mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe, “mIRC ITA by Jalina” has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address ks361494.kimsufi.com on port 6667.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Description:
mIRC ITA by Jalina

Version:
7.22.0.0

MD5:
879978dca17cdcb86cea56a3e5fd7ae1

SHA-1:
77e8dce7ca4bf23a1cce90f2e0c7324741bf96b9

SHA-256:
8beb0c1e791b6821e9fe86bcb7d2dc1ffcdca56549ed0adbf65d34c423f6180c

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 12:48:08 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-141002

IKARUS anti.virus
not-a-virus:Client-IRC.Win32.mIRC
t3scan.2.0.127

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.3164

Trend Micro House Call
TROJ_GEN.RCBH1L4
7.2.275

File size:
3.1 MB (3,263,488 bytes)

Product version:
7.22

Copyright:
Copyright © 1995-2011 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
Italian (Italy)

Common path:
C:\Program Files\5a2v0's script\mirc.exe

File PE Metadata
Compilation timestamp:
10/13/2011 11:44:02 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:UjfkX4IMjEzU//4NyweAk5HPdug0TVxNbmf:Ug4IMZiywOPduTHb4

Entry address:
0x1F83D5

Entry point:
E8, 28, 41, 01, 00, E9, 79, FE, FF, FF, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B...
 
[+]

Code size:
2.1 MB (2,192,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to ks238976.kimsufi.com  (176.31.251.222:6667)

TCP (HTTP):
Connects to cluster015.ovh.net  (94.23.64.3:80)

TCP:
Connects to ns503436.ip-198-245-50.net  (198.245.50.102:56610)

TCP:
Connects to ns500006.ip-198-245-51.net  (198.245.51.216:38583)

TCP:
Connects to ns372529.ip-188-165-238.eu  (188.165.238.162:6667)

TCP (HTTP):
Connects to mirc.co.uk  (31.25.190.198:80)

TCP:
Connects to ks390065.kimsufi.com  (176.31.98.91:45641)

TCP:
Connects to ks361494.kimsufi.com  (91.121.168.157:6667)

TCP:
Connects to ks355176.kimsufi.com  (91.121.119.99:6667)

TCP:
Connects to ks3097881.kimsufi.com  (94.23.60.15:6667)

TCP:
Connects to irc.tiscali.it  (213.200.99.37:6667)

Remove mirc.exe - Powered by Reason Core Security