{
	"id": "a10577db-1452-4d87-925a-016ca397714d",
	"created_at": "2026-04-06T00:21:21.314205Z",
	"updated_at": "2026-04-10T03:19:55.327496Z",
	"deleted_at": null,
	"sha1_hash": "538f05ec44c5b8f6d22081c858fab23c240eb8ac",
	"title": "Win32/Opachki.A - Trojan that removes Zeus (but it is not benign)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45951,
	"plain_text": "Win32/Opachki.A - Trojan that removes Zeus (but it is not benign)\r\nArchived: 2026-04-05 22:55:10 UTC\r\nLinks updated: Jan 18, 2023\r\nDownload. Email me if you need the password\r\n1) \r\n6762a2e15913e66b06a0953387bd87b0f9ce22b5939fe1efd46c7120df214d7c\r\n2) \r\nMD5 00f2fd5e2c125965c188754f04da576c\r\nSHA-1 63d53f6e1b3f9fb23c88b19f7c6326da45753a5d\r\nSHA-256 a602a3dd91b5aa0e0e68d20efe787e01c9548cb1b11b5032541c2e7d4edb5710\r\nWin32/Opachki.A --Virustotal-all antivirus names for it. The real tragedy is in\r\nthose  http://www.threatexpert.com/report.aspx?md5=87a2583de6f6fbb5104e0433e89b1bcf\r\nnsrbgxod.bak created by Opachki http://www.threatexpert.com/report.aspx?\r\nmd5=87a2583de6f6fbb5104e0433e89b1bcf and nsrbgxod.bak created by Zeus/ZBot\r\nhttp://www.threatexpert.com/report.aspx?md5=00f2fd5e2c125965c188754f04da576c (link lost)\r\nDifferent hash\r\nSecureWorks Opachki Trojan Analysis http://www.secureworks.com/research/threats/opachki\r\nThreatexpert\r\nSubmission details:\r\nFilename(s)\r\n1 %Temp%\\nsrbgxod.bak\r\n0 bytes\r\nMD5: D41D8CD98F00B204E9800998ECF8427E\r\nSHA-1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\r\n2 %UserProfile%\\protect.dll\r\n%Programs%Startup\\ChkDisk.dll\r\n%System%\\autochk.dll\r\nhttp://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html\r\nPage 1 of 2\n\n[file and pathname of the sample #1]\r\n24,064 bytes\r\nMD5: 0x87A2583DE6F6FBB5104E0433E89B1BCF\r\nSHA-1: 6048D36DB2207A1CEA877742C9403A816D711C6D\r\nMal/UnkPack-Fam\r\n[Sophos]\r\nTrojanDropper:Win32/Opachki.A\r\n[Microsoft]\r\nTrojan-Dropper.Win32.Opachki\r\n[Ikarus]\r\n3 %Programs%\\Startup\\ChkDisk.lnk\r\n655 bytes\r\nMD5: 0x6F61156F14AEED438770D31391E67EC9\r\nSHA-1: 0x277B806CEC1AEDE9F9B934B7DD655D0BBB542597\r\nRead more -  Update March 2010 \r\nSource: http://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html\r\nhttp://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html"
	],
	"report_names": [
		"win32opachkia-trojan-that-removes-zeus.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434881,
	"ts_updated_at": 1775791195,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/538f05ec44c5b8f6d22081c858fab23c240eb8ac.pdf",
		"text": "https://archive.orkl.eu/538f05ec44c5b8f6d22081c858fab23c240eb8ac.txt",
		"img": "https://archive.orkl.eu/538f05ec44c5b8f6d22081c858fab23c240eb8ac.jpg"
	}
}