» mirc32.exe
Overview
Analysis
File Details
Network (4)

mirc32.exe

mIRC

mIRC Co. Ltd.

The application mirc32.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. While running, it connects to the Internet address loadbalancer.acens.priv on port 81.

File name:

mirc32.exe

Publisher:

mIRC Co. Ltd.

Product:

mIRC

Version:

5.82

MD5:

7eaa7186d9c6f6b9c79fa81dc66d8316

SHA-1:

1a13fe83485cb14ea6cc62fbb90ad807f7ab0af4

SHA-256:

8aae93867eee68152ec7f8e88ad24d822d5a14f1ce6644c89bc0fad5ab3501a9

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 6:49:14 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Hidewindows.1528832

2013.12.13

avast!

Win32:Mirc-AA [PUP]

2014.9-140110

Baidu Antivirus

HackTool.Win32.mIRC

4.0.3.14110

Bkav FE

W32.Clodaaa.Trojan

1.3.0.4613

Comodo Security

Application.Win32.mIRC.~E

17426

Fortinet FortiGate

Renamed_mIRC_Client

1/10/2014

Kaspersky

not-a-virus:Client-IRC.Win32.mIRC

14.0.0.4487

NANO AntiVirus

Riskware.Win32.MIRC.brjpx

0.28.0.56692

Norman

Suspicious_Gen.DDNG

11.20140110

nProtect

Backdoor/W32.IRCBot.1536000

13.12.12.01

Rising Antivirus

PE:Trojan.HideWindows.b!1173743918

23.00.65.14108

Sophos

Troj/Flood-Y

4.95

Vba32 AntiVirus

BackDoor.IRC.based

3.12.24.3

File size:

1.5 MB (1,536,000 bytes)

Product version:

5.82

Trademarks:

mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:

mirc32.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

11/29/2026 2:33:02 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:idZoOsyVAusEnPcqC3t5+s5wTPGad/imszhb:4safi5Nm

Entry address:

0x1000

Entry point:

A1, 2B, C1, 52, 00, C1, E0, 02, A3, 2F, C1, 52, 00, 57, 51, 33, C0, BF, AC, 40, 54, 00, B9, CC, E7, 56, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 6A, 00, E8, 72, B7, 11, 00, 59, 68, F4, C0, 52, 00, 6A, 00, E8, 48, A0, 12, 00, A3, 33, C1, 52, 00, 6A, 00, E9, 5E, 88, 12, 00, E9, EF, B7, 11, 00, 33, C0, A0, 20, C1, 52, 00, C3, A1, 33, C1, 52, 00, C3, CC, B9, B0, 00, 00, 00, 0B, C9, 74, 39, 83, 3D, 2B, C1, 52, 00, 00, 73, 0A, B8, E2, 00, 00, 00, E8, E3, FF, FF, FF, 68, B0, 00, 00, 00, 6A, 40, E8, 9C, A0... 
[+]

Code size:

1.2 MB (1,224,704 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to loadbalancer.acens.priv (176.28.103.205:81)

TCP:

Connects to halcyon.il.us.dal.net (154.35.175.101:6667)

TCP:

Connects to bifrost.dal.net (170.178.184.34:6667)

TCP:

Connects to you-were-scanned-because-you-connected-to-dalnet-irc.choopa.net (108.61.240.240:6667)

Remove mirc32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.