Sir/Madam
Upon your request, attached please find payment e-Advice for your reference.
HSBC
***************************************************************************
We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by e-mail or otherwise to ask you to validate personal information such as your user ID, password, or account numbers. If you receive such a request, please call our Direct Financial Services hotline.
Please do not reply to this e-mail. Should you wish to contact us, please send your e-mail to commercialbanking@hsbc.com.hk and we will respond to you.
Note: it is important that you do not provide your account or credit card numbers, or convey any confidential information or banking instructions, in your reply mail.
Copyright. The Hongkong and Shanghai Banking Corporation Limited 2015. All rights reserved.
***************************************************************************
HSBC-2739.zip
Analysis :
OPEN : HSBC-2739.zip
NOTE : HSBC-2739.zip is a virus
Virus analysis :
ALYac : Trojan.GenericKD.2203557
AVG : Generic_s.EHP
AVware : Trojan.Win32.Generic.pak!cobra
Ad-Aware : Trojan.GenericKD.2203557
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Angles.24012
Baidu-International : Trojan.Win32.Upatre.vje
BitDefender : Trojan.GenericKD.2203557
ClamAV : Win.Trojan.Agent-851779
Cyren : W32/Trojan.IATT-2425
DrWeb : Trojan.Upatre.144
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Emsisoft : Trojan.GenericKD.2203557 (B)
F-Prot : W32/Trojan3.OGD
F-Secure : Trojan.GenericKD.2203557
Fortinet : W32/Upatre.VJE!tr
GData : Trojan.GenericKD.2203557
Ikarus : Trojan.Win32.Emotet
K7AntiVirus : Trojan-Downloader ( 0048f6391 )
K7GW : Trojan-Downloader ( 0048f6391 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vje
Malwarebytes : Trojan.Upatre.FD
McAfee : RDN/Generic Downloader.x!mv
McAfee-GW-Edition : RDN/Generic Downloader.x!mv
MicroWorld-eScan : Trojan.GenericKD.2203557
Microsoft : TrojanDownloader:Win32/Upatre
Qihoo-360 : Win32/Trojan.d51
Sophos : Troj/Dyreza-DF
Symantec : Downloader.Upatre
TotalDefense : Win32/Tnega.fAAdaN
TrendMicro : TROJ_FR.97949EA3
TrendMicro-HouseCall : Suspicious_GEN.F47V0307
VIPRE : Trojan.Win32.Generic.pak!cobra
ViRobot : Trojan.Win32.S.Agent.29696.ASK[h]
Email analysis :
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < no-replay@hsbc.co.uk >
NOTE : X-Ovh-Remote : 221.155.165.78 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO hsbc.co.uk) (221.155.165.78)
NOTE : HSBC Payment
Sunday, March 8, 2015
Thursday, March 5, 2015
Air Canada e-ticket Virus
Dear client,
Your online order has been successfully completed and your credit card has been charged.
FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD
The seat number and additional information regarding the flight can be found on the attached e-ticket.
Thank you for choosing Air Canada
e-ticket_79010838.doc
Virus analysis :
OPEN : e-ticket_79010838.doc
ANALYSIS :
ALYac Trojan.Downloader.JRLZ
AVG Generic12_c.AETQ
Ad-Aware Trojan.Downloader.JRLZ
AhnLab-V3 X97M/Downloader
Avast MO97:Downloader-LX [Trj]
Avira WM/Dldr.Agent.asdl
BitDefender Trojan.Downloader.JRLZ
CAT-QuickHeal W97M.Dropper.CK
Comodo UnclassifiedMalware
Cyren W97M/Tarbir
ESET-NOD32 VBA/TrojanDownloader.Agent.JD
Emsisoft Trojan.Downloader.JRLZ (B)
F-Prot New
F-Secure Trojan.Downloader.JRLZ
Fortinet WM/Agent!tr
GData Trojan.Downloader.JRLZ
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.fg
McAfee W97M/Downloader.adx
McAfee-GW-Edition W97M/Downloader.adx
MicroWorld-eScan Trojan.Downloader.JRLZ
Microsoft TrojanDownloader:O97M/Bartallex.gen
Norman DLoader.ATMLY
Panda W97M/Downloader
Sophos Troj/DocDl-GF
Symantec W97M.Downloader
TrendMicro W2KM_BARTALEX.EU
TrendMicro-HouseCall W2KM_BARTALEX.EU
nProtect Trojan.Downloader.JRLZ
Your online order has been successfully completed and your credit card has been charged.
FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD
The seat number and additional information regarding the flight can be found on the attached e-ticket.
Thank you for choosing Air Canada
e-ticket_79010838.doc
Virus analysis :
OPEN : e-ticket_79010838.doc
ANALYSIS :
ALYac Trojan.Downloader.JRLZ
AVG Generic12_c.AETQ
Ad-Aware Trojan.Downloader.JRLZ
AhnLab-V3 X97M/Downloader
Avast MO97:Downloader-LX [Trj]
Avira WM/Dldr.Agent.asdl
BitDefender Trojan.Downloader.JRLZ
CAT-QuickHeal W97M.Dropper.CK
Comodo UnclassifiedMalware
Cyren W97M/Tarbir
ESET-NOD32 VBA/TrojanDownloader.Agent.JD
Emsisoft Trojan.Downloader.JRLZ (B)
F-Prot New
F-Secure Trojan.Downloader.JRLZ
Fortinet WM/Agent!tr
GData Trojan.Downloader.JRLZ
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.fg
McAfee W97M/Downloader.adx
McAfee-GW-Edition W97M/Downloader.adx
MicroWorld-eScan Trojan.Downloader.JRLZ
Microsoft TrojanDownloader:O97M/Bartallex.gen
Norman DLoader.ATMLY
Panda W97M/Downloader
Sophos Troj/DocDl-GF
Symantec W97M.Downloader
TrendMicro W2KM_BARTALEX.EU
TrendMicro-HouseCall W2KM_BARTALEX.EU
nProtect Trojan.Downloader.JRLZ
BBB SBQ Form #5488(Ref#83-497-0-4) (BBB VIRUS)
Thank you for supporting your Better Business Bureau (BBB).
As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.
We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)
Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.
Thank you again for your support, and we look forward to receiving this updated information.
Sincerely,
Accreditation Services
SBQForm07182.zip
OPEN : SBQForm07182.zip
Virus Analysis :
OPEN : SBQForm07182.zip
RESULT :
Avast Win32:Evo-gen [Susp]
CMC Packed.Win32.Katusha.3!O
ESET-NOD32 a variant of Win32/Injector.BVRZ
McAfee Downloader-FAHF!3D0C52C03CD0
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Mal/Generic-S
Tencent Win32.Trojan.Inject.Auto
Email analysis :
NOTE : no-replay@bbb.com
NOTE : X-Remote : 89.120.40.73 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO bbb.com) (89.120.40.73)
As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.
We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)
Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.
Thank you again for your support, and we look forward to receiving this updated information.
Sincerely,
Accreditation Services
SBQForm07182.zip
OPEN : SBQForm07182.zip
Virus Analysis :
OPEN : SBQForm07182.zip
RESULT :
Avast Win32:Evo-gen [Susp]
CMC Packed.Win32.Katusha.3!O
ESET-NOD32 a variant of Win32/Injector.BVRZ
McAfee Downloader-FAHF!3D0C52C03CD0
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Mal/Generic-S
Tencent Win32.Trojan.Inject.Auto
Email analysis :
NOTE : no-replay@bbb.com
NOTE : X-Remote : 89.120.40.73 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO bbb.com) (89.120.40.73)
Friday, February 13, 2015
Scanned Image
Please open the attached document.
This document was digitally sent to you using an HP Digital Sending device.
-------------------------------------------------------------------------------
This email has been scanned for viruses and spam.
-------------------------------------------------------------------------------
Image.zip
Image.zip analysis :
OPEN FILE : Image.zip
EXTRACT : Image.scr
AVware Win32.Malware!Drop
Ad-Aware Gen:Variant.Graftor.175463
AhnLab-V3 Trojan/Win32.MDA
Avast Win32:Trojan-gen
Avira TR/Agent.psxz.445
Baidu-International Trojan.Win32.Waski.F
BitDefender Gen:Variant.Graftor.175463
ClamAV Win.Trojan.Upatre-165
Cyren W32/Trojan.BKZM-6931
DrWeb Trojan.Upatre.125
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Gen:Variant.Graftor.175463 (B)
F-Prot W32/Trojan3.NUW
F-Secure Gen:Variant.Graftor.175463
Fortinet W32/Waski.F!tr
GData Gen:Variant.Graftor.175463
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.fbe
Malwarebytes Trojan.FakeMS.ED
McAfee Artemis!E85B4BDFB116
McAfee-GW-Edition BehavesLike.Win32.BadFile.mm
MicroWorld-eScan Gen:Variant.Graftor.175463
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Dyreza-CB
Symantec Downloader.Upatre
Tencent Win32.Trojan.Inject.Auto
TrendMicro TROJ_UPATRE.YYSO
TrendMicro-HouseCall TROJ_UPATRE.YYSO
VIPRE Win32.Malware!Drop
Email analysis :
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < ushrb@brainkast.com>
NOTE : Received : from unknown (HELO HJPSMPV) (14.168.92.95)
NOTE : Scanned Image
This document was digitally sent to you using an HP Digital Sending device.
-------------------------------------------------------------------------------
This email has been scanned for viruses and spam.
-------------------------------------------------------------------------------
Image.zip
Image.zip analysis :
OPEN FILE : Image.zip
EXTRACT : Image.scr
AVware Win32.Malware!Drop
Ad-Aware Gen:Variant.Graftor.175463
AhnLab-V3 Trojan/Win32.MDA
Avast Win32:Trojan-gen
Avira TR/Agent.psxz.445
Baidu-International Trojan.Win32.Waski.F
BitDefender Gen:Variant.Graftor.175463
ClamAV Win.Trojan.Upatre-165
Cyren W32/Trojan.BKZM-6931
DrWeb Trojan.Upatre.125
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Gen:Variant.Graftor.175463 (B)
F-Prot W32/Trojan3.NUW
F-Secure Gen:Variant.Graftor.175463
Fortinet W32/Waski.F!tr
GData Gen:Variant.Graftor.175463
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.fbe
Malwarebytes Trojan.FakeMS.ED
McAfee Artemis!E85B4BDFB116
McAfee-GW-Edition BehavesLike.Win32.BadFile.mm
MicroWorld-eScan Gen:Variant.Graftor.175463
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Dyreza-CB
Symantec Downloader.Upatre
Tencent Win32.Trojan.Inject.Auto
TrendMicro TROJ_UPATRE.YYSO
TrendMicro-HouseCall TROJ_UPATRE.YYSO
VIPRE Win32.Malware!Drop
Email analysis :
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < ushrb@brainkast.com>
NOTE : Received : from unknown (HELO HJPSMPV) (14.168.92.95)
NOTE : Scanned Image
Friday, January 30, 2015
Fax = Trojan
Fax message (Fax #0086091)
http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000
Fax message (Fax #0458849)
http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000
Fax message (Fax #3457735)
http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000
Fax message (Fax #4644306)
http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000
Fax message (Fax #6410561)
http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000
Email analysis for 5 emails :
NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)
pristineusa.com whois :
Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com
hifafarah.com whois :
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com
get-the-best.com whois :
Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM
Analysis of link
- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.
Analysis of file
ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP
http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000
Fax message (Fax #0458849)
http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000
Fax message (Fax #3457735)
http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000
Fax message (Fax #4644306)
http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000
Fax message (Fax #6410561)
http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000
Email analysis for 5 emails :
NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)
pristineusa.com whois :
Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com
hifafarah.com whois :
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com
get-the-best.com whois :
Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM
Analysis of link
- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.
Analysis of file
ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP
Thursday, January 22, 2015
Incoming Fax Report
************************************
INCOMING FAX REPORT
************************************
Date/Time: Tuesday, 21.01.2015
Speed: 123bps
Connection time: 01:06
Page: 3
Resolution: Normal
Remote ID: 871-748-171158
Line number: 9
DTMF/DID:
Description: Internal only
************************************
FAX-id9123912481712931.zip
Email analysis :
NOTE : no-reply@premium-fax.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < respellsrcwe1918@regalix.com >
NOTE : Remote : 82.130.246.56 (56.82-130-246.static.clientes.euskaltel.es)
NOTE : Incoming Fax Report
FAX-id9123912481712931.zip analysis :
AVG Generic36.ARVN 20150122
AVware Trojan.Win32.Generic!BT 20150122
Ad-Aware Trojan.GenericKD.2099790 20150122
Avast Win32:Trojan-gen 20150122
Avira TR/Crowti.A.152 20150122
BitDefender Trojan.GenericKD.2099790 20150122
CMC Trojan.Win32.Krap.2!O 20150120
Cyren W32/Trojan.SNJZ-4571 20150122
DrWeb Trojan.Encoder.514 20150122
ESET-NOD32 Win32/Filecoder.CO 20150122
Emsisoft Trojan.GenericKD.2099790 (B) 20150122
F-Prot W32/Trojan3.NGI 20150122
F-Secure Trojan.GenericKD.2099790 20150122
GData Trojan.GenericKD.2099790 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Trojan ( 7000000c1 ) 20150122
K7GW Trojan ( 7000000c1 ) 20150122
Kaspersky Trojan-Ransom.Win32.Blocker.gkdv 20150122
McAfee Artemis!20834704BF1B 20150122
MicroWorld-eScan Trojan.GenericKD.2099790 20150122
Microsoft Ransom:Win32/Crowti.A 20150122
Qihoo-360 Win32/Trojan.Multi.daf 20150122
Sophos Mal/DrodZp-A 20150122
Symantec Trojan.Cryptolocker.F 20150122
Tencent Win32.Trojan.Inject.Auto 20150122
TrendMicro TROJ_FILECODER.K 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
nProtect Trojan.GenericKD.2099790 20150122
INCOMING FAX REPORT
************************************
Date/Time: Tuesday, 21.01.2015
Speed: 123bps
Connection time: 01:06
Page: 3
Resolution: Normal
Remote ID: 871-748-171158
Line number: 9
DTMF/DID:
Description: Internal only
************************************
FAX-id9123912481712931.zip
Email analysis :
NOTE : no-reply@premium-fax.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < respellsrcwe1918@regalix.com >
NOTE : Remote : 82.130.246.56 (56.82-130-246.static.clientes.euskaltel.es)
NOTE : Incoming Fax Report
FAX-id9123912481712931.zip analysis :
AVG Generic36.ARVN 20150122
AVware Trojan.Win32.Generic!BT 20150122
Ad-Aware Trojan.GenericKD.2099790 20150122
Avast Win32:Trojan-gen 20150122
Avira TR/Crowti.A.152 20150122
BitDefender Trojan.GenericKD.2099790 20150122
CMC Trojan.Win32.Krap.2!O 20150120
Cyren W32/Trojan.SNJZ-4571 20150122
DrWeb Trojan.Encoder.514 20150122
ESET-NOD32 Win32/Filecoder.CO 20150122
Emsisoft Trojan.GenericKD.2099790 (B) 20150122
F-Prot W32/Trojan3.NGI 20150122
F-Secure Trojan.GenericKD.2099790 20150122
GData Trojan.GenericKD.2099790 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Trojan ( 7000000c1 ) 20150122
K7GW Trojan ( 7000000c1 ) 20150122
Kaspersky Trojan-Ransom.Win32.Blocker.gkdv 20150122
McAfee Artemis!20834704BF1B 20150122
MicroWorld-eScan Trojan.GenericKD.2099790 20150122
Microsoft Ransom:Win32/Crowti.A 20150122
Qihoo-360 Win32/Trojan.Multi.daf 20150122
Sophos Mal/DrodZp-A 20150122
Symantec Trojan.Cryptolocker.F 20150122
Tencent Win32.Trojan.Inject.Auto 20150122
TrendMicro TROJ_FILECODER.K 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
nProtect Trojan.GenericKD.2099790 20150122
Employee Documents - Internal Use
DOCUMENT NOTIFICATION, Powered by NetDocuments
DOCUMENT NAME: Employee Documents
DOCUMENT LINK: http://spitalcuzavodaiasi.ro/CUSTOMER.DOCUMENT-STORAGE-DATA/get_invoice_document.html
DOCUMENT LINK: http://lamichelangelo.it/CUSTOMER-DOCUMENT-STORAGE_DATA/get_last_document.html
DOCUMENT LINK: http://www.trans-arts.com/CUSTOMER~DOCUMENT-DATA/last-invoice-document.html
Documents are encrypted in transit and store in a secure repository
---------------------------------------------------------------------------------
This message may contain information that is privileged and confidential. If you received this transmission in error, please notify the sender by reply email and delete the message and any attachments.
Email analysis :
NOTE : no-replay@invoice.com
NOTE : User-Agent : Roundcube Webmail/1.1.1
NOTE : Received : from unknown (HELO invoice.com) (37.191.103.140)
NOTE : Received : from unknown (HELO invoice.com) (69.42.188.58)
NOTE : Received : from unknown (HELO invoice.com) (80.156.199.162)
Process Analysis :
CLICK : one of the three links.
DOWNLOAD : invoice_pdf80985.zip
EXTRACT : invoice_pdf40132.exe
invoice_pdf40132.exe analysis :
AVG : Crypt3.BTYL : 20150122
Ad-Aware : Gen:Variant.Zbot.154 : 20150122
AhnLab-V3 : Spyware/Win32.Zbot : 20150122
Avast : Win32:Malware-gen : 20150122
BitDefender : Gen:Variant.Zbot.154 : 20150122
CMC : Packed.Win32.Katusha.3!O : 20150120
Cyren : W32/Trojan.RHQS-4975 : 20150122
DrWeb : Trojan.Upatre.128 : 20150122
ESET-NOD32 : Win32/TrojanDownloader.Waski.F : 20150122
Emsisoft : Gen:Variant.Zbot.154 (B) : 20150122
F-Prot : W32/Trojan3.NGH : 20150122
F-Secure : Gen:Variant.Zbot.154 : 20150122
GData : Gen:Variant.Zbot.154 : 20150122
K7AntiVirus : Trojan-Downloader ( 0049d22b1 ) : 20150122
Kaspersky : Trojan.Win32.Staser.awtk : 20150122
Malwarebytes : Trojan.Email.FakeDoc : 20150122
McAfee : Downloader-FAHF!01F769E9BD9A : 20150122
MicroWorld-eScan : Gen:Variant.Zbot.154 : 20150122
Qihoo-360 : Malware.QVM20.Gen : 20150122
Rising : PE:Malware.FakePDF@CV!1.9C3A : 20150121
Sophos : Troj/Dyreza-AM : 20150122
Symantec : Downloader.Upatre : 20150122
nProtect : Trojan/W32.Agent.15872.TX : 20150122
DOCUMENT NAME: Employee Documents
DOCUMENT LINK: http://spitalcuzavodaiasi.ro/CUSTOMER.DOCUMENT-STORAGE-DATA/get_invoice_document.html
DOCUMENT LINK: http://lamichelangelo.it/CUSTOMER-DOCUMENT-STORAGE_DATA/get_last_document.html
DOCUMENT LINK: http://www.trans-arts.com/CUSTOMER~DOCUMENT-DATA/last-invoice-document.html
Documents are encrypted in transit and store in a secure repository
---------------------------------------------------------------------------------
This message may contain information that is privileged and confidential. If you received this transmission in error, please notify the sender by reply email and delete the message and any attachments.
Email analysis :
NOTE : no-replay@invoice.com
NOTE : User-Agent : Roundcube Webmail/1.1.1
NOTE : Received : from unknown (HELO invoice.com) (37.191.103.140)
NOTE : Received : from unknown (HELO invoice.com) (69.42.188.58)
NOTE : Received : from unknown (HELO invoice.com) (80.156.199.162)
Process Analysis :
CLICK : one of the three links.
DOWNLOAD : invoice_pdf80985.zip
EXTRACT : invoice_pdf40132.exe
invoice_pdf40132.exe analysis :
AVG : Crypt3.BTYL : 20150122
Ad-Aware : Gen:Variant.Zbot.154 : 20150122
AhnLab-V3 : Spyware/Win32.Zbot : 20150122
Avast : Win32:Malware-gen : 20150122
BitDefender : Gen:Variant.Zbot.154 : 20150122
CMC : Packed.Win32.Katusha.3!O : 20150120
Cyren : W32/Trojan.RHQS-4975 : 20150122
DrWeb : Trojan.Upatre.128 : 20150122
ESET-NOD32 : Win32/TrojanDownloader.Waski.F : 20150122
Emsisoft : Gen:Variant.Zbot.154 (B) : 20150122
F-Prot : W32/Trojan3.NGH : 20150122
F-Secure : Gen:Variant.Zbot.154 : 20150122
GData : Gen:Variant.Zbot.154 : 20150122
K7AntiVirus : Trojan-Downloader ( 0049d22b1 ) : 20150122
Kaspersky : Trojan.Win32.Staser.awtk : 20150122
Malwarebytes : Trojan.Email.FakeDoc : 20150122
McAfee : Downloader-FAHF!01F769E9BD9A : 20150122
MicroWorld-eScan : Gen:Variant.Zbot.154 : 20150122
Qihoo-360 : Malware.QVM20.Gen : 20150122
Rising : PE:Malware.FakePDF@CV!1.9C3A : 20150121
Sophos : Troj/Dyreza-AM : 20150122
Symantec : Downloader.Upatre : 20150122
nProtect : Trojan/W32.Agent.15872.TX : 20150122
Tuesday, October 28, 2014
Nota Fiscal Eletrônica
INFORMAMOS QUE O LINK DA NOTA FÍSCAL ENVIADA ANTERIORMENTE FOI CORROMPIDO,
EM FUNÇÃO DISTO, ESTAMOS DISPONIBILIZANDO UM NOVO LINK PARA DOWNLOAD.
PEDIMOS DESCULPAS PELOS TRANSTORNOS.
Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em SETEMBRO/2014.
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Este email está limpo de vírus e malwares porque a proteção do avast! Antivírus está ativa.
Email analysis :
NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Message-Id : < *@BRASILPC >
NOTE : X-Antivirus : avast! (VPS 141027-2, 27/10/2014), Outbound message
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from brasil2014-PC (unknown [179.155.140.18])
NOTE : by mail.termaco.com.br (Postfix)
NOTE : Nota Fiscal Eletrônica
Link analysis :
CLICK : 004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : http://ge.tt/api/1/files/7EMX4r22/0/blob?download
DOWNLOAD : Reemissão de Nota N 9038312-01.rar
Virus analysis :
Comodo : TrojWare.Win32.TrojanDownloader.Delf.SAD : 20141028
ESET-NOD32 : a variant of Win32/TrojanDownloader.Banload.ULY : 20141028
Kaspersky : HEUR:Trojan-Downloader.Script.Generic : 20141028
EM FUNÇÃO DISTO, ESTAMOS DISPONIBILIZANDO UM NOVO LINK PARA DOWNLOAD.
PEDIMOS DESCULPAS PELOS TRANSTORNOS.
Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em SETEMBRO/2014.
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Este email está limpo de vírus e malwares porque a proteção do avast! Antivírus está ativa.
Email analysis :
NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Message-Id : < *@BRASILPC >
NOTE : X-Antivirus : avast! (VPS 141027-2, 27/10/2014), Outbound message
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from brasil2014-PC (unknown [179.155.140.18])
NOTE : by mail.termaco.com.br (Postfix)
NOTE : Nota Fiscal Eletrônica
Link analysis :
CLICK : 004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : http://ge.tt/api/1/files/7EMX4r22/0/blob?download
DOWNLOAD : Reemissão de Nota N 9038312-01.rar
Virus analysis :
Comodo : TrojWare.Win32.TrojanDownloader.Delf.SAD : 20141028
ESET-NOD32 : a variant of Win32/TrojanDownloader.Banload.ULY : 20141028
Kaspersky : HEUR:Trojan-Downloader.Script.Generic : 20141028
Friday, October 17, 2014
Your document
To view your document, please open attachment.
< document_1425792.pdf.zip >
Virus analysis :
Ad-Aware Trojan.GenericKD.1928929
Avast Win32:Malware-gen
Avira TR/Crypt.Xpack.88959
BitDefender Trojan.GenericKD.1928929
Cyren W32/Trojan.JOFL-9265
ESET-NOD32 a variant of MSIL/Injector.FWC
F-Prot W32/Trojan3.LMV
Fortinet MSIL/FWC!tr
Ikarus Backdoor.Androm
Kaspersky Trojan.Win32.Inject.tbsl
Malwarebytes Trojan.MSIL.Injector
McAfee Artemis!94EA6E94CF43
MicroWorld-eScan Trojan.GenericKD.1928929
Qihoo-360 Win32/Trojan.Multi.daf
Rising PE:Malware.FakePDF@CV!1.9C3A
Sophos Troj/MSIL-APK
Tencent Win32.Trojan.Inject.Auto
TrendMicro-HouseCall TROJ_GE.C9ACEC0C
Email analysis :
NOTE : Return-Path : < no-reply@97e2896c.skybroadband.com >
NOTE : Received : from 97e2896c.skybroadband.com (151.226.137.108)
NOTE : Message-Id : < I1N3IJT6.6426198@robtec.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_NextPart_000_0006_*"
NOTE : X-Remote : 151.226.137.108 (97e2896c.skybroadband.com)
NOTE : Your document
< document_1425792.pdf.zip >
Virus analysis :
Ad-Aware Trojan.GenericKD.1928929
Avast Win32:Malware-gen
Avira TR/Crypt.Xpack.88959
BitDefender Trojan.GenericKD.1928929
Cyren W32/Trojan.JOFL-9265
ESET-NOD32 a variant of MSIL/Injector.FWC
F-Prot W32/Trojan3.LMV
Fortinet MSIL/FWC!tr
Ikarus Backdoor.Androm
Kaspersky Trojan.Win32.Inject.tbsl
Malwarebytes Trojan.MSIL.Injector
McAfee Artemis!94EA6E94CF43
MicroWorld-eScan Trojan.GenericKD.1928929
Qihoo-360 Win32/Trojan.Multi.daf
Rising PE:Malware.FakePDF@CV!1.9C3A
Sophos Troj/MSIL-APK
Tencent Win32.Trojan.Inject.Auto
TrendMicro-HouseCall TROJ_GE.C9ACEC0C
Email analysis :
NOTE : Return-Path : < no-reply@97e2896c.skybroadband.com >
NOTE : Received : from 97e2896c.skybroadband.com (151.226.137.108)
NOTE : Message-Id : < I1N3IJT6.6426198@robtec.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_NextPart_000_0006_*"
NOTE : X-Remote : 151.226.137.108 (97e2896c.skybroadband.com)
NOTE : Your document
Thursday, October 16, 2014
Nota Fiscal Eletrônica
Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em AGOSTO/2014.
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
7004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Email analysis :
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from localhost (localhost [127.0.0.1]) by mail.termaco.com.br
NOTE : Received : from mail.termaco.com.br ([127.0.0.1]) by
NOTE : Received : from brasil2014-PC (unknown [179.155.133.141]) by mail.termaco.com.br
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Mime-Version : 1.0
NOTE : Nota Fiscal Eletrônica
CLICK : 7004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : https://www.dropbox.com/s/to2t0hwqkkmhq5a/Nota_Eletronica_MFI015.rar?dl=1
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
7004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Email analysis :
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from localhost (localhost [127.0.0.1]) by mail.termaco.com.br
NOTE : Received : from mail.termaco.com.br ([127.0.0.1]) by
NOTE : Received : from brasil2014-PC (unknown [179.155.133.141]) by mail.termaco.com.br
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Mime-Version : 1.0
NOTE : Nota Fiscal Eletrônica
CLICK : 7004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : https://www.dropbox.com/s/to2t0hwqkkmhq5a/Nota_Eletronica_MFI015.rar?dl=1
No more dropbox file... (Nota_Eletronica_MFI015.rar)
Thursday, October 9, 2014
Alert Transactions Report by users from 2014-09-28 to 2014-09-28
Your requested report is attached here.
< transact_store.zip >
Email analysis :
NOTE : Return-Path :
NOTE : Received : from unknown (HELO pulik.in) (41.216.215.152)
NOTE : Received : from [177.140.36.115] (helo=mgroiipvpbw.iyxefpsmk.ua)
NOTE : X-Mailer : The Bat! (v3.71.14) Professional
NOTE : X-Priority : 3 (Normal)
NOTE : Message-Id : < *.*@nwhxppulruhvq.ecbucf.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----------*"
NOTE : Alert Transactions Report by users from 2014-09-28 to 2014-09-28
Virus analysis :
AVG : MSIL5.RCS
Ad-Aware : Trojan.Agent.BFYC
Avira : TR/Crypt.Xpack.98991
Baidu-International : Trojan.Win32.Wauchos.bAF
BitDefender : Trojan.Agent.BFYC
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AF
Emsisoft : Trojan.Agent.BFYC (B)
F-Secure : Trojan.Agent.BFYC
Fortinet : W32/Wauchos.AF!tr
GData : Trojan.Agent.BFYC
Ikarus : Win32.Outbreak
Kaspersky : Backdoor.Win32.Androm.fcxu
McAfee : Artemis!182EE0F73CD9
MicroWorld-eScan : Trojan.Agent.BFYC
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Sophos : Troj/Zbot-JAQ
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TheHacker : W32/Bagle.gen.pwdzip5
TrendMicro : TROJ_WAUCHOS.WFB
< transact_store.zip >
Email analysis :
NOTE : Return-Path :
NOTE : Received : from unknown (HELO pulik.in) (41.216.215.152)
NOTE : Received : from [177.140.36.115] (helo=mgroiipvpbw.iyxefpsmk.ua)
NOTE : X-Mailer : The Bat! (v3.71.14) Professional
NOTE : X-Priority : 3 (Normal)
NOTE : Message-Id : < *.*@nwhxppulruhvq.ecbucf.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----------*"
NOTE : Alert Transactions Report by users from 2014-09-28 to 2014-09-28
Virus analysis :
AVG : MSIL5.RCS
Ad-Aware : Trojan.Agent.BFYC
Avira : TR/Crypt.Xpack.98991
Baidu-International : Trojan.Win32.Wauchos.bAF
BitDefender : Trojan.Agent.BFYC
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AF
Emsisoft : Trojan.Agent.BFYC (B)
F-Secure : Trojan.Agent.BFYC
Fortinet : W32/Wauchos.AF!tr
GData : Trojan.Agent.BFYC
Ikarus : Win32.Outbreak
Kaspersky : Backdoor.Win32.Androm.fcxu
McAfee : Artemis!182EE0F73CD9
MicroWorld-eScan : Trojan.Agent.BFYC
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Sophos : Troj/Zbot-JAQ
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TheHacker : W32/Bagle.gen.pwdzip5
TrendMicro : TROJ_WAUCHOS.WFB
Friday, October 3, 2014
Fax Report
*************************************
INCOMING FAX REPORT
*************************************
Date/Time: Thursday, 02.10.2014
Speed: 474bps
Connection time: 09:08
Page: 5
Resolution: Normal
Remote ID: 811-748-179982
Line number: 9
DTMF/DID:
Description: Internal only
*************************************
< fax00842121453281728.zip >
Virus analysis :
===================================================
AVG : Crypt3.ASZZ
Avast : Win32:Trojan-gen
Avira : TR/Crypt.ZPACK.102086
Baidu-International : Trojan.Win32.Filecoder.bCO
BitDefender : Trojan.GenericKD.1896987
Bkav : W32.HfsAutoA.D289
ClamAV : Zip.Suspect.ExecutableFax-zippwd-1
Cyren : W32/Trojan.GDDK-5927
ESET-NOD32 : Win32/Filecoder.CO
F-Prot : W32/Trojan3.LBO
F-Secure : Trojan:W32/Agent.DVSR
Ikarus : Trojan-Ransom.CryptoWall
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan (7000000c1)
McAfee : RDN/Generic.dx!dfz
Sophos : Mal/DrodZp-A
Symantec : Trojan.Cryptodefense
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_RANSOM.YMJJ
===================================================
Mail analysis :
===================================================
NOTE : ugo.orlando@toutattache.com
NOTE : Return-Path : < underwriteye@rjsinger.com >
NOTE : Received : from unknown (HELO KJIONYSKE) (91.186.207.186)
NOTE : Message-Id : < 94K3LVMS.2835547@rjsinger.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="------------020006060602000502040307"
NOTE : Fax Report
===================================================
INCOMING FAX REPORT
*************************************
Date/Time: Thursday, 02.10.2014
Speed: 474bps
Connection time: 09:08
Page: 5
Resolution: Normal
Remote ID: 811-748-179982
Line number: 9
DTMF/DID:
Description: Internal only
*************************************
< fax00842121453281728.zip >
Virus analysis :
===================================================
AVG : Crypt3.ASZZ
Avast : Win32:Trojan-gen
Avira : TR/Crypt.ZPACK.102086
Baidu-International : Trojan.Win32.Filecoder.bCO
BitDefender : Trojan.GenericKD.1896987
Bkav : W32.HfsAutoA.D289
ClamAV : Zip.Suspect.ExecutableFax-zippwd-1
Cyren : W32/Trojan.GDDK-5927
ESET-NOD32 : Win32/Filecoder.CO
F-Prot : W32/Trojan3.LBO
F-Secure : Trojan:W32/Agent.DVSR
Ikarus : Trojan-Ransom.CryptoWall
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan (7000000c1)
McAfee : RDN/Generic.dx!dfz
Sophos : Mal/DrodZp-A
Symantec : Trojan.Cryptodefense
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_RANSOM.YMJJ
===================================================
Mail analysis :
===================================================
NOTE : ugo.orlando@toutattache.com
NOTE : Return-Path : < underwriteye@rjsinger.com >
NOTE : Received : from unknown (HELO KJIONYSKE) (91.186.207.186)
NOTE : Message-Id : < 94K3LVMS.2835547@rjsinger.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="------------020006060602000502040307"
NOTE : Fax Report
===================================================
Tuesday, September 16, 2014
Fax Report Virus
************************************
INCOMING FAX REPORT
************************************
Date/Time: Monday, 15.09.2014
Speed: 742bps
Connection time: 02:05
Page: 6
Resolution: Normal
Remote ID: 961-748-175192
Line number: 2
DTMF/DID:
Description: Internal only
************************************
< fax0082716711362511.zip >
Virus analysis :
==================================
AVG : Inject2.AVZG : 20140916
Ad-Aware : Trojan.GenericKD.1863035 : 20140916
Avast : Win32:Trojan-gen : 20140916
Avira : TR/Crypt.ZPACK.65977 : 20140916
Baidu-International : Trojan.Win32.Ransom.AR : 20140916
BitDefender : Trojan.GenericKD.1863035 : 20140916
CMC : Trojan.Win32.Swizzor.2!O : 20140916
Cyren : W32/Trojan.PSFN-7581 : 20140916
DrWeb : Trojan.Encoder.514 : 20140916
ESET-NOD32 : Win32/Filecoder.NCE : 20140916
Emsisoft : Trojan.GenericKD.1863035 (B) : 20140916
F-Prot : W32/Trojan3.KSP : 20140916
F-Secure : Trojan.GenericKD.1863035 : 20140916
GData : Trojan.GenericKD.1863035 : 20140916
Ikarus : Trojan-Spy.Agent : 20140916
K7AntiVirus : Trojan ( 7000000c1 ) : 20140915
K7GW : Trojan ( 7000000c1 ) : 20140915
Kaspersky : Trojan-Ransom.Win32.Cryptodef.bmw : 20140916
McAfee : RDN/Suspicious.bfr!bh : 20140916
MicroWorld-eScan : Trojan.GenericKD.1863035 : 20140916
Microsoft : Ransom:Win32/Crowti.A : 20140916
Panda : Trj/Chgt.F : 20140915
Qihoo-360 : HEUR/Malware.QVM07.Gen : 20140916
Sophos : Mal/DrodZp-A : 20140916
Symantec : Trojan.Cryptodefense : 20140916
Tencent : Win32.Trojan.Inject.Auto : 20140916
TrendMicro : TROJ_RANSOM.YMJH : 20140916
TrendMicro-HouseCall : TROJ_RANSOM.YMJH : 20140916
nProtect : Trojan.GenericKD.1863035 : 20140916
==================================
INCOMING FAX REPORT
************************************
Date/Time: Monday, 15.09.2014
Speed: 742bps
Connection time: 02:05
Page: 6
Resolution: Normal
Remote ID: 961-748-175192
Line number: 2
DTMF/DID:
Description: Internal only
************************************
< fax0082716711362511.zip >
Virus analysis :
==================================
AVG : Inject2.AVZG : 20140916
Ad-Aware : Trojan.GenericKD.1863035 : 20140916
Avast : Win32:Trojan-gen : 20140916
Avira : TR/Crypt.ZPACK.65977 : 20140916
Baidu-International : Trojan.Win32.Ransom.AR : 20140916
BitDefender : Trojan.GenericKD.1863035 : 20140916
CMC : Trojan.Win32.Swizzor.2!O : 20140916
Cyren : W32/Trojan.PSFN-7581 : 20140916
DrWeb : Trojan.Encoder.514 : 20140916
ESET-NOD32 : Win32/Filecoder.NCE : 20140916
Emsisoft : Trojan.GenericKD.1863035 (B) : 20140916
F-Prot : W32/Trojan3.KSP : 20140916
F-Secure : Trojan.GenericKD.1863035 : 20140916
GData : Trojan.GenericKD.1863035 : 20140916
Ikarus : Trojan-Spy.Agent : 20140916
K7AntiVirus : Trojan ( 7000000c1 ) : 20140915
K7GW : Trojan ( 7000000c1 ) : 20140915
Kaspersky : Trojan-Ransom.Win32.Cryptodef.bmw : 20140916
McAfee : RDN/Suspicious.bfr!bh : 20140916
MicroWorld-eScan : Trojan.GenericKD.1863035 : 20140916
Microsoft : Ransom:Win32/Crowti.A : 20140916
Panda : Trj/Chgt.F : 20140915
Qihoo-360 : HEUR/Malware.QVM07.Gen : 20140916
Sophos : Mal/DrodZp-A : 20140916
Symantec : Trojan.Cryptodefense : 20140916
Tencent : Win32.Trojan.Inject.Auto : 20140916
TrendMicro : TROJ_RANSOM.YMJH : 20140916
TrendMicro-HouseCall : TROJ_RANSOM.YMJH : 20140916
nProtect : Trojan.GenericKD.1863035 : 20140916
==================================
NatWest link for Virus
NatWest Logo
You have a new private message from NatWest
To view/read this your secure message please click here
Email Encryption Provided by NatWest. Learn More.
Email Security Powered by Voltage IBE
Copyright 2014 National Westminster Bank Plc. All rights reserved.
Footer Logo NatWest
To unsubscribe please click here
National Westminster Bank Plc. All rights, save as expressly granted, are reserved. Reproduction in any form of any part of the contents of this website without our prior written consent is prohibited unless for personal use only.
Email analysis :
=================================================
NOTE : Return-Path : < denqv@bpbcorp.com >
NOTE : Received : from unknown (HELO localhost) (113.167.221.144)
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : You have received a new secure message from NatWest
=================================================
Link analysis :
=================================================
NOTE : Click "To view/read this your secure message please click here"
NOTE : Open "http://high-hollin.org/nrhscgfayh/rxyxzmsbsy.html"
NOTE : A new download is processed :
NOTE : File "SecureMessage.zip" from http://www.explicacoesmagicmath.pt
NOTE : File "SecureMessage.zip" is a VIRUS !
=================================================
Virus analysis (DEF 20140916) :
=================================================
AVware : Win32.Malware!Drop
Avira : TR/ATRAPS.A.1717
Baidu-International : Trojan.Win32.Upatre.ABlK
DrWeb : Trojan.DownLoad3.34292
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan (7000000c1)
K7GW : Trojan(7000000c1)
Kaspersky : Trojan-Downloader.Win32.Upatre.avh
Kingsoft : VIRUS_UNKNOWN
Malwarebytes : Trojan.Upatre
McAfee : Artemis!AE3D2F8620F0
Microsoft : TrojanDownloader:Win32/Upatre.AA
Panda : Trj/Chgt.F
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Mal/DrodZp-A
Symantec : Trojan.Zbot
Tencent : Win32.Trojan-downloader.Upatre.Wqmz
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.S.Agent.20992.PD
=================================================
Whois Analysis :
=================================================
high-hollin.org
=================================================
Domain Name:HIGH-HOLLIN.ORG
Domain ID: D153034212-LROR
Creation Date: 2008-06-20T18:34:26Z
Updated Date: 2012-06-19T08:02:22Z
Registry Expiry Date: 2015-06-20T18:34:26Z
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Sponsoring Registrar IANA ID: 69
Domain Status: ok
Registrant ID:tuMZ59PcSs2k5l1K
Registrant Name:Douglas McCowen
Registrant Organization:None
Registrant Street: Riverside Barn
Registrant City:Winford- BRISTOL
Registrant State/Province:Avon
Registrant Postal Code:BS408HJ
Registrant Country:GB
Registrant Phone:+44.7985466869
Registrant Email:dhl_mccowen@hotmail.com
Admin ID:tuMZ59PcSs2k5l1K
Admin Name:Douglas McCowen
Admin Organization:None
Admin Street: Riverside Barn
Admin City:Winford- BRISTOL
Admin State/Province:Avon
Admin Postal Code:BS408HJ
Admin Country:GB
Admin Phone:+44.7985466869
Admin Email:dhl_mccowen@hotmail.com
Tech ID:tu9LIBi0nseyvCgJ
Tech Name:Pickaweb Limited Domains Dpt
Tech Organization:Pickaweb Limited
Tech Street: 7 Marlow Copse
Tech City:Chatham
Tech State/Province:Kent
Tech Postal Code:ME59DP
Tech Country:GB
Tech Phone:+44.8712180841
Tech Email:domains@pickaweb.co.uk
Name Server:NS7.UKHOSTSUPPORT.COM
Name Server:NS8.UKHOSTSUPPORT.COM
=================================================
explicacoesmagicmath.pt
=================================================
Domain Name: explicacoesmagicmath.pt
Creation Date (dd/mm/yyyy): 04/02/2013
Expiration Date (dd/mm/yyyy): 03/02/2015
Status: ACTIVE
Registrant
Francisco Cascao
Rua Francisco sa Miranda Lt 7
538
2975 538
Email: franciscocascao@iol.pt
Entidade Gestora / Billing Contact
EASYHOST - SERVI?OS INTERNET, UNIPESSOAL LDA
Email: dns@easyhost.pt
RACKSPOT LDA
Email: helpdesk@rackspot.com
Nameserver: explicacoesmagicmath.pt NS a.ns.rackspot.com.
Nameserver: explicacoesmagicmath.pt NS b.ns.rackspot.com.
=================================================
You have a new private message from NatWest
To view/read this your secure message please click here
Email Encryption Provided by NatWest. Learn More.
Email Security Powered by Voltage IBE
Copyright 2014 National Westminster Bank Plc. All rights reserved.
Footer Logo NatWest
To unsubscribe please click here
National Westminster Bank Plc. All rights, save as expressly granted, are reserved. Reproduction in any form of any part of the contents of this website without our prior written consent is prohibited unless for personal use only.
Email analysis :
=================================================
NOTE : Return-Path : < denqv@bpbcorp.com >
NOTE : Received : from unknown (HELO localhost) (113.167.221.144)
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : You have received a new secure message from NatWest
=================================================
Link analysis :
=================================================
NOTE : Click "To view/read this your secure message please click here"
NOTE : Open "http://high-hollin.org/nrhscgfayh/rxyxzmsbsy.html"
NOTE : A new download is processed :
NOTE : File "SecureMessage.zip" from http://www.explicacoesmagicmath.pt
NOTE : File "SecureMessage.zip" is a VIRUS !
=================================================
Virus analysis (DEF 20140916) :
=================================================
AVware : Win32.Malware!Drop
Avira : TR/ATRAPS.A.1717
Baidu-International : Trojan.Win32.Upatre.ABlK
DrWeb : Trojan.DownLoad3.34292
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan (7000000c1)
K7GW : Trojan(7000000c1)
Kaspersky : Trojan-Downloader.Win32.Upatre.avh
Kingsoft : VIRUS_UNKNOWN
Malwarebytes : Trojan.Upatre
McAfee : Artemis!AE3D2F8620F0
Microsoft : TrojanDownloader:Win32/Upatre.AA
Panda : Trj/Chgt.F
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Mal/DrodZp-A
Symantec : Trojan.Zbot
Tencent : Win32.Trojan-downloader.Upatre.Wqmz
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.S.Agent.20992.PD
=================================================
Whois Analysis :
=================================================
high-hollin.org
=================================================
Domain Name:HIGH-HOLLIN.ORG
Domain ID: D153034212-LROR
Creation Date: 2008-06-20T18:34:26Z
Updated Date: 2012-06-19T08:02:22Z
Registry Expiry Date: 2015-06-20T18:34:26Z
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Sponsoring Registrar IANA ID: 69
Domain Status: ok
Registrant ID:tuMZ59PcSs2k5l1K
Registrant Name:Douglas McCowen
Registrant Organization:None
Registrant Street: Riverside Barn
Registrant City:Winford- BRISTOL
Registrant State/Province:Avon
Registrant Postal Code:BS408HJ
Registrant Country:GB
Registrant Phone:+44.7985466869
Registrant Email:dhl_mccowen@hotmail.com
Admin ID:tuMZ59PcSs2k5l1K
Admin Name:Douglas McCowen
Admin Organization:None
Admin Street: Riverside Barn
Admin City:Winford- BRISTOL
Admin State/Province:Avon
Admin Postal Code:BS408HJ
Admin Country:GB
Admin Phone:+44.7985466869
Admin Email:dhl_mccowen@hotmail.com
Tech ID:tu9LIBi0nseyvCgJ
Tech Name:Pickaweb Limited Domains Dpt
Tech Organization:Pickaweb Limited
Tech Street: 7 Marlow Copse
Tech City:Chatham
Tech State/Province:Kent
Tech Postal Code:ME59DP
Tech Country:GB
Tech Phone:+44.8712180841
Tech Email:domains@pickaweb.co.uk
Name Server:NS7.UKHOSTSUPPORT.COM
Name Server:NS8.UKHOSTSUPPORT.COM
=================================================
explicacoesmagicmath.pt
=================================================
Domain Name: explicacoesmagicmath.pt
Creation Date (dd/mm/yyyy): 04/02/2013
Expiration Date (dd/mm/yyyy): 03/02/2015
Status: ACTIVE
Registrant
Francisco Cascao
Rua Francisco sa Miranda Lt 7
538
2975 538
Email: franciscocascao@iol.pt
Entidade Gestora / Billing Contact
EASYHOST - SERVI?OS INTERNET, UNIPESSOAL LDA
Email: dns@easyhost.pt
RACKSPOT LDA
Email: helpdesk@rackspot.com
Nameserver: explicacoesmagicmath.pt NS a.ns.rackspot.com.
Nameserver: explicacoesmagicmath.pt NS b.ns.rackspot.com.
=================================================
Thursday, September 11, 2014
Rép : Swift Payment Confirmation.
Good day,
I tried calling you, but couldn't reach you, Please find attached swift copy of payment made today, And kindly get back to me with all necessary document for shipment.
7/09/14 14:12:20 LOcalOutAcks-2536-0883793
--------------------Instance Type Transission--------------------
Notification (Transmission) of Original sent to SWFT (ACK) Nerwork Delivcr Status Nerwork Ack
Priorty/Delivcry:
Normal
Swift Lnput:
FIN 103 Single Customer Credit Transfer
Sender:
CORUTZTZXXX
CRDB BANK LIMTTED
DAR ES SALAAMTZ
Receivr :
CITTUS32XXX
CITTBANK N.A
NEW YORK ,NY US
---------------------Message Text--------------------
20:Sender's Reference
986/25LUMUMBA
23B:Bank Operation CodcCRED
32A:Val Dte/Curr/Interbnk Settld Amt
Date:7 September 2014
Currency:USD (US DOLLAR)
50K:Ordering Customer- Name & Address
---------------------Message Text--------------------
{CHK:GDF65HET676F}
PKI Signature: MAC-Equivalcnt
---------------------Intervtions---------------------
Caiegory:Nerwork Report
Creation Time:7/09/14 14:12:20
Application:SWTFT Interface
Operato:Systern
Text{1:G2CORUTZTZAXXX4800211}{5189:1331566}{7761:0}{209267349056400}
Regards
Asjad Sayeed/Northern Tannery
Sent from my iPhone
< TT copy.7z >
Virus Analysis :
AVG Inject2.AUZR 20140911
Ad-Aware Gen:Variant.Zusy.105684 20140911
Avira TR/Betabot.A.178 20140911
Baidu-International Trojan.Win32.Neurevt.aJXs 20140911
BitDefender Gen:Variant.Zusy.105684 20140911
Cyren W32/Ransom.QLKF-8999 20140911
DrWeb Trojan.PWS.Stealer.13199 20140911
ESET-NOD32 a variant of Win32/Injector.BLNI 20140911
Emsisoft Gen:Variant.Zusy.105684 (B) 20140911
F-Secure Gen:Variant.Zusy.105684 20140911
Fortinet W32/Neurevt.API!tr 20140911
GData Gen:Variant.Zusy.105684 20140911
Ikarus Trojan.Crypt 20140911
K7AntiVirus Riskware ( 0040eff71 ) 20140910
K7GW Riskware ( 0040eff71 ) 20140910
Kaspersky Trojan.Win32.Neurevt.api 20140911
Kingsoft VIRUS_UNKNOWN 20140911
MicroWorld-eScan Gen:Variant.Zusy.105684 20140911
NANO-Antivirus Trojan.Win32.Stealer.derrjx 20140911
Panda Trj/CI.A 20140910
Sophos Troj/Inject-BCM 20140911
TrendMicro TROJ_GEN.R00JC0EIA14 20140911
Mail analysis :
NOTE : Received : from ebeautiquestore.com (203.175.170.39)
NOTE : Received : from User (unknown [69.26.211.159]) by ebeautiquestore.com
I tried calling you, but couldn't reach you, Please find attached swift copy of payment made today, And kindly get back to me with all necessary document for shipment.
7/09/14 14:12:20 LOcalOutAcks-2536-0883793
--------------------Instance Type Transission--------------------
Notification (Transmission) of Original sent to SWFT (ACK) Nerwork Delivcr Status Nerwork Ack
Priorty/Delivcry:
Normal
Swift Lnput:
FIN 103 Single Customer Credit Transfer
Sender:
CORUTZTZXXX
CRDB BANK LIMTTED
DAR ES SALAAMTZ
Receivr :
CITTUS32XXX
CITTBANK N.A
NEW YORK ,NY US
---------------------Message Text--------------------
20:Sender's Reference
986/25LUMUMBA
23B:Bank Operation CodcCRED
32A:Val Dte/Curr/Interbnk Settld Amt
Date:7 September 2014
Currency:USD (US DOLLAR)
50K:Ordering Customer- Name & Address
---------------------Message Text--------------------
{CHK:GDF65HET676F}
PKI Signature: MAC-Equivalcnt
---------------------Intervtions---------------------
Caiegory:Nerwork Report
Creation Time:7/09/14 14:12:20
Application:SWTFT Interface
Operato:Systern
Text{1:G2CORUTZTZAXXX4800211}{5189:1331566}{7761:0}{209267349056400}
Regards
Asjad Sayeed/Northern Tannery
Sent from my iPhone
< TT copy.7z >
Virus Analysis :
AVG Inject2.AUZR 20140911
Ad-Aware Gen:Variant.Zusy.105684 20140911
Avira TR/Betabot.A.178 20140911
Baidu-International Trojan.Win32.Neurevt.aJXs 20140911
BitDefender Gen:Variant.Zusy.105684 20140911
Cyren W32/Ransom.QLKF-8999 20140911
DrWeb Trojan.PWS.Stealer.13199 20140911
ESET-NOD32 a variant of Win32/Injector.BLNI 20140911
Emsisoft Gen:Variant.Zusy.105684 (B) 20140911
F-Secure Gen:Variant.Zusy.105684 20140911
Fortinet W32/Neurevt.API!tr 20140911
GData Gen:Variant.Zusy.105684 20140911
Ikarus Trojan.Crypt 20140911
K7AntiVirus Riskware ( 0040eff71 ) 20140910
K7GW Riskware ( 0040eff71 ) 20140910
Kaspersky Trojan.Win32.Neurevt.api 20140911
Kingsoft VIRUS_UNKNOWN 20140911
MicroWorld-eScan Gen:Variant.Zusy.105684 20140911
NANO-Antivirus Trojan.Win32.Stealer.derrjx 20140911
Panda Trj/CI.A 20140910
Sophos Troj/Inject-BCM 20140911
TrendMicro TROJ_GEN.R00JC0EIA14 20140911
Mail analysis :
NOTE : Received : from ebeautiquestore.com (203.175.170.39)
NOTE : Received : from User (unknown [69.26.211.159]) by ebeautiquestore.com
Monday, September 8, 2014
Rép : Copy of Shipping Document
Good day,
Attached is the draft copy of your shipping documents including the bill of lading. Kindly check and confirm if every thing is OK so we can proceed with the original documents.
Yanni SHO
Senior Customer Service Executive
Sales & Marketing Dept.
MAERSK SHIPPING LINE S.A.
Main Line: +86 6775 7800
Direct Line: +865 6799 1182
Main Fax: +65 6775 7079
www.***.com
« MAERSK SHIPPING LINE S.A.Sailing ahead with passion since 1978 - to know more… » !
© 2014 Microsoft Terms Privacy & cookies Developers English (United States)
< shipping document.7z >
shipping document.7z is a Virus :
==================================================
Ad-Aware Gen:Variant.Zusy.105684 20140908
BitDefender Gen:Variant.Zusy.105684 20140908
Emsisoft Gen:Variant.Zusy.105684 (B) 20140908
F-Secure Gen:Variant.Zusy.105684 20140907
GData Gen:Variant.Zusy.105684 20140908
==================================================
Email :
==================================================
NOTE : Received : from host.smartpoint.in (69.167.141.142)
NOTE : Received : from [69.26.211.159] (port=51168 helo=User)
NOTE : by host.smartpoint.in with esmtpa (Exim 4.82) (envelope-from < maersk.line@mail.ru >)
NOTE : X-Get-Message-Sender-Via : host.smartpoint.in:
NOTE : authenticated_id: importstut@ruthshipping.com
NOTE : Rép : Copy of Shipping Document
==================================================
Attached is the draft copy of your shipping documents including the bill of lading. Kindly check and confirm if every thing is OK so we can proceed with the original documents.
Yanni SHO
Senior Customer Service Executive
Sales & Marketing Dept.
MAERSK SHIPPING LINE S.A.
Main Line: +86 6775 7800
Direct Line: +865 6799 1182
Main Fax: +65 6775 7079
www.***.com
« MAERSK SHIPPING LINE S.A.Sailing ahead with passion since 1978 - to know more… » !
© 2014 Microsoft Terms Privacy & cookies Developers English (United States)
< shipping document.7z >
shipping document.7z is a Virus :
==================================================
Ad-Aware Gen:Variant.Zusy.105684 20140908
BitDefender Gen:Variant.Zusy.105684 20140908
Emsisoft Gen:Variant.Zusy.105684 (B) 20140908
F-Secure Gen:Variant.Zusy.105684 20140907
GData Gen:Variant.Zusy.105684 20140908
==================================================
Email :
==================================================
NOTE : Received : from host.smartpoint.in (69.167.141.142)
NOTE : Received : from [69.26.211.159] (port=51168 helo=User)
NOTE : by host.smartpoint.in with esmtpa (Exim 4.82) (envelope-from < maersk.line@mail.ru >)
NOTE : X-Get-Message-Sender-Via : host.smartpoint.in:
NOTE : authenticated_id: importstut@ruthshipping.com
NOTE : Rép : Copy of Shipping Document
==================================================
Rép : Swift Payment Confirmation
Good day,
I tried calling you, but couldn't reach you, Please find attached swift copy of payment made today, And kindly get back to me with all necessary document for shipment.
7/09/14 14:12:20 LOcalOutAcks-2536-0883793
--------------------Instance Type Transission--------------------
Notification (Transmission) of Original sent to SWFT (ACK)
Nerwork Delivcr Status Nerwork Ack
Priorty/Delivcry : Normal
Swift Lnput : FIN 103 Single Customer Credit Transfer
Sender :
CORUTZTZXXX
CRDB BANK LIMTTED
DAR ES SALAAMTZ
Receivr :
CITTUS32XXX
CITTBANK N.A
NEW YORK ,NY US
---------------------Message Text--------------------
20: Sender's Reference 986/25LUMUMBA
23B: Bank Operation Codc CRED
32A: Val Dte/Curr/Interbnk Settld Amt
Date : 7 September 2014
Currency : USD (US DOLLAR)
50K: Ordering Customer- Name & Address
---------------------Message Text--------------------
{CHK:GDF65HET676F}
PKI Signature: MAC-Equivalcnt
---------------------Intervtions---------------------
Caiegory :Nerwork Report
Creation Time :7/09/14 14:12:20
Application :SWTFT Interface
Operato :Systern
Text {1:G2CORUTZTZAXXX4800211}{5189:1331566}{7761:0}{209267349056400}
Regards
Asjad Sayeed/Northern Tannery
Sent from my iPhone
< TTcopy.pdf.7z >
TTcopy.pdf.7z is a Virus :
==================================================
Ad-Aware Gen:Variant.Zusy.105684 20140908
BitDefender Gen:Variant.Zusy.105684 20140908
Emsisoft Gen:Variant.Zusy.105684 (B) 20140908
F-Secure Gen:Variant.Zusy.105684 20140907
GData Gen:Variant.Zusy.105684 20140908
MicroWorld-eScan Gen:Variant.Zusy.105684 20140908
Qihoo-360 Malware.QVM10.Gen 20140908
==================================================
Email :
==================================================
NOTE : Return-Path : < asjadsayeed_norther@yahoo.co.in >
NOTE : Received : from host.smartpoint.in (69.167.141.142)
NOTE : Received : from [69.26.211.159] (port=43568 helo=User) by host.smartpoint.in with esmtpa (Exim 4.82)
NOTE : X-Get-Message-Sender-Via : host.smartpoint.in: authenticated_id: importstut@ruthshipping.com
NOTE : Rép : Swift Payment Confirmation
==================================================
rutshipping.com WHOIS :
==================================================
Whois Record Not Available... This domain is not registered.
==================================================
smartpoint.in WHOIS :
==================================================
Domain ID:D4313329-AFIN
Domain Name:SMARTPOINT.IN
Created On:03-Jul-2010 06:30:55 UTC
Last Updated On:04-Jul-2011 04:21:17 UTC
Expiration Date:03-Jul-2016 06:30:55 UTC
Sponsoring Registrar:GoDaddy.com, LLC (R101-AFIN)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR51331545
Registrant Name:Domain Manager
Registrant Organization:SmartPoint Technologies Pvt Ltd
Registrant Street1:Type II/17, Dr. VSI Estate,
Registrant Street2:Thiruvanmiyur
Registrant City:Chennai
Registrant State/Province:Tamil Nadu
Registrant Postal Code:600041
Registrant Country:IN
Registrant Phone:+91.4442005353
Admin ID:CR51331549
Admin Name:Domain Manager
Admin Organization:SmartPoint Technologies Pvt Ltd
Admin Street1:Type II/17, Dr. VSI Estate,
Admin Street2:Thiruvanmiyur
Admin City:Chennai
Admin State/Province:Tamil Nadu
Admin Postal Code:600041
Admin Country:IN
Admin Phone:+91.4442005353
Tech ID:CR51331547
Tech Name:Domain Manager
Tech Organization:SmartPoint Technologies Pvt Ltd
Tech Street1:Type II/17, Dr. VSI Estate,
Tech Street2:Thiruvanmiyur
Tech State/Province:Tamil Nadu
Tech Postal Code:600041
Tech Country:IN
Tech Phone:+91.4442005353
Name Server:NS.LIQUIDWEB.COM
Name Server:NS1.LIQUIDWEB.COM
DNSSEC:Unsigned
==================================================
I tried calling you, but couldn't reach you, Please find attached swift copy of payment made today, And kindly get back to me with all necessary document for shipment.
7/09/14 14:12:20 LOcalOutAcks-2536-0883793
--------------------Instance Type Transission--------------------
Notification (Transmission) of Original sent to SWFT (ACK)
Nerwork Delivcr Status Nerwork Ack
Priorty/Delivcry : Normal
Swift Lnput : FIN 103 Single Customer Credit Transfer
Sender :
CORUTZTZXXX
CRDB BANK LIMTTED
DAR ES SALAAMTZ
Receivr :
CITTUS32XXX
CITTBANK N.A
NEW YORK ,NY US
---------------------Message Text--------------------
20: Sender's Reference 986/25LUMUMBA
23B: Bank Operation Codc CRED
32A: Val Dte/Curr/Interbnk Settld Amt
Date : 7 September 2014
Currency : USD (US DOLLAR)
50K: Ordering Customer- Name & Address
---------------------Message Text--------------------
{CHK:GDF65HET676F}
PKI Signature: MAC-Equivalcnt
---------------------Intervtions---------------------
Caiegory :Nerwork Report
Creation Time :7/09/14 14:12:20
Application :SWTFT Interface
Operato :Systern
Text {1:G2CORUTZTZAXXX4800211}{5189:1331566}{7761:0}{209267349056400}
Regards
Asjad Sayeed/Northern Tannery
Sent from my iPhone
< TTcopy.pdf.7z >
TTcopy.pdf.7z is a Virus :
==================================================
Ad-Aware Gen:Variant.Zusy.105684 20140908
BitDefender Gen:Variant.Zusy.105684 20140908
Emsisoft Gen:Variant.Zusy.105684 (B) 20140908
F-Secure Gen:Variant.Zusy.105684 20140907
GData Gen:Variant.Zusy.105684 20140908
MicroWorld-eScan Gen:Variant.Zusy.105684 20140908
Qihoo-360 Malware.QVM10.Gen 20140908
==================================================
Email :
==================================================
NOTE : Return-Path : < asjadsayeed_norther@yahoo.co.in >
NOTE : Received : from host.smartpoint.in (69.167.141.142)
NOTE : Received : from [69.26.211.159] (port=43568 helo=User) by host.smartpoint.in with esmtpa (Exim 4.82)
NOTE : X-Get-Message-Sender-Via : host.smartpoint.in: authenticated_id: importstut@ruthshipping.com
NOTE : Rép : Swift Payment Confirmation
==================================================
rutshipping.com WHOIS :
==================================================
Whois Record Not Available... This domain is not registered.
==================================================
smartpoint.in WHOIS :
==================================================
Domain ID:D4313329-AFIN
Domain Name:SMARTPOINT.IN
Created On:03-Jul-2010 06:30:55 UTC
Last Updated On:04-Jul-2011 04:21:17 UTC
Expiration Date:03-Jul-2016 06:30:55 UTC
Sponsoring Registrar:GoDaddy.com, LLC (R101-AFIN)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR51331545
Registrant Name:Domain Manager
Registrant Organization:SmartPoint Technologies Pvt Ltd
Registrant Street1:Type II/17, Dr. VSI Estate,
Registrant Street2:Thiruvanmiyur
Registrant City:Chennai
Registrant State/Province:Tamil Nadu
Registrant Postal Code:600041
Registrant Country:IN
Registrant Phone:+91.4442005353
Admin ID:CR51331549
Admin Name:Domain Manager
Admin Organization:SmartPoint Technologies Pvt Ltd
Admin Street1:Type II/17, Dr. VSI Estate,
Admin Street2:Thiruvanmiyur
Admin City:Chennai
Admin State/Province:Tamil Nadu
Admin Postal Code:600041
Admin Country:IN
Admin Phone:+91.4442005353
Tech ID:CR51331547
Tech Name:Domain Manager
Tech Organization:SmartPoint Technologies Pvt Ltd
Tech Street1:Type II/17, Dr. VSI Estate,
Tech Street2:Thiruvanmiyur
Tech State/Province:Tamil Nadu
Tech Postal Code:600041
Tech Country:IN
Tech Phone:+91.4442005353
Name Server:NS.LIQUIDWEB.COM
Name Server:NS1.LIQUIDWEB.COM
DNSSEC:Unsigned
==================================================
Saturday, September 6, 2014
Urgent Order P.O #64535 Signed
Good day,
One of our valuable customer introduced your company to us and we like to place a order with your company,
We need your product for a huge Government Contract supply.
Attached is our signed PURCHASE ORDER made from your list of your products that we want to order.
Kindly send us proforma invoice with payment method for urgent remitance
Your quick reply will be appreciated.
Hazan Malik
Dharma Trading Co.
Add: Box No. 64556, Dubai, Emirates - Manager
Direct Line: +01 917-864-8849
www.***.com
< PO 64535.7z >
AVG Inject2.AUJF 20140905
Ad-Aware Trojan.GenericKD.1843216 20140906
Baidu-International Trojan.Win32.Injector.bBLHL 20140905
BitDefender Trojan.GenericKD.1843216 20140906
ESET-NOD32 a variant of Win32/Injector.BLHL 20140905
Emsisoft Trojan.GenericKD.1843216 (B) 20140906
F-Secure Trojan.GenericKD.1843216 20140906
Fortinet W32/BLHL!tr 20140906
GData Trojan.GenericKD.1843216 20140906
MicroWorld-eScan Trojan.GenericKD.1843216 20140906
One of our valuable customer introduced your company to us and we like to place a order with your company,
We need your product for a huge Government Contract supply.
Attached is our signed PURCHASE ORDER made from your list of your products that we want to order.
Kindly send us proforma invoice with payment method for urgent remitance
Your quick reply will be appreciated.
Hazan Malik
Dharma Trading Co.
Add: Box No. 64556, Dubai, Emirates - Manager
Direct Line: +01 917-864-8849
www.***.com
< PO 64535.7z >
AVG Inject2.AUJF 20140905
Ad-Aware Trojan.GenericKD.1843216 20140906
Baidu-International Trojan.Win32.Injector.bBLHL 20140905
BitDefender Trojan.GenericKD.1843216 20140906
ESET-NOD32 a variant of Win32/Injector.BLHL 20140905
Emsisoft Trojan.GenericKD.1843216 (B) 20140906
F-Secure Trojan.GenericKD.1843216 20140906
Fortinet W32/BLHL!tr 20140906
GData Trojan.GenericKD.1843216 20140906
MicroWorld-eScan Trojan.GenericKD.1843216 20140906
RE: Packing List and Invoice
Hi ,
We have loaded your the truck .
It will arrive on 09/09 before 17:00 but I probably will tomorrow confirm the time exactly.
Here is the packing list and invoice.
Kind regards,
Myriam
Logistics Department
< INVOICE.pdf.7z >
AVG Inject2.AUJF 20140905
Ad-Aware Trojan.GenericKD.1843216 20140906
Baidu-International Trojan.Win32.Injector.bBLHL 20140905
BitDefender Trojan.GenericKD.1843216 20140906
ESET-NOD32 a variant of Win32/Injector.BLHL 20140905
Emsisoft Trojan.GenericKD.1843216 (B) 20140906
F-Secure Trojan.GenericKD.1843216 20140906
Fortinet W32/BLHL!tr 20140906
GData Trojan.GenericKD.1843216 20140906
MicroWorld-eScan Trojan.GenericKD.1843216 20140906
NOTE : spbmarketing@samlling.com
NOTE : RE: Packing List and Invoice
NOTE : Received : from nov-007-i464.relay.mailchannels.net (HELO relay.mailchannels.net) (46.232.183.18)
NOTE : Received : from artwork.mysitehosted.com (ip-10-236-1-24.us-west-2.compute.internal [10.236.1.24])
NOTE : by relay.mailchannels.net (Postfix)
NOTE : Received : from artwork.mysitehosted.com (artwork.mysitehosted.com [10.253.92.5])
NOTE : Received : from [69.26.211.159] (port=34868 helo=User)
NOTE : by artwork.mysitehosted.com with esmtpa (Exim 4.82)
NOTE : (envelope-from )
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mc-Relay : Bad
NOTE : X-Mailchannels-Senderid : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mailchannels-Auth-Id : arvixe
NOTE : X-Authuser : sales@almadadd.net
NOTE : RE: Packing List and Invoice
We have loaded your the truck .
It will arrive on 09/09 before 17:00 but I probably will tomorrow confirm the time exactly.
Here is the packing list and invoice.
Kind regards,
Myriam
Logistics Department
< INVOICE.pdf.7z >
AVG Inject2.AUJF 20140905
Ad-Aware Trojan.GenericKD.1843216 20140906
Baidu-International Trojan.Win32.Injector.bBLHL 20140905
BitDefender Trojan.GenericKD.1843216 20140906
ESET-NOD32 a variant of Win32/Injector.BLHL 20140905
Emsisoft Trojan.GenericKD.1843216 (B) 20140906
F-Secure Trojan.GenericKD.1843216 20140906
Fortinet W32/BLHL!tr 20140906
GData Trojan.GenericKD.1843216 20140906
MicroWorld-eScan Trojan.GenericKD.1843216 20140906
NOTE : spbmarketing@samlling.com
NOTE : RE: Packing List and Invoice
NOTE : Received : from nov-007-i464.relay.mailchannels.net (HELO relay.mailchannels.net) (46.232.183.18)
NOTE : Received : from artwork.mysitehosted.com (ip-10-236-1-24.us-west-2.compute.internal [10.236.1.24])
NOTE : by relay.mailchannels.net (Postfix)
NOTE : Received : from artwork.mysitehosted.com (artwork.mysitehosted.com [10.253.92.5])
NOTE : Received : from [69.26.211.159] (port=34868 helo=User)
NOTE : by artwork.mysitehosted.com with esmtpa (Exim 4.82)
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mc-Relay : Bad
NOTE : X-Mailchannels-Senderid : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mailchannels-Auth-Id : arvixe
NOTE : X-Authuser : sales@almadadd.net
NOTE : RE: Packing List and Invoice
RE: New Shipment from China
Good day,
Attached is the draft copy of your shipping documents including the bill of lading. Kindly check and confirm if every thing is OK so we can proceed with the original documents.
Yanni SHO
Senior Customer Service Executive
Sales & Marketing Dept.
MAERSK SHIPPING LINE S.A.
Main Line: +86 6775 7800
Direct Line: +865 6799 1182
Main Fax: +65 6775 7079
www.***.com
« MAERSK SHIPPING LINE S.A.Sailing ahead with passion since 1978 - to know more… » !
© 2014 Microsoft Terms Privacy & cookies Developers English (United States)
< Shipping Doc.7z >
AVG Inject2.AUJF 20140905
Ad-Aware Trojan.GenericKD.1843216 20140906
Baidu-International Trojan.Win32.Injector.bBLHL 20140905
BitDefender Trojan.GenericKD.1843216 20140906
ESET-NOD32 a variant of Win32/Injector.BLHL 20140905
Emsisoft Trojan.GenericKD.1843216 (B) 20140906
F-Secure Trojan.GenericKD.1843216 20140906
Fortinet W32/BLHL!tr 20140906
GData Trojan.GenericKD.1843216 20140906
MicroWorld-eScan Trojan.GenericKD.1843216 20140906
NOTE : Return-Path : < maersk.line@mail.ru >
NOTE : Received : from nov-007-i623.relay.mailchannels.net (HELO relay.mailchannels.net) (46.232.183.177)
NOTE : Received : from artwork.mysitehosted.com (ip-10-213-14-133.us-west-2.compute.internal [10.213.14.133])
NOTE : Received : from artwork.mysitehosted.com (artwork.mysitehosted.com [10.253.92.5])
NOTE : (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.2.13);
NOTE : Received : from [69.26.211.159] (port=37126 helo=User) by artwork.mysitehosted.com with esmtpa (Exim 4.82)
NOTE : (envelope-from)
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mailchannels-Senderid : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mailchannels-Auth-Id : arvixe
NOTE : X-Authuser : sales@almadadd.net
NOTE : RE: New Shipment from China
Attached is the draft copy of your shipping documents including the bill of lading. Kindly check and confirm if every thing is OK so we can proceed with the original documents.
Yanni SHO
Senior Customer Service Executive
Sales & Marketing Dept.
MAERSK SHIPPING LINE S.A.
Main Line: +86 6775 7800
Direct Line: +865 6799 1182
Main Fax: +65 6775 7079
www.***.com
« MAERSK SHIPPING LINE S.A.Sailing ahead with passion since 1978 - to know more… » !
© 2014 Microsoft Terms Privacy & cookies Developers English (United States)
< Shipping Doc.7z >
AVG Inject2.AUJF 20140905
Ad-Aware Trojan.GenericKD.1843216 20140906
Baidu-International Trojan.Win32.Injector.bBLHL 20140905
BitDefender Trojan.GenericKD.1843216 20140906
ESET-NOD32 a variant of Win32/Injector.BLHL 20140905
Emsisoft Trojan.GenericKD.1843216 (B) 20140906
F-Secure Trojan.GenericKD.1843216 20140906
Fortinet W32/BLHL!tr 20140906
GData Trojan.GenericKD.1843216 20140906
MicroWorld-eScan Trojan.GenericKD.1843216 20140906
NOTE : Return-Path : < maersk.line@mail.ru >
NOTE : Received : from nov-007-i623.relay.mailchannels.net (HELO relay.mailchannels.net) (46.232.183.177)
NOTE : Received : from artwork.mysitehosted.com (ip-10-213-14-133.us-west-2.compute.internal [10.213.14.133])
NOTE : Received : from artwork.mysitehosted.com (artwork.mysitehosted.com [10.253.92.5])
NOTE : (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.2.13);
NOTE : Received : from [69.26.211.159] (port=37126 helo=User) by artwork.mysitehosted.com with esmtpa (Exim 4.82)
NOTE : (envelope-from
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Sender-Id : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mailchannels-Senderid : arvixe|x-authuser|sales@almadadd.net
NOTE : X-Mailchannels-Auth-Id : arvixe
NOTE : X-Authuser : sales@almadadd.net
NOTE : RE: New Shipment from China
Subscribe to:
Posts (Atom)