home

mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler. While running, it connects to the Internet address platano.chatsfree.net on port 6667.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Version:
6.2

MD5:
222c98f9faf7a0b283fd0736f0ab6c1a

SHA-1:
4e64127f7ca35c18cd531c8881d21a44f4042789

SHA-256:
97cfb851395032e8389653c32bcf194ea498dd00ff2b199c5995bc4ae6bd44a3

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 7:02:11 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mirc-Z [PUP]
2014.9-140101

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.1411

IKARUS anti.virus
not-a-virus:Client-IRC.Win32.mIRC
t3scan.2.2.29

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.4530

File size:
2 MB (2,109,440 bytes)

Product version:
6.2

Copyright:
Copyright © 1995-2006 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
7/28/2006 10:11:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
24576:GgRD6WLAdhW904DHn6Y6WiSvQQODdNUNw9cwFdwJhs+xetILNucBNFzPfDzAaygn:N3FyAxetA9VzHad7tXTU

Entry address:
0x195E68

Entry point:
6A, 60, 68, 50, 5E, 5B, 00, E8, 54, 22, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 60, C7, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 64, 41, 5A, 00, 8B, 4E, 10, 89, 0D, 7C, 95, 60, 00, 8B, 46, 04, A3, 88, 95, 60, 00, 8B, 56, 08, 89, 15, 8C, 95, 60, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 80, 95, 60, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 80, 95, 60, 00, C1, E0, 08, 03, C2, A3, 84, 95, 60, 00, 33, F6, 56, 8B, 3D, C0, 42, 5A, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.6 MB (1,716,224 bytes)

Scheduled Task
Task name:
{E7C05895-3BAE-452E-A210-E9723B7ECB7B}

Trigger:
Registration (Runs on registration)


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to granada.chatsfree.net  (94.23.14.136:6667)

TCP:
Connects to platano.chatsfree.net  (176.31.99.169:6667)

TCP:
Connects to ip112.ip-149-56-1.net  (149.56.1.112:6667)

TCP:
Connects to heoly.brezelzombies.org  (144.76.78.125:6667)

TCP:
Connects to bnc19.nitrado.net  (78.143.38.119:1337)

TCP:
Connects to s16979476.onlinehome-server.info  (82.165.15.79:6667)

TCP (HTTP):
Connects to shu.visualnetworks.es  (213.149.231.2:80)

TCP:
Connects to proxy.chathispano.com  (195.234.61.53:6667)

TCP:
Connects to ns344596.ip-5-135-162.eu  (5.135.162.55:6667)

TCP:
Connects to mailserver.bizwebmails.com  (183.90.168.130:6667)

TCP:
Connects to irc.dal.net  (194.68.45.50:6668)

TCP:
Connects to bifrost.dal.net  (170.178.184.34:6660)

Remove mirc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.