home

mirc.exe

mIRC

mIRC Co. Ltd.

The executable mirc.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address remus.kathryl.net on port 6667.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Version:
6.21

MD5:
b965d71a942ec8883ff0f755933474b4

SHA-1:
6028b0c781e62dd47ae4de52aa36800c19a86471

SHA-256:
c956d80679ae7c55fa86b5eedb996335f5b47814bc49fc4181ebeeafc1866bdf

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/25/2024 6:55:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.4.21

File size:
2 MB (2,080,768 bytes)

Product version:
6.21

Copyright:
Copyright © 1995-2006 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States d'America)

File PE Metadata
Compilation timestamp:
11/23/2006 4:45:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
24576:+BAQMt933T0vOYdeBmyMhBMAcWBs1CEbAJFiJJrLPcwtOAPtinu7vgtHuLLpbq/c:RVL5bTNkgwqvVnwTV+

Entry address:
0x18AD48

Entry point:
6A, 60, 68, 30, B1, 5A, 00, E8, B8, 1B, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 70, BD, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 5C, 91, 59, 00, 8B, 4E, 10, 89, 0D, 74, 0A, 60, 00, 8B, 46, 04, A3, 80, 0A, 60, 00, 8B, 56, 08, 89, 15, 84, 0A, 60, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 78, 0A, 60, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 78, 0A, 60, 00, C1, E0, 08, 03, C2, A3, 7C, 0A, 60, 00, 33, F6, 56, 8B, 3D, C0, 92, 59, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.6 MB (1,671,168 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cluster010.ovh.net  (213.186.33.19:80)

TCP (HTTP):
Connects to 255.ip-176-31-185.eu  (176.31.185.255:80)

TCP:
Connects to remus.kathryl.net  (91.121.120.70:6667)

TCP (HTTP):
Connects to ns3270382.ip-5-39-82.eu  (5.39.82.175:80)

TCP (HTTP):
Connects to cluster003.ovh.net  (94.23.151.4:80)

TCP (HTTP):
Connects to 254.ip-176-31-185.eu  (176.31.185.254:80)

TCP (HTTP):
Connects to 0.ip-176-31-186.eu  (176.31.186.0:80)

TCP (HTTP):
Connects to ns330353.ip-37-187-119.eu  (37.187.119.104:80)

TCP:
Connects to ns341535.ip-37-187-126.eu  (37.187.126.176:58213)

TCP (HTTP):
Connects to ns3308477.ip-178-32-221.eu  (178.32.221.106:80)

TCP:
Connects to ns3047267.ip-5-135-155.eu  (5.135.155.45:49467)

TCP:
Connects to ip224.ip-137-74-9.eu  (137.74.9.224:6667)

TCP (HTTP):
Connects to cluster011.ovh.net  (94.23.64.40:80)

TCP (HTTP):
Connects to sirius.dnshigh.com  (46.254.34.154:80)

TCP (HTTP):
Connects to s41.web-hosting.com  (198.187.31.150:80)

TCP (HTTP):
Connects to ns185.altervista.org  (176.9.154.46:80)

TCP (HTTP):
Connects to cluster020.hosting.ovh.net  (37.59.236.156:80)

Remove mirc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.