mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. While running, it connects to the Internet address static.191.244.201.138.clients.your-server.de on port 65534.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Version:
6.35

MD5:
9e0193f2b4a86a00c33f4148c9d47a79

SHA-1:
76b5ae0a58c64b8e7a8abe6cf9f80025d63bb7d7

SHA-256:
bb3bb59102d8737e0bcbb112eb7c073c3cccf437b1239de45ee7de1a85899d8e

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 12:45:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/mIRC.Gen
7.11.126.212

avast!
Win32:Mirc-Z [PUP]
2014.9-140125

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.14125

IKARUS anti.virus
not-a-virus:Client-IRC.Win32.mIRC
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.10940

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.4414

Trend Micro House Call
TROJ_GEN.R047H07AC14
7.2.25

File size:
2.7 MB (2,809,856 bytes)

Product version:
6.35

Copyright:
Copyright © 1995-2008 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
10/17/2008 10:39:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
49152:YijRLibeHeRJMmhVZFoF4OAsnbR7XTXAF6:YStibtUmh/20s9AF6

Entry address:
0x1DF5DD

Entry point:
6A, 60, 68, A8, B2, 60, 00, E8, 0F, 05, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 9B, A3, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 64, 41, 5F, 00, 8B, 4E, 10, 89, 0D, 08, 1D, 6B, 00, 8B, 46, 04, A3, 14, 1D, 6B, 00, 8B, 56, 08, 89, 15, 18, 1D, 6B, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 0C, 1D, 6B, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 0C, 1D, 6B, 00, C1, E0, 08, 03, C2, A3, 10, 1D, 6B, 00, 33, F6, 56, 8B, 3D, 78, 42, 5F, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.4154

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.9 MB (2,042,880 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to www.mxnchat.org  (191.101.159.172:6667)

TCP:
Connects to static.171.30.201.138.clients.your-server.de  (138.201.30.171:6667)

TCP (HTTP):
Connects to mirc.co.uk  (31.25.190.198:80)

TCP (HTTP):
Connects to mirc.com  (50.28.34.67:80)

TCP:
Connects to static.191.244.201.138.clients.your-server.de  (138.201.244.191:65534)

Remove mirc.exe - Powered by Reason Core Security