mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe by mIRC Co has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Invision. While running, it connects to the Internet address mirc.co.uk on port 80 using the HTTP protocol.
Publisher:
mIRC Co. Ltd.  (signed and verified)

Product:
mIRC

Version:
7.22.0.0

MD5:
fad35287189aadd59d81c9d04f5ddd35

SHA-1:
d5ed1d9d2cd8b5cef0f9db5ab8d375bc3013cb00

SHA-256:
77ada587c095651af8ec49624018bad1a20234b6933f6076fed901494b3a1ac1

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:53:19 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.131219

Bkav FE
W32.Clodb94.Trojan
1.3.0.4562

NANO AntiVirus
Riskware.Win32.MIRC.tvhbh
0.28.0.56582

Reason Heuristics
Unnamed.Threat.14
14.3.1.18

File size:
3.1 MB (3,256,408 bytes)

Product version:
7.22

Copyright:
Copyright © 1995-2011 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mirc\mirc.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/22/2011 3:00:00 AM

Valid to:
11/12/2012 1:59:59 AM

Subject:
CN=mIRC Co. Ltd., OU=Secure Application Development, O=mIRC Co. Ltd., L=London, S=London, C=GB

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5B28ABFE6F787AE15475F0C45F20029B

File PE Metadata
Compilation timestamp:
10/13/2011 12:44:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:kjfkX4IMjEzU//4NyweAk5HPdug0TVxNYRf:kg4IMZiywOPduTnYt

Entry address:
0x1F83D5

Entry point:
E8, 28, 41, 01, 00, E9, 79, FE, FF, FF, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B...
 
[+]

Code size:
2.1 MB (2,192,384 bytes)

The file mirc.exe has been discovered within the following program.

Invision  by Invision
www.i-n-v-i-s-i-o-n.com
About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mirc.co.uk  (31.25.190.198:80)

TCP (HTTP):
Connects to mirc.com  (50.28.34.67:80)

TCP:
Connects to host.colocrossing.com  (23.95.113.151:6667)

TCP (HTTP):
Connects to ns229.altervista.org  (148.251.49.46:80)

TCP:
Connects to irc.dal.net  (194.68.45.50:6667)

TCP:
Connects to ip158.ip-91-134-187.eu  (91.134.187.158:6667)

TCP:
Connects to ip122.ip-164-132-140.eu  (164.132.140.122:6667)

TCP:
Connects to dc2.server24.net  (84.33.193.239:6667)

Remove mirc.exe - Powered by Reason Core Security