home

mirc.exe

mIRC

mIRC Co. Ltd.

The application mirc.exe, “mIRC Italiano by ^DaNGeR^ / WeeJay.org” has been detected as a potentially unwanted program by 20 anti-malware scanners. While running, it connects to the Internet address mta13.bizinfosolution.com on port 6667.
Publisher:
mIRC Co. Ltd.

Product:
mIRC

Description:
mIRC Italiano by ^DaNGeR^ / WeeJay.org

Version:
6.31

MD5:
0283f390188737f2a67d7d741f1ea0d4

SHA-1:
ba4ec67e2896cb91ecfa965d4645db84ad76616e

SHA-256:
28a48229c92ac1bc1b804a61d30162fc0d4f6a741cc668c3deaa14a47a5f1824

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 7:48:30 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

AhnLab V3 Security
Win-AppCare/Xema.1055232
2014.11.14

Avira AntiVirus
SPR/mIRC.Gen
7.11.185.62

avast!
Win32:Mirc-Z [PUP]
2014.9-150205

Baidu Antivirus
HackTool.Win32.mIRC
4.0.3.1525

Bkav FE
HW32.Packed
1.3.0.4959

Clam AntiVirus
Win.Trojan.Mirc-9
0.98/21411

Comodo Security
Application.Win32.ClientIRC.mIRC.631
20070

Dr.Web
Program.mIRC.623
9.0.1.036

Kaspersky
not-a-virus:Client-IRC.Win32.mIRC
14.0.0.2532

McAfee
Generic PUP.z
5600.6863

NANO AntiVirus
Riskware.Win32.MIRC.rvnih
0.28.6.63362

Norman
Suspicious_Gen2.VEHJE
11.20150205

nProtect
Trojan/W32.Agent.1055232.J
14.11.13.01

Qihoo 360 Security
Win32/Virus.IRC.146
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.12391F77!305733495
23.00.65.15203

Trend Micro House Call
TROJ_GEN.R0CBC0EEF14
7.2.36

Trend Micro
TROJ_GEN.R0CBC0EEF14
10.465.05

VIPRE Antivirus
Trojan.Win32.Generic
34754

ViRobot
ClientIRC.mIRC.1055232
2011.4.7.4223

File size:
1 MB (1,055,232 bytes)

Product version:
6.31

Copyright:
Copyright © 1995-2007 mIRC Co. Ltd.

Trademarks:
mIRC® is a Registered Trademark of mIRC Co. Ltd.

Original file name:
mirc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\software\mirc-6.31-ita_tuttoirc\mirc-6.31-ita_tuttoirc\mirc-6.31-ita_tuttoirc\mirc.exe

File PE Metadata
Compilation timestamp:
11/1/2007 8:57:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
24576:aLMaNyWycRJjl+KEQ5WipkXFd22whmPk257l:oNyWy2l+KESW7X22whmPkI7l

Entry address:
0x1000

Entry point:
B8, 18, F9, 71, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 4B, 68, 61, 6C, 65, 64, 4D, 42, 65, 79, 00, E2, F2, 41, 70, 32, D9, 53, 66, DE, 6D, 81, 52, 1B, B6, A3, EB, 72, 9A, A4, B2, A5, 97, CF, 6F, 86, 8C, 78, 36, 99, FC, 42, 27, 52, 35, 99, AD, 02, 46, 5F, 6E, EA, 7E, 82, 64, 62, AF, 34, 0B, C1, 5F, 78, DB, 36, 08, B1, 84, 13, B6, 52, 36, BA, BC, 2B, CF, CF, 74, 2B, C6, 7D, C0, FB, 86, 6D, 42, 93, 41, EC, A4, 9F, E2, 6B, 12, 53, 10, B0, 2A, E7, 91, 66, BA, F8, 31, 49...
 
[+]

Code size:
1.9 MB (1,999,360 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to webx181.aruba.it  (62.149.140.191:80)

TCP:
Connects to 66.ip-51-255-167.eu  (51.255.167.66:6667)

TCP:
Connects to ns3041994.ip-188-165-205.eu  (188.165.205.156:6667)

TCP:
Connects to mta13.bizinfosolution.com  (208.98.14.14:6667)

TCP:
Connects to mta11.bizinfosolution.com  (208.98.14.12:6667)

TCP:
Connects to mta10.bizinfosolution.com  (208.98.14.11:6667)

TCP (HTTP):
Connects to mirc.com  (50.28.34.67:80)

TCP:
Connects to 226.ip-164-132-230.eu  (164.132.230.226:6667)

TCP:
Connects to u118.umbra.servdiscount-customer.com  (85.114.140.118:40694)

TCP:
Connects to ns378897.ip-5-196-69.eu  (5.196.69.52:36946)

TCP:
Connects to ns372529.ip-188-165-238.eu  (188.165.238.162:6667)

TCP:
Connects to ns372050.ip-91-121-202.eu  (91.121.202.107:6667)

TCP:
Connects to ns333804.ip-37-187-127.eu  (37.187.127.204:32917)

TCP:
Connects to ns321618.ip-176-31-115.eu  (176.31.115.110:54320)

TCP:
Connects to mta9.bizinfosolution.com  (208.98.14.10:6667)

TCP:
Connects to mta8.bizinfosolution.com  (208.98.14.9:6667)

TCP:
Connects to mta7.bizinfosolution.com  (208.98.14.8:6667)

TCP:
Connects to mta6.bizinfosolution.com  (208.98.14.7:6667)

TCP:
Connects to mta15.bizinfosolution.com  (208.98.14.16:6667)

TCP:
Connects to mta14.bizinfosolution.com  (208.98.14.15:6667)

Remove mirc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.