home

rlvknlg64.exe

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application rlvknlg64.exe by TMRG has been detected as adware by 36 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
RelevantKnowledge

Version:
1.0.2.0 (Build 2.0)

MD5:
ba7c49b64751dfb2e0316a43d05b59a5

SHA-1:
401bf1007c0b08da805b44ab49cc68260888ae9d

SHA-256:
238a9e1d3b8c97024ce80fda9d5322b2e97792e9f1eb26683d5056d7dd55c30d

Scanner detections:
36 / 68

Status:
Adware

Analysis date:
4/25/2024 7:36:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.RelevantKnowledge.E
375

Avira AntiVirus
Adware/RK.A.80
7.11.106.64

avast!
Win32:Relevant-G [PUP]
2014.9-160126

AVG
RelevantKnowledge
2017.0.2853

Baidu Antivirus
Adware.Win32
4.0.3.16126

Bitdefender
Application.RelevantKnowledge.E
1.0.20.130

Bkav FE
W32.OnGameEALBS.Trojan
1.3.0.4959

Boost by Reason
Optional.TMRG
188838

Clam AntiVirus
PUA.RelevantKnowledge
0.98/18155

Comodo Security
UnclassifiedMalware
16821

Dr.Web
Adware.Relevant.83
9.0.1.026

Emsisoft Anti-Malware
Adware.Win32.AMN!A2
8.16.01.26.03

ESET NOD32
Win32/Adware.RK
10.8726

Fortinet FortiGate
Riskware/RK
1/26/2016

F-Prot
W64/MalwareF.BIDJ
v6.4.6.2.117

F-Secure
Application.RelevantKnowledge.E
11.2016-26-01_3

G Data
Application.RelevantKnowledge
16.1.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.RK
t3scan.1.1.104.0

K7 AntiVirus
Adware
13.108.4911

Kaspersky
not-a-virus:Monitor.Win64.RK
14.0.0.759

Malwarebytes
PUP.Adware.RelevantKnowledge
v2016.01.26.03

McAfee
Generic PUP.x!di
5600.6509

MicroWorld eScan
Application.RelevantKnowledge.E
17.0.0.78

NANO AntiVirus
Trojan.Win64.RK.nswxk
0.26.0.55366

Norman
Application.RelevantKnowledge.E
11.20160126

nProtect
Trojan-Clicker/W32.RK.210560
11.07.16.01

Prevx
Low Risk Adware
3.0

Reason Heuristics
PUP.TMRG (M)
16.1.26.3

Rising Antivirus
PE:Trojan.Win32.Generic.12AAC108!313180424
23.00.65.16124

Sophos
Generic Proxy-OSS Application
4.67

SUPERAntiSpyware
Spyware.RelevantKnowledge
9363

Trend Micro House Call
TROJ_GEN.R06H1GC
7.2.26

Vba32 AntiVirus
AdWare.Win32.RK.aw
3.12.16.4

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
20862

ViRobot
Adware.RK.210560.A
2011.7.16.4573

Zillya! Antivirus
Adware.RK.Win64.2
2.0.0.1822

File size:
205.6 KB (210,560 bytes)

Product version:
1.0.2.0 (Build 2.0)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rlvknlg64.exe

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/1/2009 8:00:00 PM

Valid to:
9/27/2011 7:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata
Compilation timestamp:
9/28/2010 6:05:52 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:YNe+MgmemAXQohR2x/LIP1yqylAU64FOHHf8FhBlVQiQeKmAr:YYKQohREWyHlAU648nf8FZamI

Entry address:
0xDD2C

Entry point:
48, 83, EC, 28, E8, E3, 6A, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 49, 83, F8, 08, 72, 53, 0F, B6, D2, 49, B9, 01, 01, 01, 01, 01, 01, 01, 01, 49, 0F, AF, D1, 49, 83, F8, 40, 72, 1E, 48, F7, D9, 83, E1, 07, 74, 06, 4C, 2B, C1, 48, 89, 10, 48, 03, C8, 4D, 8B, C8, 49, 83, E0, 3F, 49, C1, E9, 06, 75, 39, 4D, 8B, C8, 49, 83, E0, 07, 49, C1, E9, 03, 74, 11, 66, 66, 66, 90, 90, 48, 89, 11, 48, 83, C1, 08, 49, FF, C9, 75, F4...
 
[+]

Entropy:
6.1712

Code size:
134.5 KB (137,728 bytes)

Remove rlvknlg64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.