home

rlservice.exe

Relevant-Knowledge

TMRG Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlservice.exe by TMRG has been detected as adware by 16 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “RelevantKnowledge”. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed by TMRG Inc.)

Product:
Relevant-Knowledge

Version:
1.1.23.144 (Build 23.144)

MD5:
e721eefb38b6e266124a438224befd8b

SHA-1:
6ef5f6038cbe87a2a4ee37d041a60a1e99e9bf75

SHA-256:
49e81b790b3f1fbd296bddca3b84564dfb579c43e9e78c59f726b6237b42c6bc

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundled via 3rd-party installers and monitors the user's behavior.

Analysis date:
4/18/2024 9:10:39 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Generic
2014.11.07

avast!
Win32:Relevant-W [PUP]
2014.9-150302

Baidu Antivirus
Adware.Win32.RK
4.0.3.1532

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
21258

Dr.Web
MULDROP.Trojan
9.0.1.061

ESET NOD32
Win32/AdWare.RK.AR (variant)
9.11252

Fortinet FortiGate
Riskware/RK
3/2/2015

IKARUS anti.virus
AdWare.Win32.RK
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.RelevantKnowledge
v2015.03.02.03

McAfee
Artemis!F6BB129F48F6
5600.6839

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
Adware.Service.TMRG
15.3.2.3

Rising Antivirus
PE:Trojan.Win32.Generic.175BCA44!391891524
23.00.65.15228

SUPERAntiSpyware
PUP.RelevantKnowledge
10023

VIPRE Antivirus
Marketscore.RelevantKnowledge
38032

File size:
208.8 KB (213,784 bytes)

Product version:
1.1.23.144 (Build 23.144)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\relevantknowledge\rlservice.exe

Digital Signature
Signed by:
TMRG Inc.

Authority:
VeriSign, Inc.

Valid from:
12/2/2013 8:00:00 AM

Valid to:
2/1/2016 7:59:59 AM

Subject:
CN=TMRG Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TMRG Inc., L=Reston, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
51FEA1E74EDC6FFFF4BD5F65BD540362

File PE Metadata
Compilation timestamp:
11/1/2014 1:03:03 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:xxfeTcrvfEteCDvB5XM7LOyRDN5eZWdU17LmIYvKTWeKemy+ElVNN4Z9:xx2TcoteB7LZPqWdU17L1YCTwemE/Q9

Entry address:
0x14BB5

Entry point:
E8, 7E, 8F, 00, 00, E9, A5, FE, FF, FF, 6A, 0C, 68, 80, 05, 43, 00, E8, 35, 03, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 90, 5F, 43, 00, 77, 22, 6A, 04, E8, 47, 28, 00, 00, 59, 83, 65, FC, 00, 56, E8, 4E, 30, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 41, 03, 00, 00, C3, 6A, 04, E8, 42, 27, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, E8, 80, 42, 00, 83, 3D, FC, 42, 43, 00, 00, 75, 18, E8, 1E, 81, 00...
 
[+]

Entropy:
6.5073

Code size:
153 KB (156,672 bytes)

Service
Display name:
RelevantKnowledge

Type:
Win32OwnProcess


Remove rlservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.