Win32/Opachki.A - Trojan that removes Zeus (but it is not benign)

Links updated: Jan 18, 2023

Download. Email me if you need the password
1) 

MD5

87a2583de6f6fbb5104e0433e89b1bcf

SHA-1

6048d36db2207a1cea877742c9403a816d711c6d

SHA-256

6762a2e15913e66b06a0953387bd87b0f9ce22b5939fe1efd46c7120df214d7c 

6762a2e15913e66b06a0953387bd87b0f9ce22b5939fe1efd46c7120df214d7c
2) 

MD5 00f2fd5e2c125965c188754f04da576c

SHA-1 63d53f6e1b3f9fb23c88b19f7c6326da45753a5d

SHA-256 a602a3dd91b5aa0e0e68d20efe787e01c9548cb1b11b5032541c2e7d4edb5710

a602a3dd91b5aa0e0e68d20efe787e01c9548cb1b11b5032541c2e7d4edb5710

Win32/Opachki.A --Virustotal-all antivirus names for it. The real tragedy is in those  http://www.threatexpert.com/report.aspx?md5=87a2583de6f6fbb5104e0433e89b1bcf


nsrbgxod.bak created by Opachki http://www.threatexpert.com/report.aspx?md5=87a2583de6f6fbb5104e0433e89b1bcf and nsrbgxod.bak created by Zeus/ZBot http://www.threatexpert.com/report.aspx?md5=00f2fd5e2c125965c188754f04da576c (link lost)

Different hash


SecureWorks Opachki Trojan Analysis http://www.secureworks.com/research/threats/opachki

Threatexpert

Submission details:

Filename(s)

1 %Temp%\nsrbgxod.bak

0 bytes


MD5: D41D8CD98F00B204E9800998ECF8427E
SHA-1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2 %UserProfile%\protect.dll
%Programs%Startup\ChkDisk.dll
%System%\autochk.dll


[file and pathname of the sample #1]


24,064 bytes

MD5: 0x87A2583DE6F6FBB5104E0433E89B1BCF

SHA-1: 6048D36DB2207A1CEA877742C9403A816D711C6D

Mal/UnkPack-Fam
[Sophos]

TrojanDropper:Win32/Opachki.A

[Microsoft]

Trojan-Dropper.Win32.Opachki

[Ikarus]

3 %Programs%\Startup\ChkDisk.lnk



655 bytes



MD5: 0x6F61156F14AEED438770D31391E67EC9

SHA-1: 0x277B806CEC1AEDE9F9B934B7DD655D0BBB542597

Read more -  Update March 2010