85, EA, EB, 06, 8A, F0, 8A, FA, 89, C1, 86, F8, 89, F9, 85, FA, E8, 00, 00, 00, 00, 58, FF, CA, 47, 85, C1, 84, E1, 69, DE, 4D, D0, 8B, 71, B7, 8E, 85, C1, 0F, AF, CA, 8B, CE, FE, C1, FE, C7, 8D, 15, 14, 52, 39, 56, 84, CA, 85, F3, 70, 07, 84, FF, 0F, BF, FA, 8A, D4, 0F, AF, CF, 8D, 35, C6, 52, 01, 9F, FE, C9, 05, 53, D3, 07, 00, 76, 06, C6, C7, 0E, 0F, BF, F6, 05, 5E, 76, 0F, 00, F3, 84, E7, FE, C1, BA, 69, 25, 2C, BD, F3...
 
[+]

Entropy:
6.6604

Code size:
2.7 MB (2,820,096 bytes)

Windows Firewall Allowed Program
Name:
rlvknlg.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to pleskcl0004.hospedagemdesites.ws  (186.202.126.8:80)

TCP (HTTP):
Connects to oss-ad-iad.securestudies.com  (165.193.78.187:80)

TCP (HTTP):
Connects to cluster014.ovh.net  (87.98.231.87:80)

TCP (HTTP):
Connects to static.151.47.40.188.clients.your-server.de  (188.40.47.151:80)

TCP (HTTP SSL):
Connects to wwwc.ri8.securestudies.com  (4.16.75.40:443)

TCP (HTTP):
Connects to wwwc.ri2.securestudies.com  (4.16.74.104:80)

TCP (HTTP):
Connects to www.t-globe-germany.de  (5.9.121.38:80)

TCP (HTTP):
Connects to kundenserver.de  (217.160.231.107:80)

TCP (HTTP SSL):
Connects to a104-88-200-176.deploy.static.akamaitechnologies.com  (104.88.200.176:443)

TCP (HTTP):
Connects to wwwc.ri9.securestudies.com  (4.16.75.72:80)

TCP (HTTP):
Connects to wwwc.ri7.securestudies.com  (4.16.75.8:80)

TCP (HTTP):
Connects to wwwc.ri6.securestudies.com  (4.16.74.232:80)

Remove rlvknlg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.