home

rlvknlg.exe

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlvknlg.exe by TMRG has been detected as adware by 28 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
RelevantKnowledge

Version:
1.3.323.338 (Build 323.338)

MD5:
9808bc3e3b28e7e18b990580fce5e8a3

SHA-1:
1e5342b0c62cfe7b506004382d62f605590c1af8

SHA-256:
0ac1ca75a23c90dfcef91df3acbd31a55f0085d8a846c9fc883b6ccc8ab23778

Scanner detections:
28 / 68

Status:
Adware

Analysis date:
4/26/2024 7:38:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.205375
804

Agnitum Outpost
Adware.AdSpy
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.152.210

avast!
Win32:Relevant-G [PUP]
2014.9-141122

AVG
RelevantKnowledge
2015.0.3282

Baidu Antivirus
AdWare.Win32.RK
4.0.3.141122

Bitdefender
Application.Generic.205375
1.0.20.1630

Bkav FE
W32.RevelantKnowledgeGTA.Adware
1.3.0.4959

Comodo Security
UnclassifiedMalware
18423

Dr.Web
Program.RelKnow.2
9.0.1.0326

ESET NOD32
Win32/Adware.RK.AA
8.9887

Fortinet FortiGate
Riskware/OSS
11/22/2014

F-Prot
W32/Adware.AESG
v6.4.7.1.166

F-Secure
Adware:W32/RelevantKnowledge
11.2014-22-11_7

G Data
Application.Generic.205375
14.11.24

IKARUS anti.virus
not-a-virus:AdWare.PremiumO
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.178.12292

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.11.22.04

McAfee
Artemis!9808BC3E3B28
5600.6938

MicroWorld eScan
Application.Generic.205375
15.0.0.978

Norman
Adware.A!genr
11.20141122

Panda Antivirus
Trj/Banker.LZV
14.11.22.04

Reason Heuristics
PUP.TMRG.H
14.11.22.16

Rising Antivirus
PE:Trojan.Win32.Generic.11EDD29F!300798623
23.00.65.141120

Sophos
Generic Proxy-OSS Application
4.98

SUPERAntiSpyware
Spyware.RelevantKnowledge
10222

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
29898

ViRobot
Spyware.Relevant.1700992
2011.4.7.4223

File size:
1.6 MB (1,700,992 bytes)

Product version:
1.3.323.338 (Build 323.338)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\{random}.tmp\rlvknlg.exe

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/16/2007 7:00:00 PM

Valid to:
9/27/2009 6:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
02491544000D8C9D63F061B1EBAE8466

File PE Metadata
Compilation timestamp:
5/21/2009 3:58:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
24576:a6pKFhksQo82sZqWOAPZmTkd4FxvqLKkzKUTnj6L33sZ9HqJ:xpKFhrn8yxnk2SLJGUTj6LeC

Entry address:
0x110B0C

Entry point:
6A, 74, 68, E8, CE, 53, 00, E8, 44, 03, 00, 00, 33, DB, 89, 5D, E0, 53, 8B, 3D, 0C, B2, 53, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 20, B8, 53, 00, 59, 83, 0D, D8, DD, 5B, 00, FF, 83...
 
[+]

Entropy:
6.4834

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
1.2 MB (1,283,584 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wwwc.ri5.securestudies.com  (4.16.74.200:80)

TCP (HTTP):
Connects to wwwc.ia2.securestudies.com  (66.119.34.42:80)

TCP (HTTP):
Connects to oss-ad-iad.securestudies.com  (165.193.78.187:80)

TCP (HTTP):
Connects to wwwc.ia1.securestudies.com  (165.193.73.40:80)

TCP (HTTP):
Connects to hawk-iad.securestudies.com  (165.193.78.186:8080)

Remove rlvknlg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.