mirc.exe

PoWeR-Script

mIRC Co. Ltd.

The application mirc.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. While running, it connects to the Internet address convoking.manogahndi.com on port 6667.
Publisher:
mIRC Co. Ltd.

Product:
PoWeR-Script

Version:
0.2.1

MD5:
fca0de333be3df60fdd8e5a5ae1b6937

SHA-1:
9373d6f4a10c45360cf0f96395eb7f232355836a

SHA-256:
cffbcbab1bfbd6b8cd1c2247ef74300e5b656bf97f9925ed8ae481ef7af50ed2

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:49:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mirc-Z [PUP]
2014.9-140111

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.14111

Bkav FE
W32.Clodfb8.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17594

IKARUS anti.virus
not-a-virus:Client-IRC.Win32.mIRC
t3scan.2.2.29

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.4482

McAfee
Artemis!FCA0DE333BE3
5600.7253

NANO AntiVirus
Riskware.Win32.MIRC.infyr
0.28.0.57029

Rising Antivirus
PE:Trojan.Win32.Generic.12641E21!308551201
23.00.65.14109

ViRobot
ClientIRC.mIRC.2769988
2011.4.7.4223

File size:
2.6 MB (2,769,988 bytes)

Product version:
0.2.1

Copyright:
Copyright © 1995-2007 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\emanuela\documenti\power-script.info1\power-script.info\mirc.exe

File PE Metadata
Compilation timestamp:
11/1/2007 8:57:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
24576:HYcbN5oxZY2sQYH28r0N//GxKnCTMxjjz7rzyKfOb/Y+V5Js2XOMGeYrizBy/RhK:LfQDxKhrV2RhN24Zai56kwZdaTErh

Entry address:
0x1D4B6D

Entry point:
6A, 60, 68, 48, 0F, 60, 00, E8, 0F, 05, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 2B, BC, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 64, A1, 5E, 00, 8B, 4E, 10, 89, 0D, D8, B9, 65, 00, 8B, 46, 04, A3, E4, B9, 65, 00, 8B, 56, 08, 89, 15, E8, B9, 65, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, DC, B9, 65, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, DC, B9, 65, 00, C1, E0, 08, 03, C2, A3, E0, B9, 65, 00, 33, F6, 56, 8B, 3D, 88, A2, 5E, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.9 MB (1,999,360 bytes)

Windows Firewall Allowed Program
Name:
C:\Documents and Settings\emanuela\Documenti\PoWeR-Script.iNFo1\PoWeR-Script.iNFo\mirc.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns229.altervista.org  (148.251.49.46:80)

TCP:
Connects to host.colocrossing.com  (23.95.113.151:6667)

TCP:
Connects to ip192.ip-217-182-113.eu  (217.182.113.192:6667)

TCP:
Connects to ns351884.ip-91-121-72.eu  (91.121.72.150:6667)

TCP:
Connects to ip193.ip-217-182-113.eu  (217.182.113.193:6667)

TCP:
Connects to ip161.ip-91-134-187.eu  (91.134.187.161:6667)

TCP:
Connects to ip157.ip-91-134-187.eu  (91.134.187.157:6667)

TCP:
Connects to ns331468.ip-37-187-121.eu  (37.187.121.204:6667)

TCP:
Connects to ip159.ip-91-134-187.eu  (91.134.187.159:6667)

TCP:
Connects to ip158.ip-91-134-187.eu  (91.134.187.158:6667)

TCP:
Connects to 178-32-140-168.ovh.net  (178.32.140.168:6667)

TCP:
Connects to ns377066.ip-94-23-2.eu  (94.23.2.139:43958)

TCP:
Connects to ns360066.ip-91-121-161.eu  (91.121.161.34:6667)

TCP:
Connects to ks361494.kimsufi.com  (91.121.168.157:6667)

TCP:
Connects to ip166.ip-91-134-187.eu  (91.134.187.166:6667)

TCP:
Connects to dc2.server24.net  (84.33.193.239:6667)

TCP:
Connects to 178-32-141-22.ovh.net  (178.32.141.22:6667)

TCP (HTTP):
Connects to 100.ip-37-187-177.eu  (37.187.177.100:80)

TCP:
Connects to ns376276.ip-5-135-177.eu  (5.135.177.107:6667)

TCP:
Connects to ns325021.ip-37-187-104.eu  (37.187.104.227:6667)

Remove mirc.exe - Powered by Reason Core Security