Wednesday, November 16, 2016

Oxfam Donation!!!

Dear E-mail Account User,

Congratulations! You e-mail has just won you the sum of $3,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you so get back to us for more information.

Email analysis :

NOTE : oxfaminternational786@gmail.com
NOTE : aldila@yes24.co.id
NOTE : Received : from User (8ta-146-92-50.telkomadsl.co.za [41.146.92.50])


NOTE : (Authenticated sender: aldila@yes24.co.id) by mail.hanastar.net.id

< no subject >


2016111105002973550858.zip

File analysis :

Download : 2016111105002973550858.zip
Result : 2016111105002973550858.zip is a virus.

Virus analysis :

ALYac Trojan.JS.Downloader.GYQ
AVG JS/Downloader.Agent.62_I
AVware Trojan-Downloader.JS.Nemucod.bbp (v)
Ad-Aware Trojan.JS.Downloader.GYQ
AegisLab Troj.Downloader.Js.Cryptoload!c
AhnLab-V3 JS/Obfus
Antiy-AVL Trojan/Generic.ASVCS3S.3F7
Arcabit Trojan.JS.Downloader.GYQ
Avast JS:Downloader-DSB [Trj]
Avira (no cloud) HEUR/Suspar.Gen
Baidu JS.Trojan-Downloader.Nemucod.od
BitDefender Trojan.JS.Downloader.GYQ
CAT-QuickHeal JS.Locky.JE
Cyren JS/Nemucod.CA2
DrWeb JS.DownLoader.1225
ESET-NOD32 JS/TrojanDownloader.Nemucod.BMK
Emsisoft Trojan.JS.Downloader.GYQ (B)
F-Prot JS/Nemucod.CA2
F-Secure Trojan.JS.Downloader.GYQ
Fortinet JS/Nemucod.BDA!tr
GData Trojan.JS.Downloader.GYQ
Ikarus Trojan-Downloader.JS.Nemucod
K7AntiVirus Trojan ( 004dfe6d1 )
K7GW Trojan ( 004dfe6d1 )
Kaspersky Trojan-Downloader.JS.Agent.nbi
McAfee JS/Nemucod.jg
McAfee-GW-Edition JS/Nemucod.jg
eScan Trojan.JS.Downloader.GYQ
Microsoft TrojanDownloader:JS/Nemucod!rfn
NANO-Antivirus Trojan.Script.Heuristic-js.iacgm
Rising Downloader.Cryptoload!8.7DA (topis)
Sophos Mal/DrodZp-A
Symantec Trojan.Gen.NPE
Tencent Js.Trojan.Raas.Auto
TrendMicro JS_NEMUCOD.SMK14
VIPRE Trojan-Downloader.JS.Nemucod.bbp (v)

Final result :

I opened the virus, and the raw version of this virus is here : http://pastebin.com/raw/FVM8wh4v

This virus sounds like a ransomware...

Email analysis :

NOTE : diann.laughton99@winterbrew.com
NOTE : User-Agent : Microsoft-MacOutlook/14.0.0.100825
NOTE : Received : from customer-SLRC-130-213.megared.net.mx
NOTE : (unknown [201.164.130.213])

!!!World Bank Notification!!!

Attention: Beneficiary

The office of the European Union, the President Federal Republic of Nigerian (Mohammed Buhari), the CIA, FBI, EFCC, British Government, American Government and United Nations Organization in Benin Republic, Ghana, Burkina Faso, Malaysia, South Africa, Togo, Senegal in collaboration with UK (London) Anti-Crime Squad received a report of fund transaction/scam against you and other British, US and Asian citizens including other countries whom the aforementioned countries vital offices/authorities have recompensed you due to meeting held with the International Financial Agency, the IMF, four countries Government and the World High Commission against fraud and other international fund transaction activities by the four country Citizens during the recent G20 and ACSP meeting. Your name was among those approved listed beneficiary to be paid by the International Financial Intelligent Unit (NFIU) through the United Nations account holder bank.

You are to contact the UN appointed officer immediately for the release/transfer of your approved compensation fund valued $750,000.00 United States Dollars only. With matter of urgency, you are to reconfirm to the UN appointed officer your full data as follows:

A)Your Full Name, B) Present Address, C) Home and Mobile Telephone Numbers, D) Occupation, E) Company Name and Position.

As soon as you send this information to the officer he will direct you accordingly on the release of your Fund. You are to contact Mr.Mensha Baah Head supervisor with the information below, for the release of your fund now.

Contact Person: Mr.Mensha Baah.
C/8815 off Ring Road, P.O.Box 2515
Cadastral, Zone A, Central Business District
Accra-Ghana.
Email: officeunited@yahoo.com.hk
smtp.office365.com:587
Yours in Service,

Maria Colgate (Secretary Foreign Affair)
World Bank Payment Monitoring Unit.
1818 H Street, N.W.Washington, DC 20433

Email analysis :

NOTE : officeunited@yahoo.com.hk
NOTE : prova@thsbo.com
NOTE : Ms.Maria Colgate
NOTE : Received : from User (unknown [154.118.65.101])


NOTE : by mail.thsbo.com (Postfix)