Samantha Gann a file with you on Dropbox
The updated agreement with AlixPartners
Scan001.zip
Download
© 2016 Dropbox
Email screenshot :
Email analysis :
NOTE : no-reply@dropbox.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from unknown (HELO NNZCABJO) (1.47.202.181)
NOTE : Samantha Gann sent you "Scan001.zip"
File analysis :
CLICK : DOWNLOAD
OPEN : https://www.cubbyusercontent.com/pl/Scan001.zip/_6ec59f8ef081469e9dba0d304a99cb9d
FILENAME : Scan001.zip
RESULT : File is a virus.
Virus analysis :
SHA256: e68dfb45eb15d675073486679ac94cac1788ea5c54a3e39cb9cddddaf73a179e
FILENAME : Scan001.zip
AVG : Downloader.Generic_c.ALTL
Ad-Aware : Trojan.GenericKD.3298975
AegisLab : Exploit.Script.Generic!c
Arcabit : Trojan.Generic.D32569F
Avast : Other:Malware-gen [Trj]
Avira (no cloud) : HEUR/Suspar.Gen
BitDefender : Trojan.GenericKD.3298975
DrWeb : JS.DownLoader.1225
ESET-NOD32 : JS/TrojanDownloader.Nemucod.ADU
Emsisoft : Trojan.GenericKD.3298975 (B)
F-Secure : Trojan.GenericKD.3298975
Fortinet : JS/Nemucod.ET!tr.dldr
GData : Trojan.GenericKD.3298975
Ikarus : JS.Trojan-Downloader.Rogue
K7AntiVirus : Trojan ( 004dfe6d1 )
K7GW : Trojan ( 004dfe6d1 )
Kaspersky : HEUR:Exploit.Script.Generic
McAfee : Generic.yd
McAfee-GW-Edition : Generic.yd
eScan : Trojan.GenericKD.3298975
Microsoft : TrojanDownloader:JS/Nemucod.AT
Rising : Exploit.Generic!8.3E1-aXLPd6nZxPO (Cloud)
TrendMicro : JS_NEMUCOD.QDA
TrendMicro-HouseCall : JS_NEMUCOD.QDA
Sunday, June 12, 2016
Sunday, December 27, 2015
Ahoj, (Scam)
Ahoj, Jak se dnes má? Jsem Renee Torres, 16 let od Wooster ve státě Ohio Spojených států amerických. Byl jsem vychován na jedinou matkou, která zemřela před několika lety. Ne zemřela ona odkázala její vlastnosti oceňují 3,9 milionů dolarů dolarů, aby mě jako její jediná dcera, ale můj nevlastní otec, který má problémy s drogami a alkoholem se zabývá léčbou mě velmi patné, a hrozí, e mě zabije, jestli se mi nelíbí předání vlastnosti dokumentů k němu , Musím ít tento dům co nejdříve, ve co potřebujete, je stráce, který bude stát, abych se tvrdit, své dědictví, protoe nemám jiné přeívající člena rodiny běet do. Prosím, pomozte mi a já budu navdy zůstane vděčný, budu vysvětlovat dál, kdy slyím od vás Přiloený je můj obrázek, abyste věděli, jak vypadám Doufám, e slyím od vás brzy Pozdravy, Miss Renee Torres.
Email analysis :
NOTE : reneetow96@gmail.com
NOTE : Received : from tri.tribomidia.com.br
NOTE : (tri.tribomidia.com.br. [192.163.199.37])
NOTE : avn.org.br/wp-includes/css/YellowMailer.php for 105.189.58.137
Email analysis :
NOTE : reneetow96@gmail.com
NOTE : Received : from tri.tribomidia.com.br
NOTE : (tri.tribomidia.com.br. [192.163.199.37])
NOTE : avn.org.br/wp-includes/css/YellowMailer.php for 105.189.58.137
Tuesday, October 27, 2015
We were unable to process your most recent payment... (Amazon Phishing)
Amazon.com
Today's Deals See All Departments
= = = = = = = = = = = = = = = = = = = =
We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?. To ensure that your service is not interrupted, please update your billing information today.
Confirm your account now
We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made. If you need further assistance with your order.
= = = = = = = = = = = = = = = = = = = =
Amazon.com
Connect with us
Phishing analysis :
CLICK : Confirm your account now
OPEN : http://www.intellectualjourneyofenlightenment.org/admin/css/amazon.com-verification/id/
RESULT : This Account Has Been Suspended
intellectualjourneyofenlightenment.org whois :
Registrant ID:DI_41908394
Registrant Name:Atul Kumar Jain
Registrant Organization:intellectualjourneyofenlightenment.org
Registrant Street: 363, sec 15
Registrant City:Panchkula
Registrant State/Province:Haryana
Registrant Postal Code:134114
Registrant Country:IN
Registrant Phone:+91.9888054461
Registrant Email:atul.jain2711@gmail.com
Admin ID:DI_41908394
Email analysis :
NOTE : noreply@amzon.support82.e-i.com
NOTE : 192.163.247.190 (ami.amiableargument.com)
NOTE : X-Source-Args : /usr/bin/php /home/wwwtheiv/public_html/clientscript/ie7/wp-confiiig.php
NOTE : Received : from wwwtheiv by ami.amiableargument.com
NOTE : (envelope-from < wwwtheiv@ami.amiableargument.com >)
NOTE : X-Mailer : theivoryquill.com
NOTE : X-Php-Script : theivoryquill.com/clientscript/ie7/wp-confiiig.php
NOTE : for 185.109.161.21
NOTE : X-Get-Message-Sender-Via : ami.amiableargument.com:
NOTE : authenticated_id: wwwtheiv/only
NOTE : user confirmed/virtual account not confirmed
Today's Deals See All Departments
= = = = = = = = = = = = = = = = = = = =
We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?. To ensure that your service is not interrupted, please update your billing information today.
Confirm your account now
We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made. If you need further assistance with your order.
= = = = = = = = = = = = = = = = = = = =
Amazon.com
Connect with us
Phishing analysis :
CLICK : Confirm your account now
OPEN : http://www.intellectualjourneyofenlightenment.org/admin/css/amazon.com-verification/id/
RESULT : This Account Has Been Suspended
intellectualjourneyofenlightenment.org whois :
Registrant ID:DI_41908394
Registrant Name:Atul Kumar Jain
Registrant Organization:intellectualjourneyofenlightenment.org
Registrant Street: 363, sec 15
Registrant City:Panchkula
Registrant State/Province:Haryana
Registrant Postal Code:134114
Registrant Country:IN
Registrant Phone:+91.9888054461
Registrant Email:atul.jain2711@gmail.com
Admin ID:DI_41908394
Email analysis :
NOTE : noreply@amzon.support82.e-i.com
NOTE : 192.163.247.190 (ami.amiableargument.com)
NOTE : X-Source-Args : /usr/bin/php /home/wwwtheiv/public_html/clientscript/ie7/wp-confiiig.php
NOTE : Received : from wwwtheiv by ami.amiableargument.com
NOTE : (envelope-from < wwwtheiv@ami.amiableargument.com >)
NOTE : X-Mailer : theivoryquill.com
NOTE : X-Php-Script : theivoryquill.com/clientscript/ie7/wp-confiiig.php
NOTE : for 185.109.161.21
NOTE : X-Get-Message-Sender-Via : ami.amiableargument.com:
NOTE : authenticated_id: wwwtheiv/only
NOTE : user confirmed/virtual account not confirmed
Payment Swift Copy
sir,
Upon request,Your customer has advised for your payment. Be informed that the following payment is made to your account as per attached HSBC payment swift copy. You are adviced to confirm receipt of payment as detailed.
Yours faithfully,
Global Payments and Cash Management.
HSBC
1 HSBC Payment Swift copy.doc (total 1.3KB)
View slide show (1)Download
Link analysis :
NOTE : http://peridotsgroup.com/colins/HSBC%20Payment%20Swift%20copy.doc
NOTE : BitDefender : Malware site
NOTE : Emsisoft : Malware site
File analysis :
Avira : EXP/CVE-2012-0158
CAT-QuickHeal : Exp.RTF.CVE-2012-0158
DrWeb : Exploit.Rtf.CVE2012-0158
Kaspersky : Exploit.Win32.CVE-2012-0158.j
Qihoo-360 : virus.exp.20120158
Rising : NORMAL:Hack.CVE-2012-0158.a!1614593 [F]
Sophos : Troj/DocDrop-DT
Symantec : Bloodhound.RTF.3
TrendMicro : HEUR_RTFMALFORME
Email analysis :
NOTE : purchasemanager@tescogroup.com
NOTE : Received : by endpoint708401cf.chios.panth.io
NOTE : 162.242.168.6 ()
Upon request,Your customer has advised for your payment. Be informed that the following payment is made to your account as per attached HSBC payment swift copy. You are adviced to confirm receipt of payment as detailed.
Yours faithfully,
Global Payments and Cash Management.
HSBC
1 HSBC Payment Swift copy.doc (total 1.3KB)
View slide show (1)Download
Link analysis :
NOTE : http://peridotsgroup.com/colins/HSBC%20Payment%20Swift%20copy.doc
NOTE : BitDefender : Malware site
NOTE : Emsisoft : Malware site
File analysis :
Avira : EXP/CVE-2012-0158
CAT-QuickHeal : Exp.RTF.CVE-2012-0158
DrWeb : Exploit.Rtf.CVE2012-0158
Kaspersky : Exploit.Win32.CVE-2012-0158.j
Qihoo-360 : virus.exp.20120158
Rising : NORMAL:Hack.CVE-2012-0158.a!1614593 [F]
Sophos : Troj/DocDrop-DT
Symantec : Bloodhound.RTF.3
TrendMicro : HEUR_RTFMALFORME
Email analysis :
NOTE : purchasemanager@tescogroup.com
NOTE : Received : by endpoint708401cf.chios.panth.io
NOTE : 162.242.168.6 ()
Subscribe to:
Posts (Atom)