home

rlservice.exe

Relevant-Knowledge

TMRG Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlservice.exe by TMRG has been detected as adware by 35 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “RelevantKnowledge”. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed by TMRG Inc.)

Product:
Relevant-Knowledge

Version:
1.1.23.154 (Build 23.154)

MD5:
337758423d5ea88b11e35e9a27a20416

SHA-1:
a116df777b6159ec9b09213bffdf97f359961be3

SHA-256:
b7e0af86c30143679471b82d41bc418b19c542c73f26b30d974034e50f52dba4

Scanner detections:
35 / 68

Status:
Adware

Explanation:
Bundled via 3rd-party installers and monitors the user's behavior.

Analysis date:
5/11/2024 1:43:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1449196
362

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Generic
2014.11.07

Avira AntiVirus
ADWARE/Agent.206104.7
8.3.1.6

avast!
Win32:Relevant-W [PUP]
2014.9-160208

AVG
RelevantKnowledge
2017.0.2840

Baidu Antivirus
Adware.Win32.RK
4.0.3.1628

Bitdefender
Application.Generic.1449196
1.0.20.195

Bkav FE
W32.HfsAdware
1.3.0.7062

Comodo Security
ApplicUnwnt
23000

Dr.Web
Adware.Relevant.114
9.0.1.039

ESET NOD32
Win32/Adware.RK (variant)
10.12087

Fortinet FortiGate
Adware/Agent
2/8/2016

F-Prot
W32/S-f1187512
v6.4.7.1.166

F-Secure
Application.Generic.1449196
11.2016-08-02_2

G Data
Win32.Application.Agent.R6SBJ2
16.2.25

IKARUS anti.virus
AdWare.Win32.RK
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.208.16876

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.694

Malwarebytes
PUP.Optional.RelevantKnowledge
v2016.02.08.02

McAfee
Artemis!F6BB129F48F6
5600.6496

MicroWorld eScan
Application.Generic.1449196
17.0.0.117

NANO AntiVirus
Riskware.Win32.Agent.dupumh
0.30.24.3079

nProtect
Abuse-Worry/W32.RK.186136
15.08.12.01

Panda Antivirus
PUP/RelevantKnowledge
16.02.08.02

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
AdWare.Agent.r4 (Not a Virus)
2.16.14.00

Reason Heuristics
PUP.TMRG (M)
16.2.8.2

Rising Antivirus
PE:Trojan.Win32.Generic.175BCA44!391891524
23.00.65.16206

Sophos
Generic PUA JG (PUA)
4.98

SUPERAntiSpyware
PUP.RelevantKnowledge
9337

Trend Micro House Call
Suspicious_GEN.F47V0309
7.2.39

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Marketscore.RelevantKnowledge
42844

Zillya! Antivirus
Adware.Agent.Win32.57188
2.0.0.2255

File size:
201.3 KB (206,104 bytes)

Product version:
1.1.23.154 (Build 23.154)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\relevantknowledge\rlservice.exe

Digital Signature
Signed by:
TMRG Inc.

Authority:
VeriSign, Inc.

Valid from:
12/1/2013 8:00:00 PM

Valid to:
1/31/2016 7:59:59 PM

Subject:
CN=TMRG Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TMRG Inc., L=Reston, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
51FEA1E74EDC6FFFF4BD5F65BD540362

File PE Metadata
Compilation timestamp:
7/21/2015 12:13:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:8Y/UedX/Wre73gy5WmqYMgNE2bR5Ig2L6cc278c+JdjyeE3V9WH2:8Y/US7EpgS+R5Ig2LVca8JnBESW

Entry address:
0x132F5

Entry point:
E8, 7E, 8F, 00, 00, E9, A5, FE, FF, FF, 6A, 0C, 68, 10, E1, 42, 00, E8, 35, 03, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 90, 3F, 43, 00, 77, 22, 6A, 04, E8, 47, 28, 00, 00, 59, 83, 65, FC, 00, 56, E8, 4E, 30, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 41, 03, 00, 00, C3, 6A, 04, E8, 42, 27, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, E8, 60, 42, 00, 83, 3D, FC, 22, 43, 00, 00, 75, 18, E8, 69, 80, 00...
 
[+]

Entropy:
6.5120

Code size:
146.5 KB (150,016 bytes)

Service
Display name:
RelevantKnowledge

Type:
Win32OwnProcess


Remove rlservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.