home

rlph.dll

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The module rlph.dll by TMRG has been detected as adware by 28 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
RelevantKnowledge

Version:
1.0.1.7

MD5:
99130855e980402244ef7e948980e2cb

SHA-1:
065a650f1f7ea8ab10adddc48457b228a5604e42

Scanner detections:
28 / 68

Status:
Adware

Analysis date:
4/25/2024 10:28:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.Wu9@R8lXQdli
366

Avira AntiVirus
TR/Spy.799360
7.11.215.236

avast!
Win32:Relevant-G [PUP]
2014.9-160204

AVG
RelevantKnowledge
2017.0.2844

Baidu Antivirus
Adware.Win32.RK
4.0.3.1624

Bitdefender
Gen:Adware.Heur.Wu9@R8lXQdli
1.0.20.175

Comodo Security
UnclassifiedMalware
18315

Dr.Web
Adware.Relevant.69
9.0.1.035

Emsisoft Anti-Malware
Gen:Adware.Heur.Wu9@R8lXQdli
8.16.02.04.08

Fortinet FortiGate
Riskware/OSS
2/4/2016

F-Secure
Gen:Adware.Heur.Wu9@R8lXQdli
11.2016-04-02_5

G Data
Gen:Adware.Heur.Wu9@R8lXQdli
16.2.25

IKARUS anti.virus
Gen.AdWare
t3scan.1.8.6.0

Malwarebytes
PUP.Optional.RelevantKnowledge
v2016.02.04.08

McAfee
Artemis!4889E6FBA2CB
5600.6500

MicroWorld eScan
Gen:Adware.Heur.Wu9@R8lXQdli
17.0.0.105

NANO AntiVirus
Riskware.Win32.Relevant.cxdfkd
0.30.0.296

Norman
RelevantKnowledge.A
11.20160204

Qihoo 360 Security
Win32/Trojan.Spy.a62
1.0.0.1015

Reason Heuristics
PUP.TMRG (M)
16.2.4.8

Rising Antivirus
PE:Trojan.Win32.Generic.12465632!306599474
23.00.65.16202

Sophos
Generic Proxy-OSS Application
4.98

SUPERAntiSpyware
Spyware.RelevantKnowledge
9344

Trend Micro House Call
ADW_RELEVANT
7.2.35

Trend Micro
ADW_RELEVANT
10.465.04

Vba32 AntiVirus
Signed-AdWare.Win32.Relevant
3.12.26.3

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
38314

ViRobot
Adware.Relevant.717440[h]
2014.3.20.0

File size:
796.6 KB (815,744 bytes)

Product version:
1.0.1.7

Copyright:
Copyright (C) 2007-2011

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\relevantknowledge\rlph.dll

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/1/2009 8:00:00 PM

Valid to:
9/27/2011 7:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata
Compilation timestamp:
1/6/2011 4:40:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:ugVl+l09hdq7uQcuoVlFyOcIetOWHD6/rEdy0M:VVl+l0vd2oAPIetFq0M

Entry address:
0x5BF6C

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 4D, E0, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 8B, 44, 24, 04, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 36, B8, FF, FF, 59, C3, 55, 8B, EC, 83, EC, 14, A1, C0, 6D, 0B, 10, 33, C5, 89, 45, FC, 53, 56, 33, DB, 39, 1D, 2C, 8B, 0B, 10, 57, 8B, F1, 75, 38, 53, 53, 33, FF, 47, 57, 68, CC, 6C, 08, 10, 68, 00, 01, 00, 00, 53, FF, 15, 8C, A0, 07, 10, 85, C0, 74, 08, 89, 3D, 2C, 8B, 0B, 10, EB, 15, FF, 15...
 
[+]

Entropy:
6.4250

Code size:
484 KB (495,616 bytes)

Remove rlph.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.