Win32/Opachki.A - Trojan that removes Zeus (but it is not benign)
Archived: 2026-04-05 22:55:10 UTC
Links updated: Jan 18, 2023
Download. Email me if you need the password
1) 
6762a2e15913e66b06a0953387bd87b0f9ce22b5939fe1efd46c7120df214d7c
2) 
MD5 00f2fd5e2c125965c188754f04da576c
SHA-1 63d53f6e1b3f9fb23c88b19f7c6326da45753a5d
SHA-256 a602a3dd91b5aa0e0e68d20efe787e01c9548cb1b11b5032541c2e7d4edb5710
Win32/Opachki.A --Virustotal-all antivirus names for it. The real tragedy is in
those  http://www.threatexpert.com/report.aspx?md5=87a2583de6f6fbb5104e0433e89b1bcf
nsrbgxod.bak created by Opachki http://www.threatexpert.com/report.aspx?
md5=87a2583de6f6fbb5104e0433e89b1bcf and nsrbgxod.bak created by Zeus/ZBot
http://www.threatexpert.com/report.aspx?md5=00f2fd5e2c125965c188754f04da576c (link lost)
Different hash
SecureWorks Opachki Trojan Analysis http://www.secureworks.com/research/threats/opachki
Threatexpert
Submission details:
Filename(s)
1 %Temp%\nsrbgxod.bak
0 bytes
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA-1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2 %UserProfile%\protect.dll
%Programs%Startup\ChkDisk.dll
%System%\autochk.dll
http://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html
Page 1 of 2

[file and pathname of the sample #1]
24,064 bytes
MD5: 0x87A2583DE6F6FBB5104E0433E89B1BCF
SHA-1: 6048D36DB2207A1CEA877742C9403A816D711C6D
Mal/UnkPack-Fam
[Sophos]
TrojanDropper:Win32/Opachki.A
[Microsoft]
Trojan-Dropper.Win32.Opachki
[Ikarus]
3 %Programs%\Startup\ChkDisk.lnk
655 bytes
MD5: 0x6F61156F14AEED438770D31391E67EC9
SHA-1: 0x277B806CEC1AEDE9F9B934B7DD655D0BBB542597
Read more -  Update March 2010 
Source: http://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html
http://contagiodump.blogspot.com/2009/11/win32opachkia-trojan-that-removes-zeus.html
Page 2 of 2