Sonicwall Signatures


Go to All Categories list.

Opasoft.H is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Opasoft.H is compressed using the ASPACK executable packer and its file size is 18,432 bytes. Opasoft.H drops the following files on the hard drive:
  • c:\sample.exe (18432 bytes)
  • C:\WINDOWS\Srv32.exe (18432 bytes)
It also changes Windows registry:
  • Creates value "Srv32"="C:\WINDOWS\Srv32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
  • Creates value "Srv32Old"="c:\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: Srv3231415. It also is executed every time Windows starts.

Relevant Information