Temos uma mensagem para voce - Alfa

Boleto de Cobrança Referente ao pedido: 00197742

Caro(a) cliente

Informo que a duplicata com vencimento em 05/07 no valor de R$2.554,07 não foi paga.
Faça o download da 2ª via da duplicata atualizada para pagamento.

Download boleto atualizado

Aguardamos o pagamento do boleto. O não pagamento do acordo nos prazos estabelecidos
acarretara multa e juros de mora de 0,5% (meio por cento) ao dia.

Atenciosamente.
Aldo A. Silva
Setor Financeiro.
Alfa finaceira Ltda
CNPJ: 61.198.164/0001-60

ref: 933170

[Time_long]

Virus analysis

CLICK : Download boleto atualizado
OPEN : http://bit.ly/1e0X1SA
DOWNLOAD FILE : Documento_N_908301238HAK38-31.zip
SHA256 : 50fb97d11dc2dfd85ebf2242aa8919829ac955906094f1868d13dadabda45ffe
Avast : Win32:Malware-gen
Baidu-International : Trojan.Win32.Downloader.aa
DrWeb : Trojan.MulDrop5.63051
Kaspersky : HEUR:Trojan-Downloader.Win32.Generic
Sophos : Mal/BredoZp-B

Email analysis :

NOTE : melissa.santana@trifil.com.br
NOTE : Received : from vps2477.vpsunit.com (83.125.87.89)
NOTE : 83.125.87.89 (vps2477.vpsunit.com)

Rép : Purchase Order

Good day,

I am Sandra Matinez from Garnet Chemicals Here in Tennessee Unites State. We am urgently in need of the attached product please send us more details and quote your best price of the product .

I are looking forward to your early reply.
Regards,

Regards
Sandra
Garnet Chemical
150 East 58th Street
Main Floor A+D Building - 10155
Tennessee, City, Chattanooga
Direct Mobile: +14237098388
Email: sandra.matinz@aol.com
Email: sandra.m@garnetchemicals.com

Purchase Order.ace

File analysis : Purchase Order.ace

SHA256 : ac5a73fa12ef31c352342af6fa0c1afc7b4731044d575dbbcff92a0ed00b3454
AVG : Luhe.Fiha.A
ESET-NOD32 : a variant of MSIL/Injector.KUC
Ikarus : Trojan.MSIL.Injector
Sophos : Mal/DrodAce-A

Email analysis :

NOTE : sandra.matinz@aol.com
NOTE : smatinz@hitachi-koki.com.sg
NOTE : Received : from [52.2.188.185]
NOTE : (account prohorova@wiegand-logistics.ru HELO WIN-POBK0T90HNH.ec2.internal)
NOTE : by backend12.aha.ru (CommuniGate Pro SMTP 4.3.11)
NOTE : Received : from aha.ru (backend12.aha.ru. [62.113.86.201])

Facture n 87/48/00220 ,BRIANT

Bonjour,

tu vois morad en fin de journée, mais au cas où
voici les factures misent à jour,
factures N°6 pour la PP et la villa étageet facture des peintures très bonne fin de journée,

Chadwick BRIANT

87_48_00220.doc

File analysis :

OPEN : 87_48_00220.doc
RESULT 87_48_00220.doc is a virus.

Email analysis :

NOTE : Received : from 401mac.401trucksource.com (207.54.122.181)
NOTE : chadwickbriantsu@401mac.401trucksource.com
NOTE : TCMime 1.0 by Tencent
NOTE : QQMail 2.x
NOTE : X-Originating-Ip : 207.54.122.181

Virus analysis :

FIle : 87_48_00220.doc
SHA256 : a912466c03f5cea660b98468277f01fc66492a4dee7c014f15cfa5508312db29
AVG : Generic13_c.AEAY
Arcabit : HEUR.VBA.Trojan
Avast : Other:Malware-gen [Trj]
Avira : W97M/Agent.18522
BitDefender : Trojan.Doc.Downloader.DW
DrWeb : VBS.Dropper.61
Emsisoft : Trojan.Doc.Downloader.DW (B)
F-Secure : Trojan.Doc.Downloader.DW
Fortinet : WM/Agent!tr
GData : Trojan.Doc.Downloader.DW
Kaspersky : Trojan-Downloader.MSWord.Agent.oc
McAfee : W97M/Downloader.ajz
MicroWorld-eScan : Trojan.Doc.Downloader.DW
Microsoft : TrojanDownloader:W97M/Adnel
Sophos : Troj/DocDl-TF
Symantec : W97M.Downloader
TrendMicro : W2KM_BA.AB553B8F
TrendMicro-HouseCall : W2KM_BA.AB553B8F

revised order ( Virus )

Dear Sir,

Attach is our revised order, Waiting for your invoice

Thank you.
Ahmed Ragheb
Assad Business LLC
Tel:86-22-28246951

Download

File analysis :

CLICK : Download
OPEN : http://ge.tt/api/1/files/649DtgJ2/0/blob?download
DOWNLOAD : Revised Order..........rar
CONCLUSION : This is a virus.

Virus analysis :

SHA256: 6c6ff658c9a8c574898c139d40069db25e2f3377615269e35ae29ee3d2a17db5

AVG MSIL8.APEG
Ad-Aware Gen:Heur.MSIL.Androm.10
Arcabit Trojan.MSIL.Androm.10
Avast Win32:Malware-gen
Avira TR/Dropper.MSIL.52174
BitDefender Gen:Heur.MSIL.Androm.10
DrWeb Trojan.DownLoader14.27222
ESET-NOD32 a variant of MSIL/Injector.KNB
Emsisoft Gen:Heur.MSIL.Androm.10 (B)
F-Secure Gen:Heur.MSIL.Androm.10
GData Win32.Trojan-Dropper.Agent.GP
Kaspersky Trojan.MSIL.Inject.ccfx
Malwarebytes Spyware.Password
McAfee Dropper-FOC!BABC3B054967
MicroWorld-eScan Gen:Heur.MSIL.Androm.10
Panda Generic Suspicious 20150705
Sophos Mal/MSIL-OY
Symantec Suspicious.Cloud.5
TrendMicro HEUR_NAMETRICK.B
TrendMicro-HouseCall TROJ_GE.FE94127C

Email analysis :

NOTE : md.hashem2012@gmail.com
NOTE : Received : by 10.194.125.14 with HTTP

Nota Fiscal de Serviços 29/06.

Nota Fiscal de Serviços Eletrônica
-------------------------
Série: 003
Número: 000.017.161
Data de emissão: 29/06/2015
Chave de acesso: Visualizar

Número do protocolo de autorização de uso: 1311310426761090
----------------------------------------
ROD FERNÃO DIAS, S/N, S/N - KM 813
CRUZ ALTA,
CEP: 37550-000 FONE: 3538298009

Virus Analysis :

NOTE : http://bit.ly/1NunmVk

NOTE : https://www.dropbox.com/s/kdp46m0rc2hjild/NFSe.0187317HA7Y3HA713123.rar?dl=1

Email analysis :

NOTE : renata.seixas@aggreko.com.br
NOTE : Received : from vps2370.vpsunit.com (83.125.87.20)
NOTE : Received : by vps2370.vpsunit.com

My Resume

Hey.

I saw your business today Fri, 12 Jun 2015 and found it very interesting. I was hoping there was any possibility of internship, just to prove my competence. As you will see in my attached CV, I am very qualified and have a very sweeping experience in this line of employment. I am confident it will be worth your time reading it, and I am even more confident you will find me very suitable in your company.

Please see my attached CV.

I'm very much looking forward to hearing from you.
Respectfully,

Gail Kosyla

My_Resume_2426.doc

Email analysis :

NOTE : rafaellostirling@yahoo.com
NOTE : client-ip=67.195.87.25;

File analysis :

My_Resume_2426.doc is a virus.

Virus analysis :

CAT-QuickHeal : O97M.Dropper.BR
ESET-NOD32 : VBA/TrojanDownloader.Agent.UK
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.O2LT4A
Ikarus : Trojan-Downloader.VBA.Agent
NANO-Antivirus : Trojan.Script.Agent.dslepx
Sophos : Troj/DocDl-QT
Symantec : W97M.Downloader
TrendMicro : W2KM_DLOADER.HB
TrendMicro-HouseCall : Suspicious_GEN.F47V0612

ACHATS EMBALLAGES

Bonjour,

Vous trouverez en pièce jointe la facture toujours en attente de règlement depuis le mois de Septembre d’un montant de 1927.80 €.

Pouvez-vous faire le nécessaire ASAP.

Stella Tryba

ACHATS EMBALLAGES

147C_553956074A.doc

Email analysis :

NOTE : StellaTrybams@mail1.zhr.cz
NOTE : Received : from mail1.zhr.cz (77.48.20.246)
NOTE : X-Mozilla-Draft-Info : internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0; attachmentreminder=0
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

File analysis :

NOTE : OPEN : 147C_553956074A.doc
RESULT : VIRUS

Virus analysis :

Arcabit HEUR.VBA.Trojan

Rép :Re:Re:NEW ORDER‏‎ (Virus)

l have checked and back to you again, please check the attached Purchase Order and see the products and quantities WE needs and quote your best price by issuing us price list and Perform Invoice accordingly.you will see the specific brand,description of the product we want your company to supply to us. We expect to hear from you shortly to enable us set with the purchase arrangement/agreement once the price is competitive and we get your assurance on the quality of the products.

Your early reply is highly appreciated.

Thank You !
Regards
Mis.July Doin
Vice General Manager
---------------------------------------------------------
Purchasing Manager
Addweden Svenska SAP
Svenska AB 151 D Zip Code:55652
Tel:46-858-780000/Fax:46-858-780001
Email:julydoin1@hotmail.com

Email analysis :

NOTE : Julydoin@hotmail.com
NOTE : royalbankofscotlandn@gmail.com

Virus analysis :

SHA256: 64d7f46ef678cb27e60a7992be9f5095eb5b61b959a16d4cb9441757349fba11
FILENAME : NEW ORDER.ace
==================================
AVG : MSIL2.BGGQ
Ad-Aware : Gen:Variant.Kazy.263448
Avast : MSIL:GenMalicious-RW [Trj]
Avira : TR/Meredrop.EB.1
BitDefender : Gen:Variant.Kazy.263448
ESET-NOD32 : a variant of MSIL/Injector.BYE
Emsisoft : Gen:Variant.Kazy.263448 (B)
F-Secure : Gen:Variant.Kazy.263448
GData : Gen:Variant.Kazy.263448
Ikarus : Backdoor.Androm
Kaspersky : Trojan-Dropper.Win32.Sysn.aweg
MicroWorld-eScan : Gen:Variant.Kazy.263448
Panda : Generic Malware
Sophos : Mal/DrodAce-A
==================================

Invoices

Please review the attached invoices and pay them at your earliest convenience. Feel free to contact us if you have any questions.

Thank you.

Email analysis :

NOTE : application@hmrc.gov.uk
NOTE : soundesti7@compufort.com
NOTE : Received : from [110.120.202.131]
NOTE : (port=19367 helo=[192.168.4.77])
NOTE : by 69.3.15.254

Virus analysis :

AVG FakeAlert
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2427700
Avast Win32:Trojan-gen
Avira TR/Crypt.Xpack.230760
Baidu-International Trojan.Win32.BitWall.ia
BitDefender Trojan.GenericKD.2427700
Cyren W32/Trojan.RXVE-1253
DrWeb Trojan.Click3.12191
ESET-NOD32 Win32/TrojanDownloader.Agent.BEL
Emsisoft Trojan.GenericKD.2427700 (B)
F-Prot W32/Trojan3.PUX
F-Secure Trojan.GenericKD.2427700
GData Trojan.GenericKD.2427700
Ikarus Trojan.Crypt
K7AntiVirus Trojan ( 7000000c1 )
K7GW Trojan ( 700001211 )
Kaspersky Trojan-Spy.Win32.BitWall.ia
Malwarebytes Trojan.Upatre.DG
McAfee Downloader-FAUU!06DC3128D83A
McAfee-GW-Edition New Malware.jj
MicroWorld-eScan Trojan.GenericKD.2427700
Microsoft TrojanDownloader:Win32/Ruckguv.A
Panda Trj/Chgt.O
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Invo-Zip
Symantec Infostealer.Limitail
Tencent Win32.Trojan.Fakedoc.Auto
TrendMicro TROJ_DLOADR.DYR
TrendMicro-HouseCall Suspicious_GEN.F47V0520
VIPRE Win32.Malware!Drop
ViRobot Backdoor.Win32.S.Agent.52736.AF[h]
nProtect Trojan.GenericKD.2427700

My Resume

Hey there,

I saw your website today Tue, 12 May 2015 and im really hoping there is a opening or other possibility to get a chance to prove my competence.
As you will see in my resume I have a broad experience and knowledge in this line of work and im confident it will be worth your time reading it.
I am excited to hearing from you.

Please see my attached CV.
Best regards,
James Hattersley

Sent from my iPhone

Email analysis :

NOTE : any_montes73141@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-4
NOTE : X-Mailer : iPhone Mail (9A405)

Virus analysis :

Open : CV_14131.doc
Check : This file is a virus.

AVware : LooksLike.Macro.Downloader.a (v)
Avast : Other:Malware-gen [Trj]
CAT-QuickHeal : O97M.Dropper.FK
ESET-NOD32 : VBA/TrojanDownloader.Agent.PP
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.22MP55
Ikarus : Trojan-Downloader.VBA.Agent
McAfee : W97M/Downloader.afs
McAfee-GW-Edition : W97M/Downloader.afs
Microsoft : TrojanDownloader:O97M/Donoff.gen!C
Sophos : Mal/DocDl-E
Symantec : W97M.Downloader
Tencent : Win32.Trojan-downloader.Agent.Efkp
TrendMicro-HouseCall : Suspicious_GEN.F47V0511
VIPRE : LooksLike.Macro.Downloader.a (v)

Hola my photo (Virus)

hola my new photo , send u photo

my_new_photo837847238947238947238472398.zip

Virus analysis :
Qihoo-360 : HEUR/QVM10.1.Malware.Gen
Sophos : Mal/Generic-S

Email analysis :

NOTE : hoeno0@networkadvertising.org
NOTE : Received : from [205.11.98.44] (helo=fklgamr.xvlhelxpewb.com)
NOTE : by with esmtpa (Exim 4.69) (envelope-from)

Scanned Image from a Xerox WorkCentre (Virus)

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.

Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip

WorkCentre Pro Location: Machine location not set
Device Name: ***.com

Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/

Email analysis :

NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)

File analysis :

ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006

NatWest Statement (Natwest Virus)

View Your March 2015 Online Financial Activity Statement

Keep track of your account with your latest Online Financial Activity Statement from NatWest Bank. It's available for you to view at this secure site. Just click to select how you would like to view your statement:

View/Download as a PDF
View all EStatements

So check out your statement right away, or at your earliest convenience.

Thank you for managing your account online.
Sincerely,

NatWest Bank

Please do not respond to this e-mail. If you have any questions about this inquiry message or your NatWest Bank Ū Merchant account, please speak to a Customer Service representative at 1-800-374-2639

NatWest Bank Customer Service Department
P.O. Box 414 | 38 Strand, WC2N 5JB, London
Copyright 2014 NatWest Company. All rights reserved.
AGNEUOMS0006001

Email analysis :

NOTE : noreply@natwest.com
NOTE : ldbsgw@brallc.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO IKAEMVMYO) (62.225.191.34)

FW: Important documents (Bank Of America Virus)

Cash Pro logo
Cash Pro logo
Important account documents

Reference: C85
Case number: 4690473

Please scan attached document and fax it to +1 (888) 589-3716.

Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager.

Yours faithfully

Signature Image

Rosalyn Chavez
Senior Manager
Bank of America Commercial Banking
Rosalyn.Chavez@bankofamerica.com

Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

2014 Bank of America Corporation. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.

AccountDocuments.zip

Email analysis :

NOTE : Rosalyn.Chavez@bankofamerica.com
NOTE : yvx@blaudieck.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO ACSKURDN) (83.231.81.43)

Virus analysis :

OPEN : AccountDocuments.zip
RESULT : AccountDocuments.zip is a VIRUS

ALYac : Trojan.GenericKD.2234787
AVG : Generic_s.ELW
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : TrojWare.Win32.UMal.~A
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Suspect-BW!0D6F95F76EEC
McAfee-GW-Edition : Suspect-BW!0D6F95F76EEC
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Invo-Zip
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Hfr
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0319
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2

JP Morgan Access Secure Message (Virus)

Please check attached file(s) for your latest account documents regarding your online account.

Alex Puckett
Level III Account Management Officer
817-283-1539 office
817-878-6079 cell Alex.Puckett@jpmorgan.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
2015 JPMorgan Chase & Co.

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

JP Morgan Access - Secure.zip

Email analysis :

NOTE : service@jpmorgan.com
NOTE : tenqvist@cc.oulu.fi
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 108-84-212-41.lightspeed.hstntx.sbcglobal.net (108.84.212.41)

Virus analysis :

OPEN : JP Morgan Access - Secure.zip
RESULT : JP Morgan Access - Secure.zip is a VIRUS

ALYac : Trojan.GenericKD.2234787
AVG : FakeAlert
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Upatre-FAAR!05E6E33D4259
McAfee-GW-Edition : Upatre-FAAR!05E6E33D4259
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-JB
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Fhz
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0320
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2

Please

Good Afternoon,

Please find attached notice regarding carriers pre-filing for an additional General Rate Increase for effective date of April 9, 2015. Please note, we are advising you of this filing in order to comply with FMC regulations. However, we feel it is unlikely that the carriers will be successful in implementing this increase, especially since the March 9th GRI has already been postponed to March 17th. We will continue to keep you updated as we receive additional information pertaining to these filed rate increases.

Phoenix Zhang-Shin

Director

P & J International Ltd
Calverley House, 55 Calverley Road
Tunbridge Wells, Kent, UK TN1 2TU

Tel: 0044 1892 525588
Fax: 0044 1892 522277
Mob: 0044 7771802252

This email and any attachments are confidential and solely for the use of the intended recipient. They may contain material protected by legal, professional or other privilege. All correspondence with and communication with us is governed by and subject to our Standard Terms and Conditions of Sale (March 2010) (Our STCs), a copy of which has been provided to you and which is available on request or on our web-site. Acknowledging receipt of and replying to this email constitutes acceptance of our STCs.

Email analysis :

NOTE : phoenix@pnjinternational.com

File analysis :

OPEN : documents-id323.zip
ANALYSIS : documents-id323.zip is a virus.

Virus analysis :

AVG : FakeAlert
Ad-Aware : Trojan.GenericKD.2214283
Avast : Win32:Malware-gen
Avira : TR/Rogue.pwsa
Baidu-International : Trojan.Win32.Waski.F
BitDefender : Trojan.GenericKD.2214283
ClamAV : Win.Trojan.Upatre-548
Comodo : UnclassifiedMalware
Cyren : W32/Trojan.OSAT-0643
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2214283 (B)
F-Prot : W32/Trojan3.OKK
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2214283
Ikarus : Trojan-Downloader.Win32.Upatre
Kaspersky : Trojan-Downloader.Win32.Upatre.ffm
Malwarebytes : Trojan.Upatre.FD
McAfee : Artemis!56D11447DF79
MicroWorld-eScan : Trojan.GenericKD.2214283
Microsoft : TrojanDownloader:Win32/Upatre.AY
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/EncPk-ANE
Tencent : Win32.Trojan.Downloader-pdf.Auto

VIRUS ASM

To obtain the ASM version contact me scamcz@gmail.com

Emailing: Serv-Ware Credit Application.pdf

--
Thanks,
Clint Winstead
Manager
Serv-Ware Products
clint@servware.com
phone: 800.768.5953
fax : 800.976.1299
www.servware.com

File analysis :

OPEN : Serv-WareCreditApplication.zip
ANALYSIS : VIRUS DETECTED.

Virus analysis :

AVG Generic_s.EHT
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2209679
Avast Win32:Malware-gen
Avira TR/Rogue.1539.aia
BitDefender Trojan.GenericKD.2209679
CAT-QuickHeal (Suspicious) - DNAScan
Cyren W32/Upatre.E2.gen!Eldorado
DrWeb Trojan.Upatre.140
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Trojan.GenericKD.2209679 (B)
F-Prot W32/Upatre.E2.gen!Eldorado
F-Secure Trojan.GenericKD.2209679
Fortinet W32/Kryptik.DBDO!tr
GData Trojan.GenericKD.2209679
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.vjy
Malwarebytes Trojan.Email.FakeDoc
McAfee Upatre-FAAR!8BEDB116B2AE
MicroWorld-eScan Trojan.GenericKD.2209679
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Agent-ALYH
Symantec Downloader.Upatre
Tencent Win32.Trojan.Rogue.Lnef
TrendMicro TROJ_UP.AFEFD391
TrendMicro-HouseCall Suspicious_GEN.F47V0309
VIPRE Win32.Malware!Drop
ViRobot Trojan.Win32.S.Downloader.27392.D[h]
nProtect Trojan.GenericKD.2209679

Email analysis :

NOTE : X-Remote : 67.165.217.44 (c-67-165-217-44.hsd1.co.comcast.net)
NOTE : Return-Path : clint@servware.com
NOTE : Received : from c-67-165-217-44.hsd1.co.comcast.net
NOTE : (HELO servware.com) (67.165.217.44)
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Emailing: Serv-Ware Credit Application.pdf

HSBC Payment (Virus)

Sir/Madam

Upon your request, attached please find payment e-Advice for your reference.


HSBC

***************************************************************************

We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by e-mail or otherwise to ask you to validate personal information such as your user ID, password, or account numbers. If you receive such a request, please call our Direct Financial Services hotline.

Please do not reply to this e-mail. Should you wish to contact us, please send your e-mail to commercialbanking@hsbc.com.hk and we will respond to you.

Note: it is important that you do not provide your account or credit card numbers, or convey any confidential information or banking instructions, in your reply mail.

Copyright. The Hongkong and Shanghai Banking Corporation Limited 2015. All rights reserved.

***************************************************************************

HSBC-2739.zip

Analysis :

OPEN : HSBC-2739.zip
NOTE : HSBC-2739.zip is a virus

Virus analysis :

ALYac : Trojan.GenericKD.2203557
AVG : Generic_s.EHP
AVware : Trojan.Win32.Generic.pak!cobra
Ad-Aware : Trojan.GenericKD.2203557
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Angles.24012
Baidu-International : Trojan.Win32.Upatre.vje
BitDefender : Trojan.GenericKD.2203557
ClamAV : Win.Trojan.Agent-851779
Cyren : W32/Trojan.IATT-2425
DrWeb : Trojan.Upatre.144
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Emsisoft : Trojan.GenericKD.2203557 (B)
F-Prot : W32/Trojan3.OGD
F-Secure : Trojan.GenericKD.2203557
Fortinet : W32/Upatre.VJE!tr
GData : Trojan.GenericKD.2203557
Ikarus : Trojan.Win32.Emotet
K7AntiVirus : Trojan-Downloader ( 0048f6391 )
K7GW : Trojan-Downloader ( 0048f6391 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vje
Malwarebytes : Trojan.Upatre.FD
McAfee : RDN/Generic Downloader.x!mv
McAfee-GW-Edition : RDN/Generic Downloader.x!mv
MicroWorld-eScan : Trojan.GenericKD.2203557
Microsoft : TrojanDownloader:Win32/Upatre
Qihoo-360 : Win32/Trojan.d51
Sophos : Troj/Dyreza-DF
Symantec : Downloader.Upatre
TotalDefense : Win32/Tnega.fAAdaN
TrendMicro : TROJ_FR.97949EA3
TrendMicro-HouseCall : Suspicious_GEN.F47V0307
VIPRE : Trojan.Win32.Generic.pak!cobra
ViRobot : Trojan.Win32.S.Agent.29696.ASK[h]

Email analysis :

NOTE : Mime-Version : 1.0
NOTE : Return-Path : < no-replay@hsbc.co.uk >
NOTE : X-Ovh-Remote : 221.155.165.78 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO hsbc.co.uk) (221.155.165.78)
NOTE : HSBC Payment

Air Canada e-ticket Virus

Dear client,

Your online order has been successfully completed and your credit card has been charged.

FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD

The seat number and additional information regarding the flight can be found on the attached e-ticket.

Thank you for choosing Air Canada
e-ticket_79010838.doc

Virus analysis :

OPEN : e-ticket_79010838.doc
ANALYSIS :

ALYac Trojan.Downloader.JRLZ
AVG Generic12_c.AETQ
Ad-Aware Trojan.Downloader.JRLZ
AhnLab-V3 X97M/Downloader
Avast MO97:Downloader-LX [Trj]
Avira WM/Dldr.Agent.asdl
BitDefender Trojan.Downloader.JRLZ
CAT-QuickHeal W97M.Dropper.CK
Comodo UnclassifiedMalware
Cyren W97M/Tarbir
ESET-NOD32 VBA/TrojanDownloader.Agent.JD
Emsisoft Trojan.Downloader.JRLZ (B)
F-Prot New
F-Secure Trojan.Downloader.JRLZ
Fortinet WM/Agent!tr
GData Trojan.Downloader.JRLZ
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.fg
McAfee W97M/Downloader.adx
McAfee-GW-Edition W97M/Downloader.adx
MicroWorld-eScan Trojan.Downloader.JRLZ
Microsoft TrojanDownloader:O97M/Bartallex.gen
Norman DLoader.ATMLY
Panda W97M/Downloader
Sophos Troj/DocDl-GF
Symantec W97M.Downloader
TrendMicro W2KM_BARTALEX.EU
TrendMicro-HouseCall W2KM_BARTALEX.EU
nProtect Trojan.Downloader.JRLZ

BBB SBQ Form #5488(Ref#83-497-0-4) (BBB VIRUS)

Thank you for supporting your Better Business Bureau (BBB).

As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.

We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)

Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.

Thank you again for your support, and we look forward to receiving this updated information.

Sincerely,

Accreditation Services

SBQForm07182.zip

OPEN : SBQForm07182.zip

Virus Analysis :

OPEN : SBQForm07182.zip
RESULT :

Avast Win32:Evo-gen [Susp]
CMC Packed.Win32.Katusha.3!O
ESET-NOD32 a variant of Win32/Injector.BVRZ
McAfee Downloader-FAHF!3D0C52C03CD0
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Mal/Generic-S
Tencent Win32.Trojan.Inject.Auto

Email analysis :

NOTE : no-replay@bbb.com
NOTE : X-Remote : 89.120.40.73 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO bbb.com) (89.120.40.73)