home

rlxf.dll

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The module rlxf.dll by TMRG has been detected as adware by 33 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
RelevantKnowledge

Version:
1, 2, 323, 1

MD5:
c0655c7ca8b881233e16e44061111291

SHA-1:
d429e73aea37a1dc7c3bf58afbea3dff350c9958

SHA-256:
bb8331acdb0b230eb83cda039b5e55fff7a99a41860085f7a28df6a792ee4b36

Scanner detections:
33 / 68

Status:
Adware

Analysis date:
5/7/2024 8:54:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.nu9@RSlLGupi
375

AhnLab V3 Security
Malware/Win32.Generic
2011.09.28

Avira AntiVirus
Adware/Agent.225920.12
7.11.30.172

Emsisoft A-Squared
AdWare.AdSpy!IK
4.5.0.50

avast!
Win32:Relevant-G [PUP]
2014.9-160126

AVG
RelevantKnowledge
2017.0.2853

Baidu Antivirus
Adware.Win32.RK
4.0.3.16126

Bitdefender
Gen:Adware.Heur.nu9@ROpZCzhi
1.0.20.130

Bkav FE
W32.Clod69e.Trojan
1.3.0.4959

Clam AntiVirus
PUA.RelevantKnowledge
0.98/18155

Comodo Security
UnclassifiedMalware
17206

Dr.Web
Adware.Relevant.113
9.0.1.026

Emsisoft Anti-Malware
Gen:Adware.Heur.nu9@ROpZCzhi
8.16.01.26.03

ESET NOD32
Win32/Adware.RK.AT application
10.7.0.302.0

Fortinet FortiGate
Riskware/OSS
1/26/2016

F-Prot
W32/MalwareF.ADWVH
v6.4.6.5.141

F-Secure
Gen:Adware.Heur.nu9@RSlLGupi
11.2016-26-01_3

G Data
Gen:Adware.Heur.nu9@ROpZCzhi
16.1.22

IKARUS anti.virus
not-a-virus:AdWare.Win32.RelevantKnowledge
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.143.7038

Malwarebytes
PUP.Optional.RelevantKnowledge
v2016.01.26.03

McAfee
Artemis!CDFA9A4E8EE7
5600.6509

MicroWorld eScan
Gen:Adware.Heur.nu9@RSlLGupi
17.0.0.78

Norman
Adware.A!genr
11.20160126

Qihoo 360 Security
Win32/Virus.Adware.6dd
1.0.0.1015

Reason Heuristics
PUP.TMRG (M)
16.1.26.3

Rising Antivirus
Trojan.Win32.Generic.12854E30
23.00.65.16124

Sophos
Generic Proxy-OSS Application
4.94

SUPERAntiSpyware
Spyware.RelevantKnowledge
9363

Trend Micro House Call
TROJ_GEN.RCBB1AT
7.2.26

Vba32 AntiVirus
Signed-AdWare.Win32.Relevant
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
22998

ViRobot
Adware.Agent.225920
2011.4.7.4223

File size:
220.6 KB (225,920 bytes)

Product version:
1, 2, 323, 1

Copyright:
Copyright © 2001-2008

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rlxf.dll

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/1/2009 8:00:00 PM

Valid to:
9/27/2011 7:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata
Compilation timestamp:
3/31/2009 11:15:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:ZjY8LHLEbfdFpwPsHL8VjzKFc/OgEzGlDJ1rK:ZtLr8drwYL8B2DgEeN1rK

Entry address:
0x136E7

Entry point:
6A, 0C, 68, 98, 6D, 02, 10, E8, 91, 08, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, 54, 09, 03, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 30, D2, 02, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, 9D, D6, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Entropy:
6.0539

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
144 KB (147,456 bytes)

Remove rlxf.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.