» mirc.exe
Overview
Analysis
File Details
Programs (1)
Network (9)

mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe by mIRC Co has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Invision. While running, it connects to the Internet address mirc.co.uk on port 80 using the HTTP protocol.

File name:

mirc.exe

Publisher:

mIRC Co. Ltd. (signed and verified)

Product:

mIRC

Version:

7.22.0.0

MD5:

fad35287189aadd59d81c9d04f5ddd35

SHA-1:

d5ed1d9d2cd8b5cef0f9db5ab8d375bc3013cb00

SHA-256:

77ada587c095651af8ec49624018bad1a20234b6933f6076fed901494b3a1ac1

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 12:36:39 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

HackTool.Win32.mIRC

4.0.3.131219

Bkav FE

W32.Clodb94.Trojan

1.3.0.4562

NANO AntiVirus

Riskware.Win32.MIRC.tvhbh

0.28.0.56582

Reason Heuristics

Unnamed.Threat.14

14.3.1.18

File size:

3.1 MB (3,256,408 bytes)

Product version:

7.22

Trademarks:

mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:

mirc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\mirc\mirc.exe

Digital Signature

Signed by:

mIRC Co. Ltd.

Authority:

Thawte, Inc.

Valid from:

8/22/2011 3:00:00 AM

Valid to:

11/12/2012 1:59:59 AM

Subject:

CN=mIRC Co. Ltd., OU=Secure Application Development, O=mIRC Co. Ltd., L=London, S=London, C=GB

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5B28ABFE6F787AE15475F0C45F20029B

File PE Metadata

Compilation timestamp:

10/13/2011 12:44:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:kjfkX4IMjEzU//4NyweAk5HPdug0TVxNYRf:kg4IMZiywOPduTnYt

Entry address:

0x1F83D5

Entry point:

E8, 28, 41, 01, 00, E9, 79, FE, FF, FF, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B... 
[+]

Code size:

2.1 MB (2,192,384 bytes)

The file mirc.exe has been discovered within the following program.

Invision by Invision

www.i-n-v-i-s-i-o-n.com

About 1% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to mirc.co.uk (31.25.190.198:80)

TCP (HTTP):

Connects to mirc.com (50.28.34.67:80)

TCP:

Connects to host.colocrossing.com (23.95.113.151:6667)

TCP (HTTP):

Connects to ns229.altervista.org (148.251.49.46:80)

TCP:

Connects to irc.dal.net (194.68.45.50:6667)

TCP:

Connects to ip158.ip-91-134-187.eu (91.134.187.158:6667)

TCP:

Connects to ip122.ip-164-132-140.eu (164.132.140.122:6667)

TCP:

Connects to dc2.server24.net (84.33.193.239:6667)

Remove mirc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.