home

rlvknlg.exe

Relevant-Knowledge

TMRG Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlvknlg.exe by TMRG has been detected as adware by 20 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed by TMRG Inc.)

Product:
Relevant-Knowledge

Version:
1.3.337.341 (Build 337.341)

MD5:
573c37be5ef140e4d0566e8229f85642

SHA-1:
be4ed1fd61c39703653d1ed17faaba8915f4dce2

SHA-256:
03a7a25a335e7771ef0871ab680f3a6b6985547aeb2e8e6714ead37cab4be72c

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundled via 3rd-party installers and monitors the user's behavior.

Analysis date:
4/25/2024 2:53:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.180.228

avast!
Win32:Relevant-W [PUP]
2014.9-141023

AVG
RelevantKnowledge
2015.0.3312

Baidu Antivirus
Adware.Win32.RK
4.0.3.141023

Comodo Security
ApplicUnwnt
19885

Dr.Web
DLOADER.Trojan
9.0.1.0296

ESET NOD32
Win32/Adware.RK.AE (variant)
8.10610

Fortinet FortiGate
Riskware/RK
10/23/2014

F-Prot
W32/Relevant.A.gen
v6.4.7.1.166

IKARUS anti.virus
PUA.RK
t3scan.1.7.8.0

K7 AntiVirus
Adware
13.184.13741

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.10.23.10

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.TMRG.H
14.10.23.22

Rising Antivirus
PE:Trojan.Win32.Generic.170D20A2!386736290
23.00.65.141021

Sophos
Generic Proxy-OSS Application
4.98

Trend Micro House Call
Suspicious_GEN.F47V0919
7.2.296

VIPRE Antivirus
Marketscore.RelevantKnowledge
34190

Zillya! Antivirus
Adware.RK.Win32.344
2.0.0.1953

File size:
3.3 MB (3,507,992 bytes)

Product version:
1.3.337.341 (Build 337.341)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rlvknlg.exe

Digital Signature
Signed by:
TMRG Inc.

Authority:
VeriSign, Inc.

Valid from:
12/1/2013 7:00:00 PM

Valid to:
1/31/2016 6:59:59 PM

Subject:
CN=TMRG Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TMRG Inc., L=Reston, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
51FEA1E74EDC6FFFF4BD5F65BD540362

File PE Metadata
Compilation timestamp:
8/18/2014 3:40:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:WOueBH7QEbQ0Lpw0meb52GLUatXH4awMyGWdF7a1zRyEN1hnU/1Ym49kd:9HfQ0Lpw0meb52GLNtXHnQsGYbM

Entry address:
0x23465C

Entry point:
E8, BC, 54, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, D8, 46, 63, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 90, DF, 03, 00, 8B, 45, 0C, 8B...
 
[+]

Entropy:
6.5588

Code size:
2.6 MB (2,732,544 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to wwwc.ri6.securestudies.com  (4.26.66.232:80)

TCP (HTTP):
Connects to wwwc.ri4.securestudies.com  (4.26.67.104:80)

Remove rlvknlg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.