Monday, July 6, 2015

revised order ( Virus )

Dear Sir,

Attach is our revised order, Waiting for your invoice

Thank you.
Ahmed Ragheb
Assad Business LLC
Tel:86-22-28246951

Download

File analysis :

CLICK : Download
OPEN : http://ge.tt/api/1/files/649DtgJ2/0/blob?download
DOWNLOAD : Revised Order..........rar
CONCLUSION : This is a virus.

Virus analysis :

SHA256: 6c6ff658c9a8c574898c139d40069db25e2f3377615269e35ae29ee3d2a17db5

AVG MSIL8.APEG
Ad-Aware Gen:Heur.MSIL.Androm.10
Arcabit Trojan.MSIL.Androm.10
Avast Win32:Malware-gen
Avira TR/Dropper.MSIL.52174
BitDefender Gen:Heur.MSIL.Androm.10
DrWeb Trojan.DownLoader14.27222
ESET-NOD32 a variant of MSIL/Injector.KNB
Emsisoft Gen:Heur.MSIL.Androm.10 (B)
F-Secure Gen:Heur.MSIL.Androm.10
GData Win32.Trojan-Dropper.Agent.GP
Kaspersky Trojan.MSIL.Inject.ccfx
Malwarebytes Spyware.Password
McAfee Dropper-FOC!BABC3B054967
MicroWorld-eScan Gen:Heur.MSIL.Androm.10
Panda Generic Suspicious 20150705
Sophos Mal/MSIL-OY
Symantec Suspicious.Cloud.5
TrendMicro HEUR_NAMETRICK.B
TrendMicro-HouseCall TROJ_GE.FE94127C

Email analysis :

NOTE : md.hashem2012@gmail.com
NOTE : Received : by 10.194.125.14 with HTTP

Thursday, July 2, 2015

Nota Fiscal de Serviços 29/06.

Nota Fiscal de Serviços Eletrônica
-------------------------
Série: 003
Número: 000.017.161
Data de emissão: 29/06/2015
Chave de acesso: Visualizar

Número do protocolo de autorização de uso: 1311310426761090
----------------------------------------
ROD FERNÃO DIAS, S/N, S/N - KM 813
CRUZ ALTA,
CEP: 37550-000 FONE: 3538298009

Virus Analysis :

NOTE : http://bit.ly/1NunmVk


NOTE : https://www.dropbox.com/s/kdp46m0rc2hjild/NFSe.0187317HA7Y3HA713123.rar?dl=1

Email analysis :

NOTE : renata.seixas@aggreko.com.br
NOTE : Received : from vps2370.vpsunit.com (83.125.87.20)
NOTE : Received : by vps2370.vpsunit.com

Monday, June 15, 2015

My Resume

Hey.

I saw your business today Fri, 12 Jun 2015 and found it very interesting. I was hoping there was any possibility of internship, just to prove my competence. As you will see in my attached CV, I am very qualified and have a very sweeping experience in this line of employment. I am confident it will be worth your time reading it, and I am even more confident you will find me very suitable in your company.

Please see my attached CV.

I'm very much looking forward to hearing from you.
Respectfully,

Gail Kosyla

My_Resume_2426.doc

Email analysis :

NOTE : rafaellostirling@yahoo.com
NOTE : client-ip=67.195.87.25;

File analysis :

My_Resume_2426.doc is a virus.

Virus analysis :

CAT-QuickHeal : O97M.Dropper.BR
ESET-NOD32 : VBA/TrojanDownloader.Agent.UK
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.O2LT4A
Ikarus : Trojan-Downloader.VBA.Agent
NANO-Antivirus : Trojan.Script.Agent.dslepx
Sophos : Troj/DocDl-QT
Symantec : W97M.Downloader
TrendMicro : W2KM_DLOADER.HB
TrendMicro-HouseCall : Suspicious_GEN.F47V0612

Monday, June 8, 2015

ACHATS EMBALLAGES

Bonjour,

Vous trouverez en pièce jointe la facture toujours en attente de règlement depuis le mois de Septembre d’un montant de 1927.80 €.

Pouvez-vous faire le nécessaire ASAP.

Stella Tryba

ACHATS EMBALLAGES

147C_553956074A.doc

Email analysis :

NOTE : StellaTrybams@mail1.zhr.cz
NOTE : Received : from mail1.zhr.cz (77.48.20.246)
NOTE : X-Mozilla-Draft-Info : internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0; attachmentreminder=0
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

File analysis :

NOTE : OPEN : 147C_553956074A.doc
RESULT : VIRUS

Virus analysis :

Arcabit HEUR.VBA.Trojan

Wednesday, May 27, 2015

Rép :Re:Re:NEW ORDER‏‎ (Virus)

l have checked and back to you again, please check the attached Purchase Order and see the products and quantities WE needs and quote your best price by issuing us price list and Perform Invoice accordingly.you will see the specific brand,description of the product we want your company to supply to us. We expect to hear from you shortly to enable us set with the purchase arrangement/agreement once the price is competitive and we get your assurance on the quality of the products.

Your early reply is highly appreciated.

Thank You !
Regards
Mis.July Doin
Vice General Manager
---------------------------------------------------------
Purchasing Manager
Addweden Svenska SAP
Svenska AB 151 D Zip Code:55652
Tel:46-858-780000/Fax:46-858-780001
Email:julydoin1@hotmail.com

Email analysis :

NOTE : Julydoin@hotmail.com
NOTE : royalbankofscotlandn@gmail.com

Virus analysis :

SHA256: 64d7f46ef678cb27e60a7992be9f5095eb5b61b959a16d4cb9441757349fba11
FILENAME : NEW ORDER.ace
==================================
AVG : MSIL2.BGGQ
Ad-Aware : Gen:Variant.Kazy.263448
Avast : MSIL:GenMalicious-RW [Trj]
Avira : TR/Meredrop.EB.1
BitDefender : Gen:Variant.Kazy.263448
ESET-NOD32 : a variant of MSIL/Injector.BYE
Emsisoft : Gen:Variant.Kazy.263448 (B)
F-Secure : Gen:Variant.Kazy.263448
GData : Gen:Variant.Kazy.263448
Ikarus : Backdoor.Androm
Kaspersky : Trojan-Dropper.Win32.Sysn.aweg
MicroWorld-eScan : Gen:Variant.Kazy.263448
Panda : Generic Malware
Sophos : Mal/DrodAce-A
==================================

Thursday, May 21, 2015

Invoices

Please review the attached invoices and pay them at your earliest convenience. Feel free to contact us if you have any questions.

Thank you.

Email analysis :

NOTE : application@hmrc.gov.uk
NOTE : soundesti7@compufort.com
NOTE : Received : from [110.120.202.131]
NOTE : (port=19367 helo=[192.168.4.77])
NOTE : by 69.3.15.254

Virus analysis :

AVG FakeAlert
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2427700
Avast Win32:Trojan-gen
Avira TR/Crypt.Xpack.230760
Baidu-International Trojan.Win32.BitWall.ia
BitDefender Trojan.GenericKD.2427700
Cyren W32/Trojan.RXVE-1253
DrWeb Trojan.Click3.12191
ESET-NOD32 Win32/TrojanDownloader.Agent.BEL
Emsisoft Trojan.GenericKD.2427700 (B)
F-Prot W32/Trojan3.PUX
F-Secure Trojan.GenericKD.2427700
GData Trojan.GenericKD.2427700
Ikarus Trojan.Crypt
K7AntiVirus Trojan ( 7000000c1 )
K7GW Trojan ( 700001211 )
Kaspersky Trojan-Spy.Win32.BitWall.ia
Malwarebytes Trojan.Upatre.DG
McAfee Downloader-FAUU!06DC3128D83A
McAfee-GW-Edition New Malware.jj
MicroWorld-eScan Trojan.GenericKD.2427700
Microsoft TrojanDownloader:Win32/Ruckguv.A
Panda Trj/Chgt.O
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Invo-Zip
Symantec Infostealer.Limitail
Tencent Win32.Trojan.Fakedoc.Auto
TrendMicro TROJ_DLOADR.DYR
TrendMicro-HouseCall Suspicious_GEN.F47V0520
VIPRE Win32.Malware!Drop
ViRobot Backdoor.Win32.S.Agent.52736.AF[h]
nProtect Trojan.GenericKD.2427700

Tuesday, May 12, 2015

My Resume

Hey there,

I saw your website today Tue, 12 May 2015 and im really hoping there is a opening or other possibility to get a chance to prove my competence.
As you will see in my resume I have a broad experience and knowledge in this line of work and im confident it will be worth your time reading it.
I am excited to hearing from you.

Please see my attached CV.
Best regards,
James Hattersley

Sent from my iPhone

Email analysis :

NOTE : any_montes73141@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-4
NOTE : X-Mailer : iPhone Mail (9A405)

Virus analysis :

Open : CV_14131.doc
Check : This file is a virus.

AVware : LooksLike.Macro.Downloader.a (v)
Avast : Other:Malware-gen [Trj]
CAT-QuickHeal : O97M.Dropper.FK
ESET-NOD32 : VBA/TrojanDownloader.Agent.PP
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.22MP55
Ikarus : Trojan-Downloader.VBA.Agent
McAfee : W97M/Downloader.afs
McAfee-GW-Edition : W97M/Downloader.afs
Microsoft : TrojanDownloader:O97M/Donoff.gen!C
Sophos : Mal/DocDl-E
Symantec : W97M.Downloader
Tencent : Win32.Trojan-downloader.Agent.Efkp
TrendMicro-HouseCall : Suspicious_GEN.F47V0511
VIPRE : LooksLike.Macro.Downloader.a (v)

Tuesday, April 21, 2015

Hola my photo (Virus)

hola my new photo , send u photo

my_new_photo837847238947238947238472398.zip

Virus analysis :
Qihoo-360 : HEUR/QVM10.1.Malware.Gen
Sophos : Mal/Generic-S

Email analysis :

NOTE : hoeno0@networkadvertising.org
NOTE : Received : from [205.11.98.44] (helo=fklgamr.xvlhelxpewb.com)
NOTE : by with esmtpa (Exim 4.69) (envelope-from)

Thursday, April 16, 2015

Scanned Image from a Xerox WorkCentre (Virus)

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.

Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip

WorkCentre Pro Location: Machine location not set
Device Name: ***.com

Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/

Email analysis :

NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)


File analysis :

ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006

Thursday, April 9, 2015

NatWest Statement (Natwest Virus)

View Your March 2015 Online Financial Activity Statement

Keep track of your account with your latest Online Financial Activity Statement from NatWest Bank. It's available for you to view at this secure site. Just click to select how you would like to view your statement:

View/Download as a PDF
View all EStatements

So check out your statement right away, or at your earliest convenience.

Thank you for managing your account online.
Sincerely,

NatWest Bank

Please do not respond to this e-mail. If you have any questions about this inquiry message or your NatWest Bank Ū Merchant account, please speak to a Customer Service representative at 1-800-374-2639

NatWest Bank Customer Service Department
P.O. Box 414 | 38 Strand, WC2N 5JB, London
Copyright 2014 NatWest Company. All rights reserved.
AGNEUOMS0006001

Email analysis :

NOTE : noreply@natwest.com
NOTE : ldbsgw@brallc.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO IKAEMVMYO) (62.225.191.34)

Monday, March 23, 2015

FW: Important documents (Bank Of America Virus)

Cash Pro logo
Cash Pro logo
Important account documents

Reference: C85
Case number: 4690473

Please scan attached document and fax it to +1 (888) 589-3716.

Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager.

Yours faithfully

Signature Image

Rosalyn Chavez
Senior Manager
Bank of America Commercial Banking
Rosalyn.Chavez@bankofamerica.com

Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

2014 Bank of America Corporation. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.

AccountDocuments.zip

Email analysis :

NOTE : Rosalyn.Chavez@bankofamerica.com
NOTE : yvx@blaudieck.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO ACSKURDN) (83.231.81.43)


Virus analysis :

OPEN : AccountDocuments.zip
RESULT : AccountDocuments.zip is a VIRUS

ALYac : Trojan.GenericKD.2234787
AVG : Generic_s.ELW
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : TrojWare.Win32.UMal.~A
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Suspect-BW!0D6F95F76EEC
McAfee-GW-Edition : Suspect-BW!0D6F95F76EEC
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Invo-Zip
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Hfr
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0319
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2

JP Morgan Access Secure Message (Virus)

Please check attached file(s) for your latest account documents regarding your online account.

Alex Puckett
Level III Account Management Officer
817-283-1539 office
817-878-6079 cell Alex.Puckett@jpmorgan.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
2015 JPMorgan Chase & Co.

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

JP Morgan Access - Secure.zip

Email analysis :

NOTE : service@jpmorgan.com
NOTE : tenqvist@cc.oulu.fi
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 108-84-212-41.lightspeed.hstntx.sbcglobal.net (108.84.212.41)


Virus analysis :

OPEN : JP Morgan Access - Secure.zip
RESULT : JP Morgan Access - Secure.zip is a VIRUS

ALYac : Trojan.GenericKD.2234787
AVG : FakeAlert
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Upatre-FAAR!05E6E33D4259
McAfee-GW-Edition : Upatre-FAAR!05E6E33D4259
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-JB
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Fhz
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0320
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2

Thursday, March 12, 2015

Please

Good Afternoon,

Please find attached notice regarding carriers pre-filing for an additional General Rate Increase for effective date of April 9, 2015. Please note, we are advising you of this filing in order to comply with FMC regulations. However, we feel it is unlikely that the carriers will be successful in implementing this increase, especially since the March 9th GRI has already been postponed to March 17th. We will continue to keep you updated as we receive additional information pertaining to these filed rate increases.

Phoenix Zhang-Shin

Director

P & J International Ltd
Calverley House, 55 Calverley Road
Tunbridge Wells, Kent, UK TN1 2TU

Tel: 0044 1892 525588
Fax: 0044 1892 522277
Mob: 0044 7771802252

This email and any attachments are confidential and solely for the use of the intended recipient. They may contain material protected by legal, professional or other privilege. All correspondence with and communication with us is governed by and subject to our Standard Terms and Conditions of Sale (March 2010) (Our STCs), a copy of which has been provided to you and which is available on request or on our web-site. Acknowledging receipt of and replying to this email constitutes acceptance of our STCs.

Email analysis :

NOTE : phoenix@pnjinternational.com

File analysis :

OPEN : documents-id323.zip
ANALYSIS : documents-id323.zip is a virus.

Virus analysis :

AVG : FakeAlert
Ad-Aware : Trojan.GenericKD.2214283
Avast : Win32:Malware-gen
Avira : TR/Rogue.pwsa
Baidu-International : Trojan.Win32.Waski.F
BitDefender : Trojan.GenericKD.2214283
ClamAV : Win.Trojan.Upatre-548
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.OSAT-0643
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2214283 (B)
F-Prot : W32/Trojan3.OKK
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2214283
Ikarus : Trojan-Downloader.Win32.Upatre
Kaspersky : Trojan-Downloader.Win32.Upatre.ffm
Malwarebytes : Trojan.Upatre.FD
McAfee : Artemis!56D11447DF79
MicroWorld-eScan : Trojan.GenericKD.2214283
Microsoft : TrojanDownloader:Win32/Upatre.AY
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/EncPk-ANE
Tencent : Win32.Trojan.Downloader-pdf.Auto

VIRUS ASM

To obtain the ASM version contact me scamcz@gmail.com

Tuesday, March 10, 2015

Emailing: Serv-Ware Credit Application.pdf

--
Thanks,
Clint Winstead
Manager
Serv-Ware Products
clint@servware.com
phone: 800.768.5953
fax : 800.976.1299
www.servware.com

File analysis :

OPEN : Serv-WareCreditApplication.zip
ANALYSIS : VIRUS DETECTED.

Virus analysis :

AVG Generic_s.EHT
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2209679
Avast Win32:Malware-gen
Avira TR/Rogue.1539.aia
BitDefender Trojan.GenericKD.2209679
CAT-QuickHeal (Suspicious) - DNAScan
Cyren W32/Upatre.E2.gen!Eldorado
DrWeb Trojan.Upatre.140
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Trojan.GenericKD.2209679 (B)
F-Prot W32/Upatre.E2.gen!Eldorado
F-Secure Trojan.GenericKD.2209679
Fortinet W32/Kryptik.DBDO!tr
GData Trojan.GenericKD.2209679
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.vjy
Malwarebytes Trojan.Email.FakeDoc
McAfee Upatre-FAAR!8BEDB116B2AE
MicroWorld-eScan Trojan.GenericKD.2209679
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Agent-ALYH
Symantec Downloader.Upatre
Tencent Win32.Trojan.Rogue.Lnef
TrendMicro TROJ_UP.AFEFD391
TrendMicro-HouseCall Suspicious_GEN.F47V0309
VIPRE Win32.Malware!Drop
ViRobot Trojan.Win32.S.Downloader.27392.D[h]
nProtect Trojan.GenericKD.2209679

Email analysis :

NOTE : X-Remote : 67.165.217.44 (c-67-165-217-44.hsd1.co.comcast.net)
NOTE : Return-Path : clint@servware.com
NOTE : Received : from c-67-165-217-44.hsd1.co.comcast.net
NOTE : (HELO servware.com) (67.165.217.44)
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Emailing: Serv-Ware Credit Application.pdf

Sunday, March 8, 2015

HSBC Payment (Virus)

Sir/Madam

Upon your request, attached please find payment e-Advice for your reference.


HSBC

***************************************************************************

We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by e-mail or otherwise to ask you to validate personal information such as your user ID, password, or account numbers. If you receive such a request, please call our Direct Financial Services hotline.

Please do not reply to this e-mail. Should you wish to contact us, please send your e-mail to commercialbanking@hsbc.com.hk and we will respond to you.

Note: it is important that you do not provide your account or credit card numbers, or convey any confidential information or banking instructions, in your reply mail.

Copyright. The Hongkong and Shanghai Banking Corporation Limited 2015. All rights reserved.

***************************************************************************

HSBC-2739.zip

Analysis :

OPEN : HSBC-2739.zip
NOTE : HSBC-2739.zip is a virus

Virus analysis :

ALYac : Trojan.GenericKD.2203557
AVG : Generic_s.EHP
AVware : Trojan.Win32.Generic.pak!cobra
Ad-Aware : Trojan.GenericKD.2203557
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Angles.24012
Baidu-International : Trojan.Win32.Upatre.vje
BitDefender : Trojan.GenericKD.2203557
ClamAV : Win.Trojan.Agent-851779
Cyren : W32/Trojan.IATT-2425
DrWeb : Trojan.Upatre.144
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Emsisoft : Trojan.GenericKD.2203557 (B)
F-Prot : W32/Trojan3.OGD
F-Secure : Trojan.GenericKD.2203557
Fortinet : W32/Upatre.VJE!tr
GData : Trojan.GenericKD.2203557
Ikarus : Trojan.Win32.Emotet
K7AntiVirus : Trojan-Downloader ( 0048f6391 )
K7GW : Trojan-Downloader ( 0048f6391 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vje
Malwarebytes : Trojan.Upatre.FD
McAfee : RDN/Generic Downloader.x!mv
McAfee-GW-Edition : RDN/Generic Downloader.x!mv
MicroWorld-eScan : Trojan.GenericKD.2203557
Microsoft : TrojanDownloader:Win32/Upatre
Qihoo-360 : Win32/Trojan.d51
Sophos : Troj/Dyreza-DF
Symantec : Downloader.Upatre
TotalDefense : Win32/Tnega.fAAdaN
TrendMicro : TROJ_FR.97949EA3
TrendMicro-HouseCall : Suspicious_GEN.F47V0307
VIPRE : Trojan.Win32.Generic.pak!cobra
ViRobot : Trojan.Win32.S.Agent.29696.ASK[h]

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Return-Path : < no-replay@hsbc.co.uk >
NOTE : X-Ovh-Remote : 221.155.165.78 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO hsbc.co.uk) (221.155.165.78)
NOTE : HSBC Payment

Thursday, March 5, 2015

Air Canada e-ticket Virus

Dear client,

Your online order has been successfully completed and your credit card has been charged.

FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD

The seat number and additional information regarding the flight can be found on the attached e-ticket.

Thank you for choosing Air Canada
e-ticket_79010838.doc

Virus analysis :

OPEN : e-ticket_79010838.doc
ANALYSIS :

ALYac Trojan.Downloader.JRLZ
AVG Generic12_c.AETQ
Ad-Aware Trojan.Downloader.JRLZ
AhnLab-V3 X97M/Downloader
Avast MO97:Downloader-LX [Trj]
Avira WM/Dldr.Agent.asdl
BitDefender Trojan.Downloader.JRLZ
CAT-QuickHeal W97M.Dropper.CK
Comodo UnclassifiedMalware
Cyren W97M/Tarbir
ESET-NOD32 VBA/TrojanDownloader.Agent.JD
Emsisoft Trojan.Downloader.JRLZ (B)
F-Prot New
F-Secure Trojan.Downloader.JRLZ
Fortinet WM/Agent!tr
GData Trojan.Downloader.JRLZ
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.fg
McAfee W97M/Downloader.adx
McAfee-GW-Edition W97M/Downloader.adx
MicroWorld-eScan Trojan.Downloader.JRLZ
Microsoft TrojanDownloader:O97M/Bartallex.gen
Norman DLoader.ATMLY
Panda W97M/Downloader
Sophos Troj/DocDl-GF
Symantec W97M.Downloader
TrendMicro W2KM_BARTALEX.EU
TrendMicro-HouseCall W2KM_BARTALEX.EU
nProtect Trojan.Downloader.JRLZ

BBB SBQ Form #5488(Ref#83-497-0-4) (BBB VIRUS)

Thank you for supporting your Better Business Bureau (BBB).

As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.

We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)

Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.

Thank you again for your support, and we look forward to receiving this updated information.

Sincerely,

Accreditation Services

SBQForm07182.zip

OPEN : SBQForm07182.zip

Virus Analysis :

OPEN : SBQForm07182.zip
RESULT :

Avast Win32:Evo-gen [Susp]
CMC Packed.Win32.Katusha.3!O
ESET-NOD32 a variant of Win32/Injector.BVRZ
McAfee Downloader-FAHF!3D0C52C03CD0
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Mal/Generic-S
Tencent Win32.Trojan.Inject.Auto

Email analysis :

NOTE : no-replay@bbb.com
NOTE : X-Remote : 89.120.40.73 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO bbb.com) (89.120.40.73)

Friday, February 13, 2015

Scanned Image

Please open the attached document.
This document was digitally sent to you using an HP Digital Sending device.

-------------------------------------------------------------------------------
This email has been scanned for viruses and spam.
-------------------------------------------------------------------------------
Image.zip

Image.zip analysis :

OPEN FILE : Image.zip
EXTRACT : Image.scr

AVware Win32.Malware!Drop
Ad-Aware Gen:Variant.Graftor.175463
AhnLab-V3 Trojan/Win32.MDA
Avast Win32:Trojan-gen
Avira TR/Agent.psxz.445
Baidu-International Trojan.Win32.Waski.F
BitDefender Gen:Variant.Graftor.175463
ClamAV Win.Trojan.Upatre-165
Cyren W32/Trojan.BKZM-6931
DrWeb Trojan.Upatre.125
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Gen:Variant.Graftor.175463 (B)
F-Prot W32/Trojan3.NUW
F-Secure Gen:Variant.Graftor.175463
Fortinet W32/Waski.F!tr
GData Gen:Variant.Graftor.175463
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.fbe
Malwarebytes Trojan.FakeMS.ED
McAfee Artemis!E85B4BDFB116
McAfee-GW-Edition BehavesLike.Win32.BadFile.mm
MicroWorld-eScan Gen:Variant.Graftor.175463
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Dyreza-CB
Symantec Downloader.Upatre
Tencent Win32.Trojan.Inject.Auto
TrendMicro TROJ_UPATRE.YYSO
TrendMicro-HouseCall TROJ_UPATRE.YYSO
VIPRE Win32.Malware!Drop

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < ushrb@brainkast.com>
NOTE : Received : from unknown (HELO HJPSMPV) (14.168.92.95)


NOTE : Scanned Image

Friday, January 30, 2015

Fax = Trojan

Fax message (Fax #0086091)

http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000

Fax message (Fax #0458849)

http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000

Fax message (Fax #3457735)

http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000

Fax message (Fax #4644306)

http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000

Fax message (Fax #6410561)

http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000

Email analysis for 5 emails :

NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)

pristineusa.com whois :

Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com

hifafarah.com whois :

Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com

get-the-best.com whois :

Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM

Analysis of link

- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.

Analysis of file

ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP

Thursday, January 22, 2015

Incoming Fax Report

************************************
INCOMING FAX REPORT
************************************

Date/Time: Tuesday, 21.01.2015
Speed: 123bps
Connection time: 01:06
Page: 3
Resolution: Normal
Remote ID: 871-748-171158
Line number: 9
DTMF/DID:
Description: Internal only

************************************

FAX-id9123912481712931.zip

Email analysis :

NOTE : no-reply@premium-fax.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < respellsrcwe1918@regalix.com >
NOTE : Remote : 82.130.246.56 (56.82-130-246.static.clientes.euskaltel.es)
NOTE : Incoming Fax Report

FAX-id9123912481712931.zip analysis :

AVG Generic36.ARVN 20150122
AVware Trojan.Win32.Generic!BT 20150122
Ad-Aware Trojan.GenericKD.2099790 20150122
Avast Win32:Trojan-gen 20150122
Avira TR/Crowti.A.152 20150122
BitDefender Trojan.GenericKD.2099790 20150122
CMC Trojan.Win32.Krap.2!O 20150120
Cyren W32/Trojan.SNJZ-4571 20150122
DrWeb Trojan.Encoder.514 20150122
ESET-NOD32 Win32/Filecoder.CO 20150122
Emsisoft Trojan.GenericKD.2099790 (B) 20150122
F-Prot W32/Trojan3.NGI 20150122
F-Secure Trojan.GenericKD.2099790 20150122
GData Trojan.GenericKD.2099790 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Trojan ( 7000000c1 ) 20150122
K7GW Trojan ( 7000000c1 ) 20150122
Kaspersky Trojan-Ransom.Win32.Blocker.gkdv 20150122
McAfee Artemis!20834704BF1B 20150122
MicroWorld-eScan Trojan.GenericKD.2099790 20150122
Microsoft Ransom:Win32/Crowti.A 20150122
Qihoo-360 Win32/Trojan.Multi.daf 20150122
Sophos Mal/DrodZp-A 20150122
Symantec Trojan.Cryptolocker.F 20150122
Tencent Win32.Trojan.Inject.Auto 20150122
TrendMicro TROJ_FILECODER.K 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
nProtect Trojan.GenericKD.2099790 20150122