Good day,
Pls find attached the Inquiry specification list, kindly send us quotation.
Thanks & Best Regards,
Sashi Ranjan Rath
osco Excellence
Tel 1 (i250) : 870 773210230
Tel 2 (FB250) : 870 773208568
Tel 3 (F-77) : 870 765 091 412
Tel 4 (F-77) : 870 765 091 411
Fax: 870 765091413
Sat C 1 (Tlx): 447703830
Sat C 2 (Tlx): 447703831
Email: ismaelcarrillo_zf@yahoo.com
Order 4223.zip
File analysis :
OPEN : Order 4223.zip
RESULT : File is a virus.
Virus analysis :
SHA256: 387b4893e924421f9e91f1ee2a938b9017fe30f3bfae07abbfbf0d1b121d98fa
Baidu-International : Adware.MSIL.iBryte.DFE
ESET-NOD32 : a variant of MSIL/Kryptik.DFE
Malwarebytes : Trojan.ZBAgent.RNDGen
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Rising : PE:Malware.Generic/QRS!1.9E2D[F1]
Sophos : Mal/Generic-S
Tencent : Win32.Trojan.Inject.Auto
Email analysis :
NOTE : stefano.sambucci@transpacific.com
NOTE : ismaelcarrillo_zf@yahoo.com
NOTE : Received : from so199-177.asiawhere.com (219.84.199.177)
NOTE : Received : from 41.190.2.39 ([41.190.2.39])
NOTE : by webmail.mimifund.com (Horde Framework)
NOTE : User-Agent : Internet Messaging Program (IMP) H3 (4.3.9)
NOTE : Return-Path : < stefano.sambucci@transpacific.com >
NOTE : X-No-Auth : unauthenticated sender
Tuesday, September 1, 2015
Monday, August 31, 2015
Notice to Appear
Notice to Appear,
This is to inform you to appear in the Court on the September 02 for your case hearing. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.
The copy of Court Notice is attached to this email.
Regards,
Gary Noble,
Court Secretary.
000475484.zip
File analysis :
OPEN : 000475484.zip
RESULT : File is a virus.
Virus analysis :
SHA256 : 0c8d2b8cba6611097793124c3dac9e9313207ba8857b41330ca021c89f52c82f
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AV
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan-Downloader.JS.Agent.hhe
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN
Email analysis :
NOTE : Notice to Appear
NOTE : gary.noble@wayneshostingworld.co.uk
NOTE : Received : from doggroom by server.wayneshostingworld.co.uk with local (Exim 4.85)
NOTE : Received : from server.wayneshostingworld.co.uk (wayneshostingworld.co.uk. [78.129.234.106])
NOTE : X-Php-Script : doggroomingparlour.co.uk/post.php for 77.111.207.70
This is to inform you to appear in the Court on the September 02 for your case hearing. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.
The copy of Court Notice is attached to this email.
Regards,
Gary Noble,
Court Secretary.
000475484.zip
File analysis :
OPEN : 000475484.zip
RESULT : File is a virus.
Virus analysis :
SHA256 : 0c8d2b8cba6611097793124c3dac9e9313207ba8857b41330ca021c89f52c82f
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AV
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan-Downloader.JS.Agent.hhe
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN
Email analysis :
NOTE : Notice to Appear
NOTE : gary.noble@wayneshostingworld.co.uk
NOTE : Received : from doggroom by server.wayneshostingworld.co.uk with local (Exim 4.85)
NOTE : Received : from server.wayneshostingworld.co.uk (wayneshostingworld.co.uk. [78.129.234.106])
NOTE : X-Php-Script : doggroomingparlour.co.uk/post.php for 77.111.207.70
Thursday, August 27, 2015
Indebtedness for driving on toll road #000948265 (Virus)
Notice to Appear,
You have not paid for driving on a toll road.
You are kindly asked to pay your debt as soon as possible.
The copy of the invoice is attached to this email.
Sincerely,
Thomas Gorman,
E-ZPass Agent.
E-ZPass_Invoice_000948265.zip
File analysis :
OPEN FILE : E-ZPass_Invoice_000948265.zip
RESULT : FILE IS A VIRUS
Virus analysis :
SHA256 : 5ec5b13bbf1d2a2179168acfaec53da59afa6b8ca480930e1b56d996b51dd140
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AS
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan.JS.Agent.cpl
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
MicroWorld-eScan : JS:Trojan.JS.Downloader.AN
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN
Email analysis :
NOTE : thomas.gorman@jerusalem.hostyou.com.br
NOTE : client-ip=104.238.195.142;
NOTE : Sender Address Domain - jerusalem.hostyou.com.br
NOTE : X-Source-Args : /usr/bin/php /home/centova/public_html/coisaseria.com.br/post.php
NOTE : < centova@jerusalem.hostyou.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Source-Dir : centova.com:/public_html/coisaseria.com.br
NOTE : X-Priority : 3
NOTE : X-Get-Message-Sender-Via : jerusalem.hostyou.com.br:
NOTE : authenticated_id: centova/primary_hostname/system user
NOTE : X-Source : /usr/bin/php
NOTE : Received : by 10.202.17.82 with SMTP
NOTE : Received : from centova by jerusalem.hostyou.com.br
NOTE : Indebtedness for driving on toll road #000948265
You have not paid for driving on a toll road.
You are kindly asked to pay your debt as soon as possible.
The copy of the invoice is attached to this email.
Sincerely,
Thomas Gorman,
E-ZPass Agent.
E-ZPass_Invoice_000948265.zip
File analysis :
OPEN FILE : E-ZPass_Invoice_000948265.zip
RESULT : FILE IS A VIRUS
Virus analysis :
SHA256 : 5ec5b13bbf1d2a2179168acfaec53da59afa6b8ca480930e1b56d996b51dd140
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AS
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan.JS.Agent.cpl
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
MicroWorld-eScan : JS:Trojan.JS.Downloader.AN
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN
Email analysis :
NOTE : thomas.gorman@jerusalem.hostyou.com.br
NOTE : client-ip=104.238.195.142;
NOTE : Sender Address Domain - jerusalem.hostyou.com.br
NOTE : X-Source-Args : /usr/bin/php /home/centova/public_html/coisaseria.com.br/post.php
NOTE : < centova@jerusalem.hostyou.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Source-Dir : centova.com:/public_html/coisaseria.com.br
NOTE : X-Priority : 3
NOTE : X-Get-Message-Sender-Via : jerusalem.hostyou.com.br:
NOTE : authenticated_id: centova/primary_hostname/system user
NOTE : X-Source : /usr/bin/php
NOTE : Received : by 10.202.17.82 with SMTP
NOTE : Received : from centova by jerusalem.hostyou.com.br
NOTE : Indebtedness for driving on toll road #000948265
Friday, July 24, 2015
Inquiry
Dear Sir,
Refers to the new order raised to your company,
Attached please find the order and swift copy of the last shipment.
Kindly open the PDF file to view details
Regards
Thanks & Regards,
Michail Harik
CMT executive – Platinum Team
Aramex Doha – Doha, Qatar
Tel +974 44200193
aramex.com
pr.no.567890.docx
File analysis :
File : pr.no.567890.docx
SHA256 : dbdb40864695b3e8ffd980f051d829b38fb38bbd93711cfb2188165cc58c0ec9
NOTE : File pr.no.567890.docx is a virus
AVG : PSW.Generic12.CAPW
Ad-Aware : Trojan.GenericKD.2591074
Arcabit Trojan.Generic.D278962
Avast : MSIL:Zbot-Z [Trj]
Avira : TR/Dropper.MSIL.173869
BitDefender : Trojan.GenericKD.2591074
DrWeb : Trojan.PWS.Siggen1.39434
ESET-NOD32 : a variant of MSIL/Injector.KXP
Emsisoft : Trojan.GenericKD.2591074 (B)
F-Secure : Trojan.GenericKD.2591074
Fortinet : MSIL/Injector.KSL!tr
GData : Trojan.GenericKD.2591074
Ikarus : Trojan.MSIL.Injector
Kaspersky : Trojan-Dropper.Win32.Sysn.batm
McAfee : PWS-FCDG!4A71EF2B2FA1
McAfee-GW-Edition : PWS-FCDG!4A71EF2B2FA1
MicroWorld-eScan : Trojan.GenericKD.2591074
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Symantec : Infostealer.Limitail
Email analysis :
NOTE : info@paltinum.com
NOTE : X-Sender-Id : nisakorn@thai-nichi.com
NOTE : X-Msmail-Priority : Normal
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : client-ip=173.203.6.144;
NOTE : Received : from smtp144.ord.emailsrvr.com
NOTE : (smtp144.ord.emailsrvr.com. [173.203.6.144])
NOTE : Received : from smtp27.relay.ord1a.emailsrvr.com
NOTE : (localhost.localdomain [127.0.0.1]) by smtp27.relay.ord1a.emailsrvr.com
NOTE : Received : by smtp27.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
NOTE : Received : from User ([UNAVAILABLE]. [66.76.199.160])
NOTE : by 0.0.0.0:25 (trex/5.4.2)
NOTE : Inquiry
Refers to the new order raised to your company,
Attached please find the order and swift copy of the last shipment.
Kindly open the PDF file to view details
Regards
Thanks & Regards,
Michail Harik
CMT executive – Platinum Team
Aramex Doha – Doha, Qatar
Tel +974 44200193
aramex.com
pr.no.567890.docx
File analysis :
File : pr.no.567890.docx
SHA256 : dbdb40864695b3e8ffd980f051d829b38fb38bbd93711cfb2188165cc58c0ec9
NOTE : File pr.no.567890.docx is a virus
AVG : PSW.Generic12.CAPW
Ad-Aware : Trojan.GenericKD.2591074
Arcabit Trojan.Generic.D278962
Avast : MSIL:Zbot-Z [Trj]
Avira : TR/Dropper.MSIL.173869
BitDefender : Trojan.GenericKD.2591074
DrWeb : Trojan.PWS.Siggen1.39434
ESET-NOD32 : a variant of MSIL/Injector.KXP
Emsisoft : Trojan.GenericKD.2591074 (B)
F-Secure : Trojan.GenericKD.2591074
Fortinet : MSIL/Injector.KSL!tr
GData : Trojan.GenericKD.2591074
Ikarus : Trojan.MSIL.Injector
Kaspersky : Trojan-Dropper.Win32.Sysn.batm
McAfee : PWS-FCDG!4A71EF2B2FA1
McAfee-GW-Edition : PWS-FCDG!4A71EF2B2FA1
MicroWorld-eScan : Trojan.GenericKD.2591074
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Symantec : Infostealer.Limitail
Email analysis :
NOTE : info@paltinum.com
NOTE : X-Sender-Id : nisakorn@thai-nichi.com
NOTE : X-Msmail-Priority : Normal
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : client-ip=173.203.6.144;
NOTE : Received : from smtp144.ord.emailsrvr.com
NOTE : (smtp144.ord.emailsrvr.com. [173.203.6.144])
NOTE : Received : from smtp27.relay.ord1a.emailsrvr.com
NOTE : (localhost.localdomain [127.0.0.1]) by smtp27.relay.ord1a.emailsrvr.com
NOTE : Received : by smtp27.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
NOTE : Received : from User ([UNAVAILABLE]. [66.76.199.160])
NOTE : by 0.0.0.0:25 (trex/5.4.2)
NOTE : Inquiry
Monday, July 20, 2015
Order for Sp/LLC /2015 (Virus)
Dear Sir/Madam,
It was nice to see you again. In attachment you will find the order for Sp/LLC /2015 Please first confirm the price with us. If you have any question about the changes, please ask. In attachment also the logo’s for NieZoe Woven Label new. I know the woven label NieZoe you have to take more quantity. Please let us know the quantity and price. We can use in future also.
Thank you in advance.
Met vriendelijke groet,
Best regards,
Mit Mreundlichen Krussen,
logo
Larlou Lvan Looten
Sales Manager
Nmbyerstraat Noord 162 | 6225 EJ Maastricht The Netherlands | HR14054804 VAT NL809075957B00
T 0031 43 3521470
File analysis :
SHA256 : cc4db92ec0f923c02171c746fd8417b6763257d9a2fcfd6b30818da344791ea3
Filename : Sp-LLC -2015.docx
ALYac : Gen:Variant.Kazy.679360
Ad-Aware : Gen:Variant.Kazy.679360
Arcabit : Trojan.Kazy.DA5DC0
BitDefender : Gen:Variant.Kazy.679360
DrWeb : BackDoor.Bladabindi.1056
ESET-NOD32 : a variant of MSIL/Injector.KSL
Emsisoft : Gen:Variant.Kazy.679360 (B)
F-Secure : Gen:Variant.Kazy.679360
Fortinet : MSIL/Injector.KSL!tr
GData : Gen:Variant.Kazy.679360
Kaspersky : HEUR:Trojan.Win32.Generic
MicroWorld-eScan : Gen:Variant.Kazy.679360
TrendMicro-HouseCall : TROJ_GE.856647F7
Email analysis :
NOTE : NieZoe@NieZoe.COM
NOTE : nisakorn@thai-nichi.com
NOTE : Received : from User ([UNAVAILABLE].
NOTE : [66.76.199.160]) by 0.0.0.0:25 (trex/5.4.2);
NOTE : Received : by smtp24.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
It was nice to see you again. In attachment you will find the order for Sp/LLC /2015 Please first confirm the price with us. If you have any question about the changes, please ask. In attachment also the logo’s for NieZoe Woven Label new. I know the woven label NieZoe you have to take more quantity. Please let us know the quantity and price. We can use in future also.
Thank you in advance.
Met vriendelijke groet,
Best regards,
Mit Mreundlichen Krussen,
logo
Larlou Lvan Looten
Sales Manager
Nmbyerstraat Noord 162 | 6225 EJ Maastricht The Netherlands | HR14054804 VAT NL809075957B00
T 0031 43 3521470
File analysis :
SHA256 : cc4db92ec0f923c02171c746fd8417b6763257d9a2fcfd6b30818da344791ea3
Filename : Sp-LLC -2015.docx
ALYac : Gen:Variant.Kazy.679360
Ad-Aware : Gen:Variant.Kazy.679360
Arcabit : Trojan.Kazy.DA5DC0
BitDefender : Gen:Variant.Kazy.679360
DrWeb : BackDoor.Bladabindi.1056
ESET-NOD32 : a variant of MSIL/Injector.KSL
Emsisoft : Gen:Variant.Kazy.679360 (B)
F-Secure : Gen:Variant.Kazy.679360
Fortinet : MSIL/Injector.KSL!tr
GData : Gen:Variant.Kazy.679360
Kaspersky : HEUR:Trojan.Win32.Generic
MicroWorld-eScan : Gen:Variant.Kazy.679360
TrendMicro-HouseCall : TROJ_GE.856647F7
Email analysis :
NOTE : NieZoe@NieZoe.COM
NOTE : nisakorn@thai-nichi.com
NOTE : Received : from User ([UNAVAILABLE].
NOTE : [66.76.199.160]) by 0.0.0.0:25 (trex/5.4.2);
NOTE : Received : by smtp24.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
Friday, July 17, 2015
Temos uma mensagem para voce - Alfa
Boleto de Cobrança Referente ao pedido: 00197742
Caro(a) cliente
Informo que a duplicata com vencimento em 05/07 no valor de R$2.554,07 não foi paga.
Faça o download da 2ª via da duplicata atualizada para pagamento.
Download boleto atualizado
Aguardamos o pagamento do boleto. O não pagamento do acordo nos prazos estabelecidos
acarretara multa e juros de mora de 0,5% (meio por cento) ao dia.
Atenciosamente.
Aldo A. Silva
Setor Financeiro.
Alfa finaceira Ltda
CNPJ: 61.198.164/0001-60
ref: 933170
[Time_long]
Virus analysis
CLICK : Download boleto atualizado
OPEN : http://bit.ly/1e0X1SA
DOWNLOAD FILE : Documento_N_908301238HAK38-31.zip
SHA256 : 50fb97d11dc2dfd85ebf2242aa8919829ac955906094f1868d13dadabda45ffe
Avast : Win32:Malware-gen
Baidu-International : Trojan.Win32.Downloader.aa
DrWeb : Trojan.MulDrop5.63051
Kaspersky : HEUR:Trojan-Downloader.Win32.Generic
Sophos : Mal/BredoZp-B
Email analysis :
NOTE : melissa.santana@trifil.com.br
NOTE : Received : from vps2477.vpsunit.com (83.125.87.89)
NOTE : 83.125.87.89 (vps2477.vpsunit.com)
Caro(a) cliente
Informo que a duplicata com vencimento em 05/07 no valor de R$2.554,07 não foi paga.
Faça o download da 2ª via da duplicata atualizada para pagamento.
Download boleto atualizado
Aguardamos o pagamento do boleto. O não pagamento do acordo nos prazos estabelecidos
acarretara multa e juros de mora de 0,5% (meio por cento) ao dia.
Atenciosamente.
Aldo A. Silva
Setor Financeiro.
Alfa finaceira Ltda
CNPJ: 61.198.164/0001-60
ref: 933170
[Time_long]
Virus analysis
CLICK : Download boleto atualizado
OPEN : http://bit.ly/1e0X1SA
DOWNLOAD FILE : Documento_N_908301238HAK38-31.zip
SHA256 : 50fb97d11dc2dfd85ebf2242aa8919829ac955906094f1868d13dadabda45ffe
Avast : Win32:Malware-gen
Baidu-International : Trojan.Win32.Downloader.aa
DrWeb : Trojan.MulDrop5.63051
Kaspersky : HEUR:Trojan-Downloader.Win32.Generic
Sophos : Mal/BredoZp-B
Email analysis :
NOTE : melissa.santana@trifil.com.br
NOTE : Received : from vps2477.vpsunit.com (83.125.87.89)
NOTE : 83.125.87.89 (vps2477.vpsunit.com)
Rép : Purchase Order
Good day,
I am Sandra Matinez from Garnet Chemicals Here in Tennessee Unites State. We am urgently in need of the attached product please send us more details and quote your best price of the product .
I are looking forward to your early reply.
Regards,
Regards
Sandra
Garnet Chemical
150 East 58th Street
Main Floor A+D Building - 10155
Tennessee, City, Chattanooga
Direct Mobile: +14237098388
Email: sandra.matinz@aol.com
Email: sandra.m@garnetchemicals.com
Purchase Order.ace
File analysis : Purchase Order.ace
SHA256 : ac5a73fa12ef31c352342af6fa0c1afc7b4731044d575dbbcff92a0ed00b3454
AVG : Luhe.Fiha.A
ESET-NOD32 : a variant of MSIL/Injector.KUC
Ikarus : Trojan.MSIL.Injector
Sophos : Mal/DrodAce-A
Email analysis :
NOTE : sandra.matinz@aol.com
NOTE : smatinz@hitachi-koki.com.sg
NOTE : Received : from [52.2.188.185]
NOTE : (account prohorova@wiegand-logistics.ru HELO WIN-POBK0T90HNH.ec2.internal)
NOTE : by backend12.aha.ru (CommuniGate Pro SMTP 4.3.11)
NOTE : Received : from aha.ru (backend12.aha.ru. [62.113.86.201])
I am Sandra Matinez from Garnet Chemicals Here in Tennessee Unites State. We am urgently in need of the attached product please send us more details and quote your best price of the product .
I are looking forward to your early reply.
Regards,
Regards
Sandra
Garnet Chemical
150 East 58th Street
Main Floor A+D Building - 10155
Tennessee, City, Chattanooga
Direct Mobile: +14237098388
Email: sandra.matinz@aol.com
Email: sandra.m@garnetchemicals.com
Purchase Order.ace
File analysis : Purchase Order.ace
SHA256 : ac5a73fa12ef31c352342af6fa0c1afc7b4731044d575dbbcff92a0ed00b3454
AVG : Luhe.Fiha.A
ESET-NOD32 : a variant of MSIL/Injector.KUC
Ikarus : Trojan.MSIL.Injector
Sophos : Mal/DrodAce-A
Email analysis :
NOTE : sandra.matinz@aol.com
NOTE : smatinz@hitachi-koki.com.sg
NOTE : Received : from [52.2.188.185]
NOTE : (account prohorova@wiegand-logistics.ru HELO WIN-POBK0T90HNH.ec2.internal)
NOTE : by backend12.aha.ru (CommuniGate Pro SMTP 4.3.11)
NOTE : Received : from aha.ru (backend12.aha.ru. [62.113.86.201])
eFax message from "unknown" - 1 page(s), Caller-ID: 1-893-787-7876
Fax Message [Caller-ID: 1-893-787-7876
You have received a 1 page fax at Fri, 17 Jul 2015 07:03:05 +0900. * The reference number for this fax is atl_did1-1400166434-62714347775-154. Click here to view this fax using your PDF reader. Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
j2 Global | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | OneBox
2014 j2 Global, Inc. All rights reserved.
eFax is a registered trademark of j2 Global, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.
Virus analysis :
CLICK : atl_did1-1400166434-62714347775-154
CLICK : here
OPEN : http://descubreone.mx/securestorage/get_document.html
DOWNLOAD : A virus.
REDIRECT : https://www.efax.com/
Email analysis :
NOTE : message@inbound.efax.com
NOTE : Received : from unknown (HELO GPFSHLVXV) (119.194.222.13)
NOTE : 119.194.222.13 ()
NOTE : *@blueturtle.com.au
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
You have received a 1 page fax at Fri, 17 Jul 2015 07:03:05 +0900. * The reference number for this fax is atl_did1-1400166434-62714347775-154. Click here to view this fax using your PDF reader. Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
j2 Global | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | OneBox
2014 j2 Global, Inc. All rights reserved.
eFax is a registered trademark of j2 Global, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.
Virus analysis :
CLICK : atl_did1-1400166434-62714347775-154
CLICK : here
OPEN : http://descubreone.mx/securestorage/get_document.html
DOWNLOAD : A virus.
REDIRECT : https://www.efax.com/
Email analysis :
NOTE : message@inbound.efax.com
NOTE : Received : from unknown (HELO GPFSHLVXV) (119.194.222.13)
NOTE : 119.194.222.13 ()
NOTE : *@blueturtle.com.au
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
Thursday, July 9, 2015
Facture n 87/48/00220 ,BRIANT
Bonjour,
tu vois morad en fin de journée, mais au cas où
voici les factures misent à jour,
factures N°6 pour la PP et la villa étageet facture des peintures très bonne fin de journée,
Chadwick BRIANT
87_48_00220.doc
File analysis :
OPEN : 87_48_00220.doc
RESULT 87_48_00220.doc is a virus.
Email analysis :
NOTE : Received : from 401mac.401trucksource.com (207.54.122.181)
NOTE : chadwickbriantsu@401mac.401trucksource.com
NOTE : TCMime 1.0 by Tencent
NOTE : QQMail 2.x
NOTE : X-Originating-Ip : 207.54.122.181
Virus analysis :
FIle : 87_48_00220.doc
SHA256 : a912466c03f5cea660b98468277f01fc66492a4dee7c014f15cfa5508312db29
AVG : Generic13_c.AEAY
Arcabit : HEUR.VBA.Trojan
Avast : Other:Malware-gen [Trj]
Avira : W97M/Agent.18522
BitDefender : Trojan.Doc.Downloader.DW
DrWeb : VBS.Dropper.61
Emsisoft : Trojan.Doc.Downloader.DW (B)
F-Secure : Trojan.Doc.Downloader.DW
Fortinet : WM/Agent!tr
GData : Trojan.Doc.Downloader.DW
Kaspersky : Trojan-Downloader.MSWord.Agent.oc
McAfee : W97M/Downloader.ajz
MicroWorld-eScan : Trojan.Doc.Downloader.DW
Microsoft : TrojanDownloader:W97M/Adnel
Sophos : Troj/DocDl-TF
Symantec : W97M.Downloader
TrendMicro : W2KM_BA.AB553B8F
TrendMicro-HouseCall : W2KM_BA.AB553B8F
tu vois morad en fin de journée, mais au cas où
voici les factures misent à jour,
factures N°6 pour la PP et la villa étageet facture des peintures très bonne fin de journée,
Chadwick BRIANT
87_48_00220.doc
File analysis :
OPEN : 87_48_00220.doc
RESULT 87_48_00220.doc is a virus.
Email analysis :
NOTE : Received : from 401mac.401trucksource.com (207.54.122.181)
NOTE : chadwickbriantsu@401mac.401trucksource.com
NOTE : TCMime 1.0 by Tencent
NOTE : QQMail 2.x
NOTE : X-Originating-Ip : 207.54.122.181
Virus analysis :
FIle : 87_48_00220.doc
SHA256 : a912466c03f5cea660b98468277f01fc66492a4dee7c014f15cfa5508312db29
AVG : Generic13_c.AEAY
Arcabit : HEUR.VBA.Trojan
Avast : Other:Malware-gen [Trj]
Avira : W97M/Agent.18522
BitDefender : Trojan.Doc.Downloader.DW
DrWeb : VBS.Dropper.61
Emsisoft : Trojan.Doc.Downloader.DW (B)
F-Secure : Trojan.Doc.Downloader.DW
Fortinet : WM/Agent!tr
GData : Trojan.Doc.Downloader.DW
Kaspersky : Trojan-Downloader.MSWord.Agent.oc
McAfee : W97M/Downloader.ajz
MicroWorld-eScan : Trojan.Doc.Downloader.DW
Microsoft : TrojanDownloader:W97M/Adnel
Sophos : Troj/DocDl-TF
Symantec : W97M.Downloader
TrendMicro : W2KM_BA.AB553B8F
TrendMicro-HouseCall : W2KM_BA.AB553B8F
Monday, July 6, 2015
revised order ( Virus )
Dear Sir,
Attach is our revised order, Waiting for your invoice
Thank you.
Ahmed Ragheb
Assad Business LLC
Tel:86-22-28246951
Download
File analysis :
CLICK : Download
OPEN : http://ge.tt/api/1/files/649DtgJ2/0/blob?download
DOWNLOAD : Revised Order..........rar
CONCLUSION : This is a virus.
Virus analysis :
SHA256: 6c6ff658c9a8c574898c139d40069db25e2f3377615269e35ae29ee3d2a17db5
AVG MSIL8.APEG
Ad-Aware Gen:Heur.MSIL.Androm.10
Arcabit Trojan.MSIL.Androm.10
Avast Win32:Malware-gen
Avira TR/Dropper.MSIL.52174
BitDefender Gen:Heur.MSIL.Androm.10
DrWeb Trojan.DownLoader14.27222
ESET-NOD32 a variant of MSIL/Injector.KNB
Emsisoft Gen:Heur.MSIL.Androm.10 (B)
F-Secure Gen:Heur.MSIL.Androm.10
GData Win32.Trojan-Dropper.Agent.GP
Kaspersky Trojan.MSIL.Inject.ccfx
Malwarebytes Spyware.Password
McAfee Dropper-FOC!BABC3B054967
MicroWorld-eScan Gen:Heur.MSIL.Androm.10
Panda Generic Suspicious 20150705
Sophos Mal/MSIL-OY
Symantec Suspicious.Cloud.5
TrendMicro HEUR_NAMETRICK.B
TrendMicro-HouseCall TROJ_GE.FE94127C
Email analysis :
NOTE : md.hashem2012@gmail.com
NOTE : Received : by 10.194.125.14 with HTTP
Attach is our revised order, Waiting for your invoice
Thank you.
Ahmed Ragheb
Assad Business LLC
Tel:86-22-28246951
Download
File analysis :
CLICK : Download
OPEN : http://ge.tt/api/1/files/649DtgJ2/0/blob?download
DOWNLOAD : Revised Order..........rar
CONCLUSION : This is a virus.
Virus analysis :
SHA256: 6c6ff658c9a8c574898c139d40069db25e2f3377615269e35ae29ee3d2a17db5
AVG MSIL8.APEG
Ad-Aware Gen:Heur.MSIL.Androm.10
Arcabit Trojan.MSIL.Androm.10
Avast Win32:Malware-gen
Avira TR/Dropper.MSIL.52174
BitDefender Gen:Heur.MSIL.Androm.10
DrWeb Trojan.DownLoader14.27222
ESET-NOD32 a variant of MSIL/Injector.KNB
Emsisoft Gen:Heur.MSIL.Androm.10 (B)
F-Secure Gen:Heur.MSIL.Androm.10
GData Win32.Trojan-Dropper.Agent.GP
Kaspersky Trojan.MSIL.Inject.ccfx
Malwarebytes Spyware.Password
McAfee Dropper-FOC!BABC3B054967
MicroWorld-eScan Gen:Heur.MSIL.Androm.10
Panda Generic Suspicious 20150705
Sophos Mal/MSIL-OY
Symantec Suspicious.Cloud.5
TrendMicro HEUR_NAMETRICK.B
TrendMicro-HouseCall TROJ_GE.FE94127C
Email analysis :
NOTE : md.hashem2012@gmail.com
NOTE : Received : by 10.194.125.14 with HTTP
Monday, June 15, 2015
My Resume
Hey.
I saw your business today Fri, 12 Jun 2015 and found it very interesting. I was hoping there was any possibility of internship, just to prove my competence. As you will see in my attached CV, I am very qualified and have a very sweeping experience in this line of employment. I am confident it will be worth your time reading it, and I am even more confident you will find me very suitable in your company.
Please see my attached CV.
I'm very much looking forward to hearing from you.
Respectfully,
Gail Kosyla
My_Resume_2426.doc
Email analysis :
NOTE : rafaellostirling@yahoo.com
NOTE : client-ip=67.195.87.25;
File analysis :
My_Resume_2426.doc is a virus.
Virus analysis :
CAT-QuickHeal : O97M.Dropper.BR
ESET-NOD32 : VBA/TrojanDownloader.Agent.UK
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.O2LT4A
Ikarus : Trojan-Downloader.VBA.Agent
NANO-Antivirus : Trojan.Script.Agent.dslepx
Sophos : Troj/DocDl-QT
Symantec : W97M.Downloader
TrendMicro : W2KM_DLOADER.HB
TrendMicro-HouseCall : Suspicious_GEN.F47V0612
I saw your business today Fri, 12 Jun 2015 and found it very interesting. I was hoping there was any possibility of internship, just to prove my competence. As you will see in my attached CV, I am very qualified and have a very sweeping experience in this line of employment. I am confident it will be worth your time reading it, and I am even more confident you will find me very suitable in your company.
Please see my attached CV.
I'm very much looking forward to hearing from you.
Respectfully,
Gail Kosyla
My_Resume_2426.doc
Email analysis :
NOTE : rafaellostirling@yahoo.com
NOTE : client-ip=67.195.87.25;
File analysis :
My_Resume_2426.doc is a virus.
Virus analysis :
CAT-QuickHeal : O97M.Dropper.BR
ESET-NOD32 : VBA/TrojanDownloader.Agent.UK
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.O2LT4A
Ikarus : Trojan-Downloader.VBA.Agent
NANO-Antivirus : Trojan.Script.Agent.dslepx
Sophos : Troj/DocDl-QT
Symantec : W97M.Downloader
TrendMicro : W2KM_DLOADER.HB
TrendMicro-HouseCall : Suspicious_GEN.F47V0612
Wednesday, May 27, 2015
Rép :Re:Re:NEW ORDER (Virus)
l have checked and back to you again, please check the attached Purchase Order and see the products and quantities WE needs and quote your best price by issuing us price list and Perform Invoice accordingly.you will see the specific brand,description of the product we want your company to supply to us. We expect to hear from you shortly to enable us set with the purchase arrangement/agreement once the price is competitive and we get your assurance on the quality of the products.
Your early reply is highly appreciated.
Thank You !
Regards
Mis.July Doin
Vice General Manager
---------------------------------------------------------
Purchasing Manager
Addweden Svenska SAP
Svenska AB 151 D Zip Code:55652
Tel:46-858-780000/Fax:46-858-780001
Email:julydoin1@hotmail.com
Email analysis :
NOTE : Julydoin@hotmail.com
NOTE : royalbankofscotlandn@gmail.com
Virus analysis :
SHA256: 64d7f46ef678cb27e60a7992be9f5095eb5b61b959a16d4cb9441757349fba11
FILENAME : NEW ORDER.ace
==================================
AVG : MSIL2.BGGQ
Ad-Aware : Gen:Variant.Kazy.263448
Avast : MSIL:GenMalicious-RW [Trj]
Avira : TR/Meredrop.EB.1
BitDefender : Gen:Variant.Kazy.263448
ESET-NOD32 : a variant of MSIL/Injector.BYE
Emsisoft : Gen:Variant.Kazy.263448 (B)
F-Secure : Gen:Variant.Kazy.263448
GData : Gen:Variant.Kazy.263448
Ikarus : Backdoor.Androm
Kaspersky : Trojan-Dropper.Win32.Sysn.aweg
MicroWorld-eScan : Gen:Variant.Kazy.263448
Panda : Generic Malware
Sophos : Mal/DrodAce-A
==================================
Your early reply is highly appreciated.
Thank You !
Regards
Mis.July Doin
Vice General Manager
---------------------------------------------------------
Purchasing Manager
Addweden Svenska SAP
Svenska AB 151 D Zip Code:55652
Tel:46-858-780000/Fax:46-858-780001
Email:julydoin1@hotmail.com
Email analysis :
NOTE : Julydoin@hotmail.com
NOTE : royalbankofscotlandn@gmail.com
Virus analysis :
SHA256: 64d7f46ef678cb27e60a7992be9f5095eb5b61b959a16d4cb9441757349fba11
FILENAME : NEW ORDER.ace
==================================
AVG : MSIL2.BGGQ
Ad-Aware : Gen:Variant.Kazy.263448
Avast : MSIL:GenMalicious-RW [Trj]
Avira : TR/Meredrop.EB.1
BitDefender : Gen:Variant.Kazy.263448
ESET-NOD32 : a variant of MSIL/Injector.BYE
Emsisoft : Gen:Variant.Kazy.263448 (B)
F-Secure : Gen:Variant.Kazy.263448
GData : Gen:Variant.Kazy.263448
Ikarus : Backdoor.Androm
Kaspersky : Trojan-Dropper.Win32.Sysn.aweg
MicroWorld-eScan : Gen:Variant.Kazy.263448
Panda : Generic Malware
Sophos : Mal/DrodAce-A
==================================
Thursday, May 21, 2015
Invoices
Please review the attached invoices and pay them at your earliest convenience. Feel free to contact us if you have any questions.
Thank you.
Email analysis :
NOTE : application@hmrc.gov.uk
NOTE : soundesti7@compufort.com
NOTE : Received : from [110.120.202.131]
NOTE : (port=19367 helo=[192.168.4.77])
NOTE : by 69.3.15.254
Virus analysis :
AVG FakeAlert
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2427700
Avast Win32:Trojan-gen
Avira TR/Crypt.Xpack.230760
Baidu-International Trojan.Win32.BitWall.ia
BitDefender Trojan.GenericKD.2427700
Cyren W32/Trojan.RXVE-1253
DrWeb Trojan.Click3.12191
ESET-NOD32 Win32/TrojanDownloader.Agent.BEL
Emsisoft Trojan.GenericKD.2427700 (B)
F-Prot W32/Trojan3.PUX
F-Secure Trojan.GenericKD.2427700
GData Trojan.GenericKD.2427700
Ikarus Trojan.Crypt
K7AntiVirus Trojan ( 7000000c1 )
K7GW Trojan ( 700001211 )
Kaspersky Trojan-Spy.Win32.BitWall.ia
Malwarebytes Trojan.Upatre.DG
McAfee Downloader-FAUU!06DC3128D83A
McAfee-GW-Edition New Malware.jj
MicroWorld-eScan Trojan.GenericKD.2427700
Microsoft TrojanDownloader:Win32/Ruckguv.A
Panda Trj/Chgt.O
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Invo-Zip
Symantec Infostealer.Limitail
Tencent Win32.Trojan.Fakedoc.Auto
TrendMicro TROJ_DLOADR.DYR
TrendMicro-HouseCall Suspicious_GEN.F47V0520
VIPRE Win32.Malware!Drop
ViRobot Backdoor.Win32.S.Agent.52736.AF[h]
nProtect Trojan.GenericKD.2427700
Thank you.
Email analysis :
NOTE : application@hmrc.gov.uk
NOTE : soundesti7@compufort.com
NOTE : Received : from [110.120.202.131]
NOTE : (port=19367 helo=[192.168.4.77])
NOTE : by 69.3.15.254
Virus analysis :
AVG FakeAlert
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2427700
Avast Win32:Trojan-gen
Avira TR/Crypt.Xpack.230760
Baidu-International Trojan.Win32.BitWall.ia
BitDefender Trojan.GenericKD.2427700
Cyren W32/Trojan.RXVE-1253
DrWeb Trojan.Click3.12191
ESET-NOD32 Win32/TrojanDownloader.Agent.BEL
Emsisoft Trojan.GenericKD.2427700 (B)
F-Prot W32/Trojan3.PUX
F-Secure Trojan.GenericKD.2427700
GData Trojan.GenericKD.2427700
Ikarus Trojan.Crypt
K7AntiVirus Trojan ( 7000000c1 )
K7GW Trojan ( 700001211 )
Kaspersky Trojan-Spy.Win32.BitWall.ia
Malwarebytes Trojan.Upatre.DG
McAfee Downloader-FAUU!06DC3128D83A
McAfee-GW-Edition New Malware.jj
MicroWorld-eScan Trojan.GenericKD.2427700
Microsoft TrojanDownloader:Win32/Ruckguv.A
Panda Trj/Chgt.O
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Invo-Zip
Symantec Infostealer.Limitail
Tencent Win32.Trojan.Fakedoc.Auto
TrendMicro TROJ_DLOADR.DYR
TrendMicro-HouseCall Suspicious_GEN.F47V0520
VIPRE Win32.Malware!Drop
ViRobot Backdoor.Win32.S.Agent.52736.AF[h]
nProtect Trojan.GenericKD.2427700
Tuesday, May 12, 2015
My Resume
Hey there,
I saw your website today Tue, 12 May 2015 and im really hoping there is a opening or other possibility to get a chance to prove my competence.
As you will see in my resume I have a broad experience and knowledge in this line of work and im confident it will be worth your time reading it.
I am excited to hearing from you.
Please see my attached CV.
Best regards,
James Hattersley
Sent from my iPhone
Email analysis :
NOTE : any_montes73141@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-4
NOTE : X-Mailer : iPhone Mail (9A405)
Virus analysis :
Open : CV_14131.doc
Check : This file is a virus.
AVware : LooksLike.Macro.Downloader.a (v)
Avast : Other:Malware-gen [Trj]
CAT-QuickHeal : O97M.Dropper.FK
ESET-NOD32 : VBA/TrojanDownloader.Agent.PP
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.22MP55
Ikarus : Trojan-Downloader.VBA.Agent
McAfee : W97M/Downloader.afs
McAfee-GW-Edition : W97M/Downloader.afs
Microsoft : TrojanDownloader:O97M/Donoff.gen!C
Sophos : Mal/DocDl-E
Symantec : W97M.Downloader
Tencent : Win32.Trojan-downloader.Agent.Efkp
TrendMicro-HouseCall : Suspicious_GEN.F47V0511
VIPRE : LooksLike.Macro.Downloader.a (v)
I saw your website today Tue, 12 May 2015 and im really hoping there is a opening or other possibility to get a chance to prove my competence.
As you will see in my resume I have a broad experience and knowledge in this line of work and im confident it will be worth your time reading it.
I am excited to hearing from you.
Please see my attached CV.
Best regards,
James Hattersley
Sent from my iPhone
Email analysis :
NOTE : any_montes73141@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-4
NOTE : X-Mailer : iPhone Mail (9A405)
Virus analysis :
Open : CV_14131.doc
Check : This file is a virus.
AVware : LooksLike.Macro.Downloader.a (v)
Avast : Other:Malware-gen [Trj]
CAT-QuickHeal : O97M.Dropper.FK
ESET-NOD32 : VBA/TrojanDownloader.Agent.PP
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.22MP55
Ikarus : Trojan-Downloader.VBA.Agent
McAfee : W97M/Downloader.afs
McAfee-GW-Edition : W97M/Downloader.afs
Microsoft : TrojanDownloader:O97M/Donoff.gen!C
Sophos : Mal/DocDl-E
Symantec : W97M.Downloader
Tencent : Win32.Trojan-downloader.Agent.Efkp
TrendMicro-HouseCall : Suspicious_GEN.F47V0511
VIPRE : LooksLike.Macro.Downloader.a (v)
Tuesday, April 21, 2015
Hola my photo (Virus)
hola my new photo , send u photo
my_new_photo837847238947238947238472398.zip
Virus analysis :
Qihoo-360 : HEUR/QVM10.1.Malware.Gen
Sophos : Mal/Generic-S
Email analysis :
NOTE : hoeno0@networkadvertising.org
NOTE : Received : from [205.11.98.44] (helo=fklgamr.xvlhelxpewb.com)
NOTE : by with esmtpa (Exim 4.69) (envelope-from)
my_new_photo837847238947238947238472398.zip
Virus analysis :
Qihoo-360 : HEUR/QVM10.1.Malware.Gen
Sophos : Mal/Generic-S
Email analysis :
NOTE : hoeno0@networkadvertising.org
NOTE : Received : from [205.11.98.44] (helo=fklgamr.xvlhelxpewb.com)
NOTE : by with esmtpa (Exim 4.69) (envelope-from)
Thursday, April 16, 2015
Scanned Image from a Xerox WorkCentre (Virus)
Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.
Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip
WorkCentre Pro Location: Machine location not set
Device Name: ***.com
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Email analysis :
NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)
File analysis :
ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006
Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip
WorkCentre Pro Location: Machine location not set
Device Name: ***.com
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Email analysis :
NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)
File analysis :
ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006
Monday, March 23, 2015
FW: Important documents (Bank Of America Virus)
Cash Pro logo
Cash Pro logo
Important account documents
Reference: C85
Case number: 4690473
Please scan attached document and fax it to +1 (888) 589-3716.
Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager.
Yours faithfully
Signature Image
Rosalyn Chavez
Senior Manager
Bank of America Commercial Banking
Rosalyn.Chavez@bankofamerica.com
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.
2014 Bank of America Corporation. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.
AccountDocuments.zip
Email analysis :
NOTE : Rosalyn.Chavez@bankofamerica.com
NOTE : yvx@blaudieck.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO ACSKURDN) (83.231.81.43)
Virus analysis :
OPEN : AccountDocuments.zip
RESULT : AccountDocuments.zip is a VIRUS
ALYac : Trojan.GenericKD.2234787
AVG : Generic_s.ELW
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : TrojWare.Win32.UMal.~A
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Suspect-BW!0D6F95F76EEC
McAfee-GW-Edition : Suspect-BW!0D6F95F76EEC
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Invo-Zip
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Hfr
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0319
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2
Cash Pro logo
Important account documents
Reference: C85
Case number: 4690473
Please scan attached document and fax it to +1 (888) 589-3716.
Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager.
Yours faithfully
Signature Image
Rosalyn Chavez
Senior Manager
Bank of America Commercial Banking
Rosalyn.Chavez@bankofamerica.com
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.
2014 Bank of America Corporation. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.
AccountDocuments.zip
Email analysis :
NOTE : Rosalyn.Chavez@bankofamerica.com
NOTE : yvx@blaudieck.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO ACSKURDN) (83.231.81.43)
Virus analysis :
OPEN : AccountDocuments.zip
RESULT : AccountDocuments.zip is a VIRUS
ALYac : Trojan.GenericKD.2234787
AVG : Generic_s.ELW
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : TrojWare.Win32.UMal.~A
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Suspect-BW!0D6F95F76EEC
McAfee-GW-Edition : Suspect-BW!0D6F95F76EEC
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Invo-Zip
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Hfr
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0319
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2
JP Morgan Access Secure Message (Virus)
Please check attached file(s) for your latest account documents regarding your online account.
Alex Puckett
Level III Account Management Officer
817-283-1539 office
817-878-6079 cell Alex.Puckett@jpmorgan.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
2015 JPMorgan Chase & Co.
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
JP Morgan Access - Secure.zip
Email analysis :
NOTE : service@jpmorgan.com
NOTE : tenqvist@cc.oulu.fi
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 108-84-212-41.lightspeed.hstntx.sbcglobal.net (108.84.212.41)
Virus analysis :
OPEN : JP Morgan Access - Secure.zip
RESULT : JP Morgan Access - Secure.zip is a VIRUS
ALYac : Trojan.GenericKD.2234787
AVG : FakeAlert
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Upatre-FAAR!05E6E33D4259
McAfee-GW-Edition : Upatre-FAAR!05E6E33D4259
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-JB
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Fhz
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0320
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2
Alex Puckett
Level III Account Management Officer
817-283-1539 office
817-878-6079 cell Alex.Puckett@jpmorgan.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
2015 JPMorgan Chase & Co.
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
JP Morgan Access - Secure.zip
Email analysis :
NOTE : service@jpmorgan.com
NOTE : tenqvist@cc.oulu.fi
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 108-84-212-41.lightspeed.hstntx.sbcglobal.net (108.84.212.41)
Virus analysis :
OPEN : JP Morgan Access - Secure.zip
RESULT : JP Morgan Access - Secure.zip is a VIRUS
ALYac : Trojan.GenericKD.2234787
AVG : FakeAlert
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Upatre-FAAR!05E6E33D4259
McAfee-GW-Edition : Upatre-FAAR!05E6E33D4259
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-JB
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Fhz
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0320
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2
Thursday, March 12, 2015
Please
Good Afternoon,
Please find attached notice regarding carriers pre-filing for an additional General Rate Increase for effective date of April 9, 2015. Please note, we are advising you of this filing in order to comply with FMC regulations. However, we feel it is unlikely that the carriers will be successful in implementing this increase, especially since the March 9th GRI has already been postponed to March 17th. We will continue to keep you updated as we receive additional information pertaining to these filed rate increases.
Phoenix Zhang-Shin
Director
P & J International Ltd
Calverley House, 55 Calverley Road
Tunbridge Wells, Kent, UK TN1 2TU
Tel: 0044 1892 525588
Fax: 0044 1892 522277
Mob: 0044 7771802252
This email and any attachments are confidential and solely for the use of the intended recipient. They may contain material protected by legal, professional or other privilege. All correspondence with and communication with us is governed by and subject to our Standard Terms and Conditions of Sale (March 2010) (Our STCs), a copy of which has been provided to you and which is available on request or on our web-site. Acknowledging receipt of and replying to this email constitutes acceptance of our STCs.
Email analysis :
NOTE : phoenix@pnjinternational.com
File analysis :
OPEN : documents-id323.zip
ANALYSIS : documents-id323.zip is a virus.
Virus analysis :
AVG : FakeAlert
Ad-Aware : Trojan.GenericKD.2214283
Avast : Win32:Malware-gen
Avira : TR/Rogue.pwsa
Baidu-International : Trojan.Win32.Waski.F
BitDefender : Trojan.GenericKD.2214283
ClamAV : Win.Trojan.Upatre-548
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.OSAT-0643
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2214283 (B)
F-Prot : W32/Trojan3.OKK
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2214283
Ikarus : Trojan-Downloader.Win32.Upatre
Kaspersky : Trojan-Downloader.Win32.Upatre.ffm
Malwarebytes : Trojan.Upatre.FD
McAfee : Artemis!56D11447DF79
MicroWorld-eScan : Trojan.GenericKD.2214283
Microsoft : TrojanDownloader:Win32/Upatre.AY
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/EncPk-ANE
Tencent : Win32.Trojan.Downloader-pdf.Auto
VIRUS ASM
To obtain the ASM version contact me scamcz@gmail.com
Please find attached notice regarding carriers pre-filing for an additional General Rate Increase for effective date of April 9, 2015. Please note, we are advising you of this filing in order to comply with FMC regulations. However, we feel it is unlikely that the carriers will be successful in implementing this increase, especially since the March 9th GRI has already been postponed to March 17th. We will continue to keep you updated as we receive additional information pertaining to these filed rate increases.
Phoenix Zhang-Shin
Director
P & J International Ltd
Calverley House, 55 Calverley Road
Tunbridge Wells, Kent, UK TN1 2TU
Tel: 0044 1892 525588
Fax: 0044 1892 522277
Mob: 0044 7771802252
This email and any attachments are confidential and solely for the use of the intended recipient. They may contain material protected by legal, professional or other privilege. All correspondence with and communication with us is governed by and subject to our Standard Terms and Conditions of Sale (March 2010) (Our STCs), a copy of which has been provided to you and which is available on request or on our web-site. Acknowledging receipt of and replying to this email constitutes acceptance of our STCs.
Email analysis :
NOTE : phoenix@pnjinternational.com
File analysis :
OPEN : documents-id323.zip
ANALYSIS : documents-id323.zip is a virus.
Virus analysis :
AVG : FakeAlert
Ad-Aware : Trojan.GenericKD.2214283
Avast : Win32:Malware-gen
Avira : TR/Rogue.pwsa
Baidu-International : Trojan.Win32.Waski.F
BitDefender : Trojan.GenericKD.2214283
ClamAV : Win.Trojan.Upatre-548
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.OSAT-0643
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2214283 (B)
F-Prot : W32/Trojan3.OKK
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2214283
Ikarus : Trojan-Downloader.Win32.Upatre
Kaspersky : Trojan-Downloader.Win32.Upatre.ffm
Malwarebytes : Trojan.Upatre.FD
McAfee : Artemis!56D11447DF79
MicroWorld-eScan : Trojan.GenericKD.2214283
Microsoft : TrojanDownloader:Win32/Upatre.AY
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/EncPk-ANE
Tencent : Win32.Trojan.Downloader-pdf.Auto
VIRUS ASM
To obtain the ASM version contact me scamcz@gmail.com
Tuesday, March 10, 2015
Emailing: Serv-Ware Credit Application.pdf
--
Thanks,
Clint Winstead
Manager
Serv-Ware Products
clint@servware.com
phone: 800.768.5953
fax : 800.976.1299
www.servware.com
File analysis :
OPEN : Serv-WareCreditApplication.zip
ANALYSIS : VIRUS DETECTED.
Virus analysis :
AVG Generic_s.EHT
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2209679
Avast Win32:Malware-gen
Avira TR/Rogue.1539.aia
BitDefender Trojan.GenericKD.2209679
CAT-QuickHeal (Suspicious) - DNAScan
Cyren W32/Upatre.E2.gen!Eldorado
DrWeb Trojan.Upatre.140
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Trojan.GenericKD.2209679 (B)
F-Prot W32/Upatre.E2.gen!Eldorado
F-Secure Trojan.GenericKD.2209679
Fortinet W32/Kryptik.DBDO!tr
GData Trojan.GenericKD.2209679
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.vjy
Malwarebytes Trojan.Email.FakeDoc
McAfee Upatre-FAAR!8BEDB116B2AE
MicroWorld-eScan Trojan.GenericKD.2209679
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Agent-ALYH
Symantec Downloader.Upatre
Tencent Win32.Trojan.Rogue.Lnef
TrendMicro TROJ_UP.AFEFD391
TrendMicro-HouseCall Suspicious_GEN.F47V0309
VIPRE Win32.Malware!Drop
ViRobot Trojan.Win32.S.Downloader.27392.D[h]
nProtect Trojan.GenericKD.2209679
Email analysis :
NOTE : X-Remote : 67.165.217.44 (c-67-165-217-44.hsd1.co.comcast.net)
NOTE : Return-Path : clint@servware.com
NOTE : Received : from c-67-165-217-44.hsd1.co.comcast.net
NOTE : (HELO servware.com) (67.165.217.44)
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Emailing: Serv-Ware Credit Application.pdf
Thanks,
Clint Winstead
Manager
Serv-Ware Products
clint@servware.com
phone: 800.768.5953
fax : 800.976.1299
www.servware.com
File analysis :
OPEN : Serv-WareCreditApplication.zip
ANALYSIS : VIRUS DETECTED.
Virus analysis :
AVG Generic_s.EHT
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2209679
Avast Win32:Malware-gen
Avira TR/Rogue.1539.aia
BitDefender Trojan.GenericKD.2209679
CAT-QuickHeal (Suspicious) - DNAScan
Cyren W32/Upatre.E2.gen!Eldorado
DrWeb Trojan.Upatre.140
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Trojan.GenericKD.2209679 (B)
F-Prot W32/Upatre.E2.gen!Eldorado
F-Secure Trojan.GenericKD.2209679
Fortinet W32/Kryptik.DBDO!tr
GData Trojan.GenericKD.2209679
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.vjy
Malwarebytes Trojan.Email.FakeDoc
McAfee Upatre-FAAR!8BEDB116B2AE
MicroWorld-eScan Trojan.GenericKD.2209679
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Agent-ALYH
Symantec Downloader.Upatre
Tencent Win32.Trojan.Rogue.Lnef
TrendMicro TROJ_UP.AFEFD391
TrendMicro-HouseCall Suspicious_GEN.F47V0309
VIPRE Win32.Malware!Drop
ViRobot Trojan.Win32.S.Downloader.27392.D[h]
nProtect Trojan.GenericKD.2209679
Email analysis :
NOTE : X-Remote : 67.165.217.44 (c-67-165-217-44.hsd1.co.comcast.net)
NOTE : Return-Path : clint@servware.com
NOTE : Received : from c-67-165-217-44.hsd1.co.comcast.net
NOTE : (HELO servware.com) (67.165.217.44)
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Emailing: Serv-Ware Credit Application.pdf
Subscribe to:
Posts (Atom)