home

rlxh.dll

Relevant-Knowledge

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The module rlxh.dll by TMRG has been detected as adware by 21 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
TMRG, Inc.  (signed by TMRG, Inc.)

Product:
Relevant-Knowledge

Version:
1, 3, 331, 1

MD5:
a392c3b73432d2c571b4771c6cd53f74

SHA-1:
f6c25b59872f4da9346f0d123c7e42cd37c15e4c

SHA-256:
137525f43b62bfa1f20066ef844900f1d153699051a55ec67f6eeafb54c51d34

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
4/24/2024 3:17:03 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.RelevantKnowledge
7.1.1

AhnLab V3 Security
Trojan/Win32.ADH
2014.11.09

avast!
Win32:PUP-gen [PUP]
2014.9-160212

AVG
RelevantKnowledge
2017.0.2836

Baidu Antivirus
Adware.Win32.RelevantKnowledge
4.0.3.16212

Clam AntiVirus
PUA.RelevantKnowledge-1
0.98/18155

Comodo Security
UnclassifiedMalware
20032

Emsisoft Anti-Malware
Adware.Win32.RelevantKnowledge.AMN
8.16.02.12.07

ESET NOD32
Win32/Adware.RK.AM (variant)
10.9883

F-Prot
W32/Relevant.B.gen
v6.4.7.1.166

IKARUS anti.virus
Gen.AdWare.Heur
t3scan.1.1.107.0

K7 AntiVirus
Adware
13.185.13943

Kaspersky
not-a-virus:AdWare.Win32.RelevantKnowledge
14.0.0.673

Malwarebytes
PUP.Optional.RelevantKnowledge
v2016.02.12.07

Norman
W32/RelevantKnowledge.ALS
11.20160212

nProtect
Trojan/W32.Agent.160784.C
14.06.02.01

Reason Heuristics
PUP.TMRG (M)
16.2.12.7

SUPERAntiSpyware
PUP.RelevantKnowledge
9328

Vba32 AntiVirus
AdWare.RelevantKnowledge
3.12.26.3

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
13722

Zillya! Antivirus
Adware.RelevantKnowledge.Win32.4
2.0.0.1809

File size:
157 KB (160,784 bytes)

Product version:
1, 3, 331, 1

Copyright:
Copyright (C) 2011

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rlxh.dll

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte, Inc.

Valid from:
7/20/2011 8:00:00 PM

Valid to:
1/11/2013 6:59:59 PM

Subject:
CN="TMRG, Inc.", O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3E610C00C4D725B9689279CC88EEA594

File PE Metadata
Compilation timestamp:
8/29/2011 3:49:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:kOkFTNmRaNSuyOASwC+v8EUMnrJcmbYp6qRlxgyBcEpPn+Be08rFMw1tZQipwM9x:MTNyAAS6ymbvYzmorFMetZTpEL92Z

Entry address:
0xCB44

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, D1, 4F, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9...
 
[+]

Entropy:
6.1831

Code size:
100 KB (102,400 bytes)

Remove rlxh.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.