Home / malwarePDF  

PUA:Win32/RelevantKnowledge


First posted on 24 March 2019.
Source: Microsoft

Aliases :

PUA:Win32/RelevantKnowledge is also known as not-a-virus:AdWare.Win32.Agent.hajq, Proxy-OSS, a variant of Win32/Adware.RK.AE application, Generic Proxy-OSS Application, ADW_RELEKNOW, Backdoor.Farfri!4943, Gen:Variant.Adware.Graftor.172424, Spyware.Marketscore.

Explanation :

Installation

This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:

www.opinionsquare.com www.digitalreflectionpanel.com www.permissionresearch.com www.ipsos-mori.com

We have seen this application use the following file names:

JRT.exe JRT (1).exe OSSetup.exe JRT(1).exe JRT (2).exe PRSetup.exe InstallCert.exe JRT_6.1.4.exe

It can be digitally signed by the following vendors:

TMRG Inc. VoiceFive Networks, Inc. TMRG, Inc. VoiceFive, Inc. VASSANA KONGSOONGNERN

We have seen this application using product names such as:

Relevant-Knowledge PremierOpinion OpinionSquare PermissionResearch rkverify

This application communicates with domains such as:

oss-content.securestudies.com rules.securestudies.com oss-survey.securestudies.com hawk.securestudies.com www.relevantknowledge.com

For example:

oss-content.securestudies.com/cidpost oss-content.securestudies.com/cidpost rules.securestudies.com/oss/rule1.asp? Payload

Exhibits suspicious behaviors

We have observed this application exhibit the following potentially unwanted behavior on PCs:

Injects into other processes on your system Changes your browser's shortcuts - often this can be used to take over your homepage by adding command-line arguments that change how the page is loaded Installs extensions into your browsers - often this is used to inject ads, add toolbars, or change how your browser works Modifies your browser proxy settings to local host - this is commonly used to inject ads into your browsers

Installs other programs

We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:

PremierOpinion RelevantKnowledge Internet Download Manager HTML5 Video Player 1.2.5 NVIDIA Virtual Audio 1.2.40

This description was published using automated analysis.

Last update 24 March 2019

 

TOP

Malware :