» rlxg.dll
Overview
Analysis
File Details

rlxg.dll

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The module rlxg.dll by TMRG has been detected as adware by 33 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

rlxg.dll

Publisher:

TMRG, Inc. (signed and verified)

Product:

RelevantKnowledge

Version:

1, 3, 329, 2

MD5:

a38055ae83a9d518883fae9e673009a2

SHA-1:

2fe7d4e45bea56ff0172c109f2e3c98b694c0321

SHA-256:

8edf511953d0c341b7d766d8f53d8ad763ebfa7fa49dace53dbe67c8cb732e1a

Scanner detections:

33 / 68

Status:

Adware

Analysis date:

4/18/2024 4:20:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Heur.hu9@R03oQtpi

382

Agnitum Outpost

Adware.Agent

7.1.1

AhnLab V3 Security

Malware/Win32.Generic

2010.11.21

Avira AntiVirus

TR/Spy.123520

7.10.14.55

avast!

Win32:Relevant-G

2014.9-160118

AVG

RelevantKnowledge

2017.0.2860

Baidu Antivirus

Adware.Win32.RK

4.0.3.16118

Bitdefender

Gen:Adware.Heur.hu9@RCVFPPfi

1.0.20.90

Clam AntiVirus

PUA.RelevantKnowledge

0.98/18155

Comodo Security

UnclassifiedMalware

18866

Dr.Web

Adware.OSSProxy

9.0.1.018

Emsisoft Anti-Malware

Gen:Adware.Heur.hu9@R03oQtpi

8.16.01.18.04

ESET NOD32

Win32/Adware.RK.AM (variant)

10.9946

Fortinet FortiGate

Riskware/OSS

1/18/2016

F-Secure

Gen:Adware.Heur.hu9@RCVFPPfi

11.2016-18-01_2

G Data

Gen:Adware.Heur.hu9@RCVFPPfi

16.1.21

IKARUS anti.virus

Gen.AdWare

t3scan.1.1.90.0

K7 AntiVirus

Riskware

13.178.12292

Malwarebytes

PUP.Optional.RelevantKnowledge

v2016.01.18.04

McAfee

Proxy-OSS

5600.6516

MicroWorld eScan

Gen:Adware.Heur.hu9@R03oQtpi

17.0.0.54

NANO AntiVirus

Riskware.Win32.OSSProxy.cxdphk

0.28.2.60881

Norman

W32/Adware.A!genr

11.20160118

Prevx

Medium Risk Malware

3.0

Qihoo 360 Security

Win32/Trojan.Spy.ddb

1.0.0.1015

Reason Heuristics

PUP.TMRG (M)

16.1.18.16

Rising Antivirus

PE:Trojan.Win32.Generic.125F5103!308236547

23.00.65.16116

Sophos

Generic Proxy-OSS Application

4.98

SUPERAntiSpyware

Spyware.RelevantKnowledge

9378

Trend Micro House Call

TROJ_GEN.R4FH1HN

7.2.18

Vba32 AntiVirus

Signed-AdWare.Win32.Relevant

3.12.14.2

VIPRE Antivirus

Adware.Win32.RelevantKnowledge.a

31316

ViRobot

Adware.Agent.119424

2011.4.7.4223

File size:

228.6 KB (234,112 bytes)

Product version:

1, 3, 329, 2

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\rlxg.dll

Digital Signature

Signed by:

TMRG, Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

9/1/2009 7:00:00 PM

Valid to:

9/27/2011 6:59:59 PM

Subject:

CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata

Compilation timestamp:

3/2/2011 3:51:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:bg7KnRBlOvc3gAkkm6XBZh1YvLAnwFikySwbuUW28x8tc+duG4h+f+:Z1OvugAvXZz+sKCSJUW2S+sG4h+f+

Entry address:

0x13E64

Entry point:

83, 7C, 24, 08, 01, 75, 05, E8, E7, 82, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9... 
[+]

Entropy:

6.4307

Code size:

152 KB (155,648 bytes)

Remove rlxg.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.