» rlservice.exe
Overview
Analysis
File Details
Behaviors (1)

rlservice.exe

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlservice.exe by TMRG has been detected as adware by 40 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “RelevantKnowledge”. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

rlservice.exe

Publisher:

TMRG, Inc. (signed and verified)

Product:

RelevantKnowledge

Version:

1.1.16.164 (Build 16.164)

MD5:

52b7da51ddbf988871de71029fc38bba

SHA-1:

45adb57c1ba97d9b7f411702754ad067b9d48439

SHA-256:

7bcc04acf52ac6c2a43dcc7d0d59612dce64bcc02ee6108573c0b9c9fe0ad5c6

Scanner detections:

40 / 68

Status:

Adware

Analysis date:

4/20/2024 2:53:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Heur.gq1@RSAjq2ji

363

Agnitum Outpost

Adware.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.ADH

2014.01.12

Avira AntiVirus

Adware/Agent.107136.3

7.11.124.210

avast!

Win32:Relevant-G [PUP]

2014.9-160207

AVG

RelevantKnowledge

2017.0.2841

Baidu Antivirus

Adware.Win32.RKToolbar

4.0.3.1627

Bitdefender

Gen:Adware.Heur.gq1@RSAjq2ji

1.0.20.190

Bkav FE

W32.RevelantKnowledgeGTB.Adware

1.3.0.4613

Clam AntiVirus

PUA.RelevantKnowledge

0.98/18155

Comodo Security

UnclassifiedMalware

17594

Dr.Web

Adware.Relevant.66

9.0.1.038

Emsisoft Anti-Malware

Gen:Adware.Heur.gq1@RSAjq2ji

8.16.02.07.11

ESET NOD32

Win32/Adware.RK (variant)

10.9279

Fortinet FortiGate

Riskware/OSS

2/7/2016

F-Prot

W32/MalwareF.CHGB

v6.4.7.1.166

F-Secure

Gen:Adware.Heur.dq1@RSQ2luji

11.2016-07-02_1

G Data

Gen:Adware.Heur.gq1@RSAjq2ji

16.2.22

IKARUS anti.virus

Gen.AdWare.Heur

t3scan.2.2.29

K7 AntiVirus

Adware

13.175.10814

Kaspersky

not-a-virus:WebToolbar.Win32.RK

14.0.0.698

Malwarebytes

PUP.Optional.RelevantKnowledge

v2016.02.07.11

McAfee

Artemis!D901B1B268F5

5600.6497

MicroWorld eScan

Gen:Adware.Heur.gq1@RSAjq2ji

17.0.0.114

NANO AntiVirus

Trojan.Win32.Relevant.eaxxg

0.28.0.57029

Norman

Adware.A!genr

11.20160207

Panda Antivirus

Spyware/RelevantKnowledge

16.02.07.11

Prevx

Medium Risk Malware

3.0

Qihoo 360 Security

Win32/Virus.Adware.a18

1.0.0.1015

Quick Heal

Adware.RK.ad (Not a Virus)

2.16.11.00

Reason Heuristics

PUP.TMRG (M)

16.2.7.11

Rising Antivirus

PE:Trojan.Win32.Generic.12922C89!311569545

23.00.65.16205

Sophos

Generic Proxy-OSS Application

4.96

SUPERAntiSpyware

Spyware.RelevantKnowledge

9338

Trend Micro House Call

TROJ_GEN.RCBZ7KN

7.2.38

Trend Micro

TROJ_GEN.RCBZ7KN

10.465.07

Vba32 AntiVirus

Signed-AdWare.Win32.Relevant

3.12.24.3

VIPRE Antivirus

Adware.Win32.RelevantKnowledge.a

25330

ViRobot

Adware.Relevant.49792

2011.4.7.4223

Zillya! Antivirus

Adware.RK.Win32.92

2.0.0.1995

File size:

104.6 KB (107,136 bytes)

Product version:

1.1.16.164 (Build 16.164)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\relevantknowledge\rlservice.exe

Digital Signature

Signed by:

TMRG, Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

9/1/2009 7:00:00 PM

Valid to:

9/27/2011 6:59:59 PM

Subject:

CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata

Compilation timestamp:

8/16/2011 10:12:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

1536:2BVsZnpnMLfEJnbmikIuFbvsVkS9HTMkTULOZQtDtCh4A7:MVsU4EbQlmOZQtDoa8

Entry address:

0x5D25

Entry point:

E8, 3E, 55, 00, 00, E9, 41, FE, FF, FF, 3B, 0D, B8, 66, 41, 00, 75, 02, F3, C3, E9, BE, 55, 00, 00, CC, CC, 68, A0, 5D, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, B8, 66, 41, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 83, EC, 14, 53, 8B... 
[+]

Entropy:

5.9877

Code size:

60 KB (61,440 bytes)

Service

Display name:

RelevantKnowledge

Type:

Win32OwnProcess

Remove rlservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.