home

rlph.dll

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The module rlph.dll by TMRG has been detected as adware by 21 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
RelevantKnowledge

Version:
1.0.1.4

MD5:
7898559f8d9acc959f8d7db16cefdf75

SHA-1:
03109d17f0ea906ae83060e7f07fc1a9090ae575

SHA-256:
242bc30c8a76f3c2613fa65ad17cd77200544f7854f0526dc5e39276504908ab

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
4/19/2024 8:21:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.Ru9@RGCL5jgi
992

Avira AntiVirus
Adware/Agent.717440
7.11.151.60

avast!
Win32:Relevant-G [PUP]
2014.9-140519

AVG
RelevantKnowledge
2015.0.3470

Bitdefender
Gen:Adware.Heur.Ru9@RGCL5jgi
1.0.20.695

Comodo Security
UnclassifiedMalware
18315

Emsisoft Anti-Malware
Gen:Adware.Heur.Ru9@RGCL5jgi
8.14.05.19.11

F-Secure
Gen:Adware.Heur.Ru9@RGCL5jgi
11.2014-19-05_2

G Data
Gen:Adware.Heur.Ru9@RGCL5jgi
14.5.24

IKARUS anti.virus
Gen.AdWare.Heur
t3scan.2.2.29

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.05.19.11

MicroWorld eScan
Gen:Adware.Heur.Ru9@RGCL5jgi
15.0.0.417

Norman
Adware.A!genr
11.20140519

Reason Heuristics
PUP.TMRG.E
14.8.7.22

Sophos
Generic Proxy-OSS Application
4.98

SUPERAntiSpyware
Spyware.RelevantKnowledge
10596

Trend Micro House Call
ADW_RELEVANT
7.2.349

Trend Micro
ADW_RELEVANT
10.465.15

Vba32 AntiVirus
Signed-AdWare.Win32.Relevant
3.12.26.0

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
27790

ViRobot
Adware.Agent.717440
2011.4.7.4223

File size:
700.6 KB (717,440 bytes)

Product version:
1.0.1.4

Copyright:
Copyright (C) 2007-2009

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\relevantknowledge\rlph.dll

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/16/2007 6:00:00 PM

Valid to:
9/27/2009 5:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
02491544000D8C9D63F061B1EBAE8466

File PE Metadata
Compilation timestamp:
3/31/2009 7:48:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:tO9iCCmgkd7mPRGrYd9UR7RGej6dKvo4Y9haRcgKdFBi1Uliz0NA1LPxVSlj:tuiCgbHAyyj5cldE6M0NUSlj

Entry address:
0x5739E

Entry point:
6A, 0C, 68, C8, 8A, 07, 10, E8, 02, 17, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, A0, 1A, 0A, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 00, 23, 0A, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, 11, 9D, FA, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Entropy:
6.3069

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
428 KB (438,272 bytes)

Remove rlph.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.