home

mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. While running, it connects to the Internet address ns3368568.ovh.net on port 80 using the HTTP protocol.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Version:
6.35

MD5:
8ad8c7cf18a1b075fcbeddae2a804d71

SHA-1:
647b5dd2b3c559f0d3e85e347b4afcb42dcd8656

SHA-256:
f1560a63ae57685d22ca306f5d614c469c7e6c541e9d2630f247fd6bbcafdfd2

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 1:39:08 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/IRC.sqw
7.11.124.56

avast!
Win32:Mirc-Z [PUP]
2014.9-140111

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.14126

Bkav FE
W32.Clod4e9.Trojan
1.3.0.4613

Emsisoft Anti-Malware
Trojan.Agent.APSH
8.14.01.26.04

IKARUS anti.virus
not-a-virus:Client-IRC.Win32.mIRC
t3scan.2.2.29

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.4483

McAfee
Artemis!8AD8C7CF18A1
5600.7254

NANO AntiVirus
Riskware.Win32.MIRC.cmrek
0.28.0.57029

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14124

VIPRE Antivirus
Client-IRC.Win32.mIRC.g (not malicious)
25228

File size:
2.7 MB (2,810,880 bytes)

Product version:
6.35

Copyright:
Copyright © 1995-2008 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
10/17/2008 10:39:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
49152:oijwLqbeHeRJMmhVZFoF4OAsnbR7XTXHE:oSYqbtUmh/20s9HE

Entry address:
0x1DF5DD

Entry point:
6A, 60, 68, A8, B2, 60, 00, E8, 0F, 05, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 9B, A3, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 64, 41, 5F, 00, 8B, 4E, 10, 89, 0D, 08, 1D, 6B, 00, 8B, 46, 04, A3, 14, 1D, 6B, 00, 8B, 56, 08, 89, 15, 18, 1D, 6B, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 0C, 1D, 6B, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 0C, 1D, 6B, 00, C1, E0, 08, 03, C2, A3, 10, 1D, 6B, 00, 33, F6, 56, 8B, 3D, 78, 42, 5F, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.9 MB (2,042,880 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to ip147.ip-213-32-98.eu  (213.32.98.147:6667)

TCP:
Connects to ns302362.ip-94-23-195.eu  (94.23.195.147:34622)

TCP (HTTP):
Connects to cluster015.ovh.net  (94.23.64.3:80)

TCP:
Connects to ip137.ip-144-217-153.net  (144.217.153.137:6667)

TCP:
Connects to ip75.ip-217-182-38.eu  (217.182.38.75:6667)

TCP:
Connects to ip101.ip-217-182-8.eu  (217.182.8.101:6667)

TCP:
Connects to ip6.ip-217-182-32.eu  (217.182.32.6:6667)

TCP:
Connects to ip66.ip-164-132-77.eu  (164.132.77.66:6667)

TCP:
Connects to ns367215.ip-94-23-24.eu  (94.23.24.56:46897)

TCP:
Connects to ks238976.kimsufi.com  (176.31.251.222:6667)

TCP:
Connects to ip241.ip-178-33-35.eu  (178.33.35.241:6667)

TCP:
Connects to ip193.ip-144-217-156.net  (144.217.156.193:6667)

TCP (HTTP):
Connects to ns185.altervista.org  (176.9.154.46:80)

TCP:
Connects to ip5.ip-217-182-32.eu  (217.182.32.5:6667)

TCP:
Connects to ip224.ip-137-74-9.eu  (137.74.9.224:6667)

TCP:
Connects to ip190.ip-144-217-156.net  (144.217.156.190:6667)

TCP:
Connects to ip102.ip-217-182-8.eu  (217.182.8.102:6667)

TCP:
Connects to ns376276.ip-5-135-177.eu  (5.135.177.107:6667)

TCP (HTTP):
Connects to ns3368568.ovh.net  (37.187.89.19:80)

TCP (HTTP):
Connects to ns330353.ip-37-187-119.eu  (37.187.119.104:80)

Remove mirc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.