# March 2010 Opachki Trojan update and sample **[contagiodump.blogspot.com/2010/03/march-2010-opachki-trojan-update-and.html](http://contagiodump.blogspot.com/2010/03/march-2010-opachki-trojan-update-and.html)** [I already posted a few links for Opachki trojan in November 2009. Here is an update.](http://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html) Download dropper.exe and dropped rundll32.dll as a password protected archive. Please contact me if you need the password Details: [2ded7ee112cea2db509ba95dc09fded6 dropper.exe](http://www.blogger.com/goog_1267992205930) [032e8fced2fbed146c30a47d4989804b rundll32.dll](http://baseportal.com/cgi-bin/baseportal.pl?htx=/MilaP/Contagio&localparams=1&db=Contagio&cmd=list&range=0,100&cmd=all&Id=64) March 2010 Virustotal scan results of the available sample. Please note this sample dates to October 2009. Newer versions and samples will have lower detection rate and may get slightly different names. File dropper.exe received on 2010.03.07 16:46:50 (UTC) www.virustotal.com/analisis/787d0eae3fb29883b8dba9c3bcc00793baa4a54fbad0921d1aee 7f5e6ad86907-1267980410 Result: 37/42 (88.1%) a-squared 4.5.0.50 2010.03.07 Packed.Win32.Krap!IK AhnLab-V3 5.0.0.2 2010.03.07 Win-Trojan/Krap.31232.K AntiVir 8.2.1.180 2010.03.05 TR/Crypt.ZPACK.Gen Antiy-AVL 2.0.3.7 2010.03.05 Packed/Win32.Krap.gen Authentium 5.2.0.5 2010.03.06 W32/Trojan2.KMYU Avast 4.8.1351.0 2010.03.07 Win32:MalOb-R Avast5 5.0.332.0 2010.03.07 Win32:MalOb-R AVG 9.0.0.787 2010.03.07 Win32/Cryptor BitDefender 7.2 2010.03.07 Trojan.Generic.2594388 CAT-QuickHeal 10.00 2010.03.06 Trojan.Krap.ah Comodo 4091 2010.02.28 TrojWare.Win32.Trojan.Agent.Gen DrWeb 5.0.1.12222 2010.03.07 Trojan.Packed.683 eSafe 7.0.17.0 2010.03.04 Win32.Horse F-Prot 4.5.1.85 2010.03.06 W32/Trojan2.KMYU F-Secure 9.0.15370.0 2010.03.07 Packed:W32/Tikmis.gen!A ----- Fortinet 4.0.14.0 2010.03.07 W32/Krap.AH GData 19 2010.03.07 Trojan.Generic.2594388 Ikarus T3.1.1.80.0 2010.03.07 Packed.Win32.Krap Jiangmin 13.0.900 2010.03.07 Packed.Krap.zvc K7AntiVirus 7.10.990 2010.03.04 Trojan.Win32.Malware.4 Kaspersky 7.0.0.125 2010.03.07 Packed.Win32.Krap.ah McAfee 5912 2010.03.06 Opachki.a McAfee+Artemis 5912 2010.03.06 Opachki.a McAfee-GW-Edition 6.8.5 2010.03.07 Trojan.Crypt.ZPACK.Gen Microsoft 1.5502 2010.03.07 Trojan:Win32/Opachki.A NOD32 4922 2010.03.07 Win32/TrojanDropper.Agent.OLQ Norman 6.04.08 2010.03.07 W32/Crypt.dam nProtect 2009.1.8.0 2010.03.07 Trojan/W32.Krap.31232.L Panda 10.0.2.2 2010.03.07 Trj/Zlob.KH PCTools 7.0.3.5 2010.03.04 Trojan.Generic Prevx 3.0 2010.03.07 High Risk Cloaked Malware Sophos 4.51.0 2010.03.07 Mal/FakeAV-BX Sunbelt 5780 2010.03.07 Trojan.Win32.Generic!VS Symantec 20091.2.0.41 2010.03.07 Trojan Horse TrendMicro 9.120.0.1004 2010.03.07 TROJ_OPACHKI.I VBA32 3.12.12.2 2010.03.05 BScope.Win32.AntiAV2010 VirusBuster 5.0.27.0 2010.03.06 Trojan.Opachki.EK Additional information File size: 31232 bytes MD5...: 2ded7ee112cea2db509ba95dc09fded6 File rundll32.dll received on 2010.03.07 16:55:25 (UTC) http://www.virustotal.com/analisis/8f7684eed8707df29772df1285232df84d2e9be814aced65f 3f02c7770632988-1267980925 Result: 37/42 (88.1%) a-squared 4.5.0.50 2010.03.07 Packed.Win32.Krap!IK AhnLab-V3 5.0.0.2 2010.03.07 Win-Trojan/Krap.23552.V AntiVir 8.2.1.180 2010.03.05 TR/PCK.Krap.AH.49 Antiy-AVL 2.0.3.7 2010.03.05 Packed/Win32.Krap.gen Authentium 5.2.0.5 2010.03.06 W32/Trojan2.KMWX Avast 4.8.1351.0 2010.03.07 Win32:Malware-gen Avast5 5.0.332.0 2010.03.07 Win32:Malware-gen AVG 9.0.0.787 2010.03.07 SHeur2.BMZG ----- BitDefender 7.2 2010.03.07 Trojan.Renos.OVU CAT-QuickHeal 10.00 2010.03.06 Trojan.Krap.ah Comodo 4091 2010.02.28 TrojWare.Win32.Krap.ah DrWeb 5.0.1.12222 2010.03.07 Trojan.Packed.683 eSafe 7.0.17.0 2010.03.04 Win32.Horse F-Prot 4.5.1.85 2010.03.06 W32/Trojan2.KMWX F-Secure 9.0.15370.0 2010.03.07 Trojan.Renos.OVU GData 19 2010.03.07 Trojan.Renos.OVU Ikarus T3.1.1.80.0 2010.03.07 Packed.Win32.Krap Jiangmin 13.0.900 2010.03.07 Packed.Krap.aayt K7AntiVirus 7.10.990 2010.03.04 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2010.03.07 Packed.Win32.Krap.ah McAfee 5912 2010.03.06 Opachki.a McAfee+Artemis 5912 2010.03.06 Opachki.a McAfee-GW-Edition 6.8.5 2010.03.07 Trojan.PCK.Krap.AH.49 Microsoft 1.5502 2010.03.07 Trojan:Win32/Opachki.A NOD32 4922 2010.03.07 Win32/Opachki.A Norman 6.04.08 2010.03.07 W32/Smalltroj.UDWN nProtect 2009.1.8.0 2010.03.07 Trojan/W32.Krap.23552.AZ Panda 10.0.2.2 2010.03.07 Trj/Zlob.KH PCTools 7.0.3.5 2010.03.04 RogueAntiSpyware.AntivirusSystemPro Prevx 3.0 2010.03.07 Medium Risk Malware Sophos 4.51.0 2010.03.07 Troj/Bredo-N Sunbelt 5780 2010.03.07 Trojan.Win32.Generic!BT Symantec 20091.2.0.41 2010.03.07 Trojan Horse TheHacker 6.5.1.9.223 2010.03.07 Trojan/Krap.ah TrendMicro 9.120.0.1004 2010.03.07 TROJ_BREDO.D VBA32 3.12.12.2 2010.03.05 BScope.Win32.AntiAV2010 VirusBuster 5.0.27.0 2010.03.06 Trojan.Sisron.BPV Additional information File size: 23552 bytes MD5...: 032e8fced2fbed146c30a47d4989804b Threatexpert report [http://www.threatexpert.com/report.aspx?md5=2ded7ee112cea2db509ba95dc09fded6](http://www.threatexpert.com/report.aspx?md5=2ded7ee112cea2db509ba95dc09fded6) -----