mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. While running, it connects to the Internet address mirc.co.uk on port 80 using the HTTP protocol.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Version:
6.35

MD5:
f8379b3832766353cef52b4cd5aa8315

SHA-1:
462dd927057941cc35dfe9fe3d37af7b9d444fd5

SHA-256:
de684576403e3ee083d704faaae5e1ed2d53101c29fcf2fb17d9491c52929a51

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:41:52 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mirc-Z [PUP]
2014.9-140318

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.14318

Bkav FE
W32.Clodfbd.Trojan
1.3.0.4959

Clam AntiVirus
Win.Worm.Agent-275
0.98/18355

IKARUS anti.virus
not-a-virus:Client-IRC.Win32.mIRC
t3scan.2.2.29

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.4152

McAfee
Artemis!F8379B383276
5600.7187

Trend Micro House Call
TROJ_GEN.R0CBH07LM13
7.2.77

File size:
2.7 MB (2,825,216 bytes)

Product version:
6.35

Copyright:
Copyright © 1995-2008 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
10/17/2008 10:39:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
49152:8ijBLIbeHeRJMmhVZFoF4OAsnbR7XTX8Fb:8SdIbtUmh/20s98F

Entry address:
0x1DF5DD

Entry point:
6A, 60, 68, A8, B2, 60, 00, E8, 0F, 05, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 9B, A3, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 64, 41, 5F, 00, 8B, 4E, 10, 89, 0D, 08, 1D, 6B, 00, 8B, 46, 04, A3, 14, 1D, 6B, 00, 8B, 56, 08, 89, 15, 18, 1D, 6B, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 0C, 1D, 6B, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 0C, 1D, 6B, 00, C1, E0, 08, 03, C2, A3, 10, 1D, 6B, 00, 33, F6, 56, 8B, 3D, 78, 42, 5F, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.9 MB (2,042,880 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mirc.com  (50.28.34.67:80)

TCP (HTTP):
Connects to mirc.co.uk  (31.25.190.198:80)

TCP:
Connects to ns372529.ip-188-165-238.eu  (188.165.238.162:6667)

TCP:
Connects to mta11.bizinfosolution.com  (208.98.14.12:6667)

TCP:
Connects to ks3373565.kimsufi.com  (37.187.102.70:6667)

TCP:
Connects to 61.ip-51-255-167.eu  (51.255.167.61:6667)

TCP:
Connects to zebra512.startdedicated.com  (188.138.106.112:6667)

TCP (HTTP):
Connects to webx181.aruba.it  (62.149.140.191:80)

TCP:
Connects to virtual.rootworld.eu  (5.196.16.32:6667)

TCP:
Connects to static.88-198-121-108.clients.your-server.de  (88.198.121.108:6667)

TCP:
Connects to ns351884.ip-91-121-72.eu  (91.121.72.150:31338)

TCP:
Connects to ns3363473.ip-37-187-99.eu  (37.187.99.204:6667)

TCP:
Connects to ns328578.ip-37-187-114.eu  (37.187.114.146:45138)

TCP:
Connects to ns3041994.ip-188-165-205.eu  (188.165.205.156:6667)

TCP:
Connects to mta13.bizinfosolution.com  (208.98.14.14:6667)

TCP:
Connects to ks385128.kimsufi.com  (46.105.126.99:36598)

TCP:
Connects to ks3266230.kimsufi.com  (5.39.79.144:58660)

TCP:
Connects to ip50.ip-178-32-227.eu  (178.32.227.50:6667)

TCP:
Connects to ip35.ip-178-33-83.eu  (178.33.83.35:6667)

TCP:
Connects to 66.ip-51-255-167.eu  (51.255.167.66:6667)

Remove mirc.exe - Powered by Reason Core Security