mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. While running, it connects to the Internet address bifrost.dal.net on port 6664.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Version:
6.35

MD5:
2f63a83968f9586fe4fb48134253619c

SHA-1:
8aa09b7a2647336feb5f8816b7a2f7ae3668e2e8

SHA-256:
4b7654f1275f9e411a2766780d699341155cd025f31d3fd3fe894374f0f9a612

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:34:37 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mirc-Z [PUP]
2014.9-131226

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.131226

Emsisoft Anti-Malware
Trojan.Agent.APSH
8.13.12.26.07

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.4561

NANO AntiVirus
Riskware.Win32.MIRC.cmrek
0.28.0.57029

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131224

File size:
2.7 MB (2,810,880 bytes)

Product version:
6.35

Copyright:
Copyright © 1995-2008 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mirc\mirc.exe

File PE Metadata
Compilation timestamp:
10/17/2008 10:39:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
49152:oijwLRbeHeRJMmhVZFoF4OAsnbR7XTXHE:oSYRbtUmh/20s9HE

Entry address:
0x1DF5DD

Entry point:
6A, 60, 68, A8, B2, 60, 00, E8, 0F, 05, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 9B, A3, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 64, 41, 5F, 00, 8B, 4E, 10, 89, 0D, 08, 1D, 6B, 00, 8B, 46, 04, A3, 14, 1D, 6B, 00, 8B, 56, 08, 89, 15, 18, 1D, 6B, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 0C, 1D, 6B, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 0C, 1D, 6B, 00, C1, E0, 08, 03, C2, A3, 10, 1D, 6B, 00, 33, F6, 56, 8B, 3D, 78, 42, 5F, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Code size:
1.9 MB (2,042,880 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\mIRC\mirc.exe


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 104-238-168-67.choopa.net  (104.238.168.67:6669)

TCP:
Connects to us.psybnc.org  (23.236.134.55:6669)

TCP:
Connects to autrement.evolu.net  (62.210.156.11:6667)

TCP (HTTP):
Connects to mirc.co.uk  (31.25.190.198:80)

TCP:
Connects to autrechose.evolu.net  (62.210.159.99:6667)

TCP (HTTP):
Connects to mirc.com  (50.28.34.67:80)

TCP:
Connects to ns362787.ip-91-121-175.eu  (91.121.175.190:6667)

TCP:
Connects to irc.dal.net  (194.68.45.50:7000)

TCP:
Connects to pool.dal.net  (194.14.236.50:6668)

TCP:
Connects to irc.net-tchat.fr  (178.32.248.240:6667)

TCP:
Connects to NEWSSERV  (176.31.24.216:6667)

TCP:
Connects to bifrost.dal.net  (170.178.184.34:6661)

TCP:
Connects to rv1233.1blu.de  (178.254.20.216:6667)

TCP:
Connects to irc.icq-chat.com  (107.191.99.23:6667)

TCP:
Connects to fantasya.europnet.org  (212.83.130.105:6667)

TCP:
Connects to 45.ip-92-222-95.eu  (92.222.95.45:6667)

TCP:
Connects to serverm2.innet.yaroslavl.su  (217.15.134.85:6667)

TCP:
Connects to roubaix.fr.epiknet.org  (87.98.149.75:6667)

TCP:
Connects to punch.wa.us.dal.net  (154.35.174.2:6662)

TCP:
Connects to pine.forestnet.org  (185.117.153.103:6662)

Remove mirc.exe - Powered by Reason Core Security