home

rlxh.dll

RelevantKnowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The module rlxh.dll by TMRG has been detected as adware by 25 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed and verified)

Product:
RelevantKnowledge

Version:
1, 3, 330, 4

MD5:
66c29128a6ab7af46cbf813f413c4fd3

SHA-1:
0cff881ee0f9ee69dcbaa6cdb3bdd3785d1aa01f

SHA-256:
aaabec03e23c88eb9058937472b12acad587380b44ef90d90ff9693045042f99

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
4/26/2024 12:16:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.ju9@R0xyyyci
375

AhnLab V3 Security
Trojan/Win32.ADH
2014.06.04

Avira AntiVirus
Adware/Agent.160384
7.11.152.214

avast!
Win32:Relevant-G [PUP]
2014.9-160126

AVG
RelevantKnowledge
2017.0.2853

Baidu Antivirus
Adware.Win32.RelevantKnowledge
4.0.3.16126

Bitdefender
Gen:Adware.Heur.ju9@R0xyyyci
1.0.20.130

Clam AntiVirus
PUA.RelevantKnowledge
0.98/18155

Comodo Security
UnclassifiedMalware
18423

Emsisoft Anti-Malware
Gen:Adware.Heur.ju9@R0xyyyci
8.16.01.26.03

ESET NOD32
Win32/Adware.RK.AM (variant)
10.9888

F-Secure
Gen:Adware.Heur.ju9@R0xyyyci
11.2016-26-01_3

G Data
Gen:Adware.Heur.ju9@R0@X!Edi
16.1.24

IKARUS anti.virus
Gen.AdWare.Heur
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.RelevantKnowledge
14.0.0.759

Malwarebytes
PUP.Optional.RelevantKnowledge
v2016.01.26.03

MicroWorld eScan
Gen:Adware.Heur.ju9@R0xyyyci
17.0.0.78

Norman
Adware.A!genr
11.20160126

Qihoo 360 Security
Win32/Virus.Adware.879
1.0.0.1015

Reason Heuristics
PUP.TMRG (M)
16.1.26.3

Rising Antivirus
PE:Trojan.Win32.Generic.12A80A87!313002631
23.00.65.16124

Sophos
Generic PUA DK
4.98

SUPERAntiSpyware
Spyware.RelevantKnowledge
9363

Vba32 AntiVirus
Signed-AdWare.Win32.Relevant
3.12.26.0

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
29898

File size:
156.6 KB (160,384 bytes)

Product version:
1, 3, 330, 4

Copyright:
Copyright (C) 2011

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rlxh.dll

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/1/2009 8:00:00 PM

Valid to:
9/27/2011 7:59:59 PM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata
Compilation timestamp:
7/11/2011 2:46:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:6sVdEBYMZOB+GOOqaKkysWX3qD9zoGbAWbjQquzwUQC6QsxBnMeZp4EZJn1G9T10:6sQB9ZzO1ZvbxcQLxZbJn1SBtZL+L/t

Entry address:
0xCAD4

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 60, 4F, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9...
 
[+]

Entropy:
6.1734

Code size:
100 KB (102,400 bytes)

Remove rlxh.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.