You Have a new Fax message
From: 908.8145483
Receiving date: November 28, 2016
Pages: 3
You can view your message on our website:
https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802
Thank you for using RingCentral.
Link analysis :
CLICK : https://service.ringcentral.com/ messages/download.aspx?fax_id=1805802
OPEN : http://787.vn/wp-content/themes/tourpackage-v1-02/backup/get.php?id=dGVzdEB0ZXN0LmNvbQ==
DOWNLOAD : fax_test.doc
File analysis :
OPEN : fax_test.doc
SHA256 : c0b3934b594a23dd88a42c0e96ccbbf7f88c633a19d82833d6d9bbf47630a0c1
RESULT : fax_test.doc is a virus
Virus analysis :
Avast : VBA:Downloader-DSL [Trj]
ClamAV : Doc.Dropper.Agent-1847249
Kaspersky : Trojan-Downloader.MSWord.Agent.avj
Qihoo-360 : virus.office.gen.70
Sophos : Troj/DocDl-FTZ
Symantec : W97M.Downloader
Email analysis :
NOTE : ringcentral@faxmessage.com
NOTE : 74.143.65.242 (rrcs-74-143-65-242.central.biz.rr.com)
NOTE : Mime-Version : 1.0
Tuesday, November 29, 2016
Friday, January 30, 2015
Fax = Trojan
Fax message (Fax #0086091)
http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000
Fax message (Fax #0458849)
http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000
Fax message (Fax #3457735)
http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000
Fax message (Fax #4644306)
http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000
Fax message (Fax #6410561)
http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000
Email analysis for 5 emails :
NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)
pristineusa.com whois :
Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com
hifafarah.com whois :
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com
get-the-best.com whois :
Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM
Analysis of link
- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.
Analysis of file
ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP
http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000
Fax message (Fax #0458849)
http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000
Fax message (Fax #3457735)
http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000
Fax message (Fax #4644306)
http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000
Fax message (Fax #6410561)
http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000
Email analysis for 5 emails :
NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)
pristineusa.com whois :
Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com
hifafarah.com whois :
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com
get-the-best.com whois :
Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM
Analysis of link
- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.
Analysis of file
ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP
Friday, August 1, 2014
INCOMING FAX REPORT : Remote ID: 893-763-8796
*********************************************************
INCOMING FAX REPORT
*********************************************************
Date/Time: Fri, 1 Aug 2014 14:11:06 +0400
Speed: 4694bps
Connection time: 09:00
Pages: 6
Resolution: Normal
Remote ID: 498-015-4711
Line number: 7
DTMF/DID:
Description: Internal report
We have uploaded fax report on dropbox, please use the following link to download your file:
https://goo.gl/8bUXD4
*********************************************************
INCOMING FAX REPORT
*********************************************************
Date/Time: Fri, 1 Aug 2014 14:11:06 +0400
Speed: 4694bps
Connection time: 09:00
Pages: 6
Resolution: Normal
Remote ID: 498-015-4711
Line number: 7
DTMF/DID:
Description: Internal report
We have uploaded fax report on dropbox, please use the following link to download your file:
https://goo.gl/8bUXD4
*********************************************************
Thursday, July 31, 2014
You have a new Secure Message
You have received a encrypted message from NatWest Customer Support
In order to view the attachment please open it using your email client ( Microsoft Outlook, Mozilla Thunderbird, Lotus )
Please download your ecnrypted message at:
https://goo.gl/RmGnbr
(Google Disk Drive is a file hosting service operated by Google, Inc.)
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the NatWest Bank Secure Email Help Desk at 01315561519.
In order to view the attachment please open it using your email client ( Microsoft Outlook, Mozilla Thunderbird, Lotus )
Please download your ecnrypted message at:
https://goo.gl/RmGnbr
(Google Disk Drive is a file hosting service operated by Google, Inc.)
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the NatWest Bank Secure Email Help Desk at 01315561519.
INCOMING FAX REPORT : Remote ID: 896-344-5835
*********************************************************
INCOMING FAX REPORT
*********************************************************
Date/Time: Tue, 29 Jul 2014 12:26:07 -0400
Speed: 4922bps
Connection time: 08:08
Pages: 9
Resolution: Normal
Remote ID: 782-491-1135
Line number: 7
DTMF/DID:
Description: Internal Docs
*********************************************************
< IncomingFax.zip >
INCOMING FAX REPORT
*********************************************************
Date/Time: Tue, 29 Jul 2014 12:26:07 -0400
Speed: 4922bps
Connection time: 08:08
Pages: 9
Resolution: Normal
Remote ID: 782-491-1135
Line number: 7
DTMF/DID:
Description: Internal Docs
*********************************************************
< IncomingFax.zip >
Sunday, June 1, 2014
INCOMING FAX REPORT : Remote ID: 946-569-5355
*********************************************************
INCOMING FAX REPORT
*********************************************************
Date/Time: Fri, 30 May 2014 09:40:76 GMT
Speed: 4077bps
Connection time: 06:03
Pages: 7
Resolution: Normal
Remote ID: 523-068-8562
Line number: 8
DTMF/DID:
Description: Internal report
*********************************************************
< IncomingFax.zip >
ASM version of "IncomingFax.zip virus" :
======================================================
http://www.multiup.org/fr/mirror/3625e7996c47662e99445761203d6438/IncomingFax.scr.asm
======================================================
INCOMING FAX REPORT
*********************************************************
Date/Time: Fri, 30 May 2014 09:40:76 GMT
Speed: 4077bps
Connection time: 06:03
Pages: 7
Resolution: Normal
Remote ID: 523-068-8562
Line number: 8
DTMF/DID:
Description: Internal report
*********************************************************
< IncomingFax.zip >
ASM version of "IncomingFax.zip virus" :
======================================================
http://www.multiup.org/fr/mirror/3625e7996c47662e99445761203d6438/IncomingFax.scr.asm
======================================================
Thursday, May 29, 2014
INCOMING FAX REPORT : Remote ID: 785-889-5336
*********************************************************
INCOMING FAX REPORT
*********************************************************
Date/Time: Thu, 29 May 2014 17:35:43 +0800
Speed: 4889bps
Connection time: 01:06
Pages: 3
Resolution: Normal
Remote ID: 621-206-7574
Line number: 1
DTMF/DID:
Description: Internal report
We have uploaded fax report on dropbox, please use the following link to download your file:
INCOMING FAX REPORT
*********************************************************
Date/Time: Thu, 29 May 2014 17:35:43 +0800
Speed: 4889bps
Connection time: 01:06
Pages: 3
Resolution: Normal
Remote ID: 621-206-7574
Line number: 1
DTMF/DID:
Description: Internal report
We have uploaded fax report on dropbox, please use the following link to download your file:
Thursday, May 15, 2014
You have received a new fax
You have received fax from EPSON20394858 at ***
Scan date: Thu, 15 May 2014 01:36:54 +0800
Number of page(s): 92
Resolution: 400x400 DPI
_________________________________
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
< FAX[?var=partorderb].zip >
Scan date: Thu, 15 May 2014 01:36:54 +0800
Number of page(s): 92
Resolution: 400x400 DPI
_________________________________
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
< FAX[?var=partorderb].zip >
Monday, March 17, 2014
ENQUIRY...
Hello,
Did you receive my fax? I need to discuss important matter with you. It is urgent. I called your phone. Nobody answered. Only answering machine spoke. I sent fax. You did not reply. Maybe your fax is not working. I send this e-mail to verify if you received the fax or did not receive. I need you to send me your current fax and phone number with your personal email for immediate communication before its too late. I expect your reply. Not to this e-mail I use to write to you. Reply to sanfa.johan@yahoo.com
Yours faithfully,
Sanfa Johannes
Directeur Gйnйral
BSIC Bank BJ
www.bsicbank.net.tf
Email: sanfa.johan@yahoo.com
Did you receive my fax? I need to discuss important matter with you. It is urgent. I called your phone. Nobody answered. Only answering machine spoke. I sent fax. You did not reply. Maybe your fax is not working. I send this e-mail to verify if you received the fax or did not receive. I need you to send me your current fax and phone number with your personal email for immediate communication before its too late. I expect your reply. Not to this e-mail I use to write to you. Reply to sanfa.johan@yahoo.com
Yours faithfully,
Sanfa Johannes
Directeur Gйnйral
BSIC Bank BJ
www.bsicbank.net.tf
Email: sanfa.johan@yahoo.com
Wednesday, March 12, 2014
ENQUIRY...
Hello,
Did you receive my fax? I need to discuss important matter with you. It is urgent. I called your phone. Nobody answered. Only answering machine spoke. I sent fax. You did not reply. Maybe your fax is not working. I send this e-mail to verify if you received the fax or did not receive. I need you to send me your current fax and phone number with your personal email for immediate communication before its too late.
I expect your reply. Not to this e-mail I use to write to you. Reply to sanfa.johan@yahoo.com
Yours faithfully,
Sanfa Johannes
Directeur Gйnйral
BSIC Bank BJ
www.bsicbank.net.tf
Email: sanfa.johan@yahoo.com
Did you receive my fax? I need to discuss important matter with you. It is urgent. I called your phone. Nobody answered. Only answering machine spoke. I sent fax. You did not reply. Maybe your fax is not working. I send this e-mail to verify if you received the fax or did not receive. I need you to send me your current fax and phone number with your personal email for immediate communication before its too late.
I expect your reply. Not to this e-mail I use to write to you. Reply to sanfa.johan@yahoo.com
Yours faithfully,
Sanfa Johannes
Directeur Gйnйral
BSIC Bank BJ
www.bsicbank.net.tf
Email: sanfa.johan@yahoo.com
Subscribe to:
Posts (Atom)