Sir/Madam
Upon your request, attached please find payment e-Advice for your reference.
HSBC
***************************************************************************
We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by e-mail or otherwise to ask you to validate personal information such as your user ID, password, or account numbers. If you receive such a request, please call our Direct Financial Services hotline.
Please do not reply to this e-mail. Should you wish to contact us, please send your e-mail to commercialbanking@hsbc.com.hk and we will respond to you.
Note: it is important that you do not provide your account or credit card numbers, or convey any confidential information or banking instructions, in your reply mail.
Copyright. The Hongkong and Shanghai Banking Corporation Limited 2015. All rights reserved.
***************************************************************************
HSBC-2739.zip
Analysis :
OPEN : HSBC-2739.zip
NOTE : HSBC-2739.zip is a virus
Virus analysis :
ALYac : Trojan.GenericKD.2203557
AVG : Generic_s.EHP
AVware : Trojan.Win32.Generic.pak!cobra
Ad-Aware : Trojan.GenericKD.2203557
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Angles.24012
Baidu-International : Trojan.Win32.Upatre.vje
BitDefender : Trojan.GenericKD.2203557
ClamAV : Win.Trojan.Agent-851779
Cyren : W32/Trojan.IATT-2425
DrWeb : Trojan.Upatre.144
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Emsisoft : Trojan.GenericKD.2203557 (B)
F-Prot : W32/Trojan3.OGD
F-Secure : Trojan.GenericKD.2203557
Fortinet : W32/Upatre.VJE!tr
GData : Trojan.GenericKD.2203557
Ikarus : Trojan.Win32.Emotet
K7AntiVirus : Trojan-Downloader ( 0048f6391 )
K7GW : Trojan-Downloader ( 0048f6391 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vje
Malwarebytes : Trojan.Upatre.FD
McAfee : RDN/Generic Downloader.x!mv
McAfee-GW-Edition : RDN/Generic Downloader.x!mv
MicroWorld-eScan : Trojan.GenericKD.2203557
Microsoft : TrojanDownloader:Win32/Upatre
Qihoo-360 : Win32/Trojan.d51
Sophos : Troj/Dyreza-DF
Symantec : Downloader.Upatre
TotalDefense : Win32/Tnega.fAAdaN
TrendMicro : TROJ_FR.97949EA3
TrendMicro-HouseCall : Suspicious_GEN.F47V0307
VIPRE : Trojan.Win32.Generic.pak!cobra
ViRobot : Trojan.Win32.S.Agent.29696.ASK[h]
Email analysis :
NOTE : Mime-Version : 1.0
NOTE : Return-Path : < no-replay@hsbc.co.uk >
NOTE : X-Ovh-Remote : 221.155.165.78 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO hsbc.co.uk) (221.155.165.78)
NOTE : HSBC Payment
Sunday, March 8, 2015
Thursday, March 5, 2015
Air Canada e-ticket Virus
Dear client,
Your online order has been successfully completed and your credit card has been charged.
FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD
The seat number and additional information regarding the flight can be found on the attached e-ticket.
Thank you for choosing Air Canada
e-ticket_79010838.doc
Virus analysis :
OPEN : e-ticket_79010838.doc
ANALYSIS :
ALYac Trojan.Downloader.JRLZ
AVG Generic12_c.AETQ
Ad-Aware Trojan.Downloader.JRLZ
AhnLab-V3 X97M/Downloader
Avast MO97:Downloader-LX [Trj]
Avira WM/Dldr.Agent.asdl
BitDefender Trojan.Downloader.JRLZ
CAT-QuickHeal W97M.Dropper.CK
Comodo UnclassifiedMalware
Cyren W97M/Tarbir
ESET-NOD32 VBA/TrojanDownloader.Agent.JD
Emsisoft Trojan.Downloader.JRLZ (B)
F-Prot New
F-Secure Trojan.Downloader.JRLZ
Fortinet WM/Agent!tr
GData Trojan.Downloader.JRLZ
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.fg
McAfee W97M/Downloader.adx
McAfee-GW-Edition W97M/Downloader.adx
MicroWorld-eScan Trojan.Downloader.JRLZ
Microsoft TrojanDownloader:O97M/Bartallex.gen
Norman DLoader.ATMLY
Panda W97M/Downloader
Sophos Troj/DocDl-GF
Symantec W97M.Downloader
TrendMicro W2KM_BARTALEX.EU
TrendMicro-HouseCall W2KM_BARTALEX.EU
nProtect Trojan.Downloader.JRLZ
Your online order has been successfully completed and your credit card has been charged.
FLIGHT NUMBER CX89014CA
DATE & TIME / MARCH 6rd , 14:15
DEPARTURE / Toronto
TOTAL PRICE / 450 CAD
The seat number and additional information regarding the flight can be found on the attached e-ticket.
Thank you for choosing Air Canada
e-ticket_79010838.doc
Virus analysis :
OPEN : e-ticket_79010838.doc
ANALYSIS :
ALYac Trojan.Downloader.JRLZ
AVG Generic12_c.AETQ
Ad-Aware Trojan.Downloader.JRLZ
AhnLab-V3 X97M/Downloader
Avast MO97:Downloader-LX [Trj]
Avira WM/Dldr.Agent.asdl
BitDefender Trojan.Downloader.JRLZ
CAT-QuickHeal W97M.Dropper.CK
Comodo UnclassifiedMalware
Cyren W97M/Tarbir
ESET-NOD32 VBA/TrojanDownloader.Agent.JD
Emsisoft Trojan.Downloader.JRLZ (B)
F-Prot New
F-Secure Trojan.Downloader.JRLZ
Fortinet WM/Agent!tr
GData Trojan.Downloader.JRLZ
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.fg
McAfee W97M/Downloader.adx
McAfee-GW-Edition W97M/Downloader.adx
MicroWorld-eScan Trojan.Downloader.JRLZ
Microsoft TrojanDownloader:O97M/Bartallex.gen
Norman DLoader.ATMLY
Panda W97M/Downloader
Sophos Troj/DocDl-GF
Symantec W97M.Downloader
TrendMicro W2KM_BARTALEX.EU
TrendMicro-HouseCall W2KM_BARTALEX.EU
nProtect Trojan.Downloader.JRLZ
BBB SBQ Form #5488(Ref#83-497-0-4) (BBB VIRUS)
Thank you for supporting your Better Business Bureau (BBB).
As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.
We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)
Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.
Thank you again for your support, and we look forward to receiving this updated information.
Sincerely,
Accreditation Services
SBQForm07182.zip
OPEN : SBQForm07182.zip
Virus Analysis :
OPEN : SBQForm07182.zip
RESULT :
Avast Win32:Evo-gen [Susp]
CMC Packed.Win32.Katusha.3!O
ESET-NOD32 a variant of Win32/Injector.BVRZ
McAfee Downloader-FAHF!3D0C52C03CD0
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Mal/Generic-S
Tencent Win32.Trojan.Inject.Auto
Email analysis :
NOTE : no-replay@bbb.com
NOTE : X-Remote : 89.120.40.73 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO bbb.com) (89.120.40.73)
As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.
We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)
Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.
Thank you again for your support, and we look forward to receiving this updated information.
Sincerely,
Accreditation Services
SBQForm07182.zip
OPEN : SBQForm07182.zip
Virus Analysis :
OPEN : SBQForm07182.zip
RESULT :
Avast Win32:Evo-gen [Susp]
CMC Packed.Win32.Katusha.3!O
ESET-NOD32 a variant of Win32/Injector.BVRZ
McAfee Downloader-FAHF!3D0C52C03CD0
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Mal/Generic-S
Tencent Win32.Trojan.Inject.Auto
Email analysis :
NOTE : no-replay@bbb.com
NOTE : X-Remote : 89.120.40.73 ()
NOTE : User-Agent : Roundcube Webmail/1.1.0
NOTE : Received : from unknown (HELO bbb.com) (89.120.40.73)
Saturday, February 28, 2015
Matthew Fleming your agent Fedex
Dear Customer,
We tried to deliver your item on February 25th, 2014, 09:45 AM. The delivery attempt failed because the address was business closed or nobody could sign for it. To pick up the parcel,please, print the receipt that is attached to this email and visit Fedex office indicated in the invoice.
If the package is not picked up within 48 hours, it will be returned to the sender.
Label/Receipt Number: 44364578782324450
Expected Delivery Date: February 25th, 2014
Class: International Package Service
Service(s): Delivery Confirmation
Status: Notification sent
Thank you
Copyright© 2015 FEDEX. All Rights Reserved.
*** This is an automatically generated email, please do not reply ***
Package.zip
Email analysis :
NOTE : fedexsupport@pack.net
NOTE : fedextechsupport@pack.com
NOTE : hastie@mareebakidscampus.com.au
NOTE : Received : from host-92-22-197-80.as13285.net
NOTE : ([92.22.197.80]:54492 helo=gzlvoyzrbwepqapwirs) by vps1.imagesmithhosting.com
Virus Analysis :
OPEN : Package.zip
RESULT :
ALYac : Trojan.GenericKD.2188524
AVG : Downloader.Small.NON
Ad-Aware : Trojan.GenericKD.2188524
Avast : Win32:Malware-gen
Avira : TR/Crypt.ZPACK.121693
BitDefender : Trojan.GenericKD.2188524
Cyren : W32/Injector.JMET-1851
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AK
Emsisoft : Trojan.GenericKD.2188524 (B)
F-Prot : W32/Injector.QL
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/Androm.AK!tr.bdr
GData : Trojan.GenericKD.2188524
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Backdoor.Win32.Androm.gjey
McAfee : RDN/Generic.dx!djn
MicroWorld-eScan : Trojan.GenericKD.2188524
Microsoft : Worm:Win32/Gamarue
Qihoo-360 : HEUR/QVM07.1.Malware.Gen
Sophos : Mal/Wonton-G
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_GE.ED42C15B
TrendMicro-HouseCall : Suspicious_GEN.F47V0228
VBA32 : BScope.Trojan-Spy.Zbot
VIPRE : Trojan.Win32.Generic!BT
We tried to deliver your item on February 25th, 2014, 09:45 AM. The delivery attempt failed because the address was business closed or nobody could sign for it. To pick up the parcel,please, print the receipt that is attached to this email and visit Fedex office indicated in the invoice.
If the package is not picked up within 48 hours, it will be returned to the sender.
Label/Receipt Number: 44364578782324450
Expected Delivery Date: February 25th, 2014
Class: International Package Service
Service(s): Delivery Confirmation
Status: Notification sent
Thank you
Copyright© 2015 FEDEX. All Rights Reserved.
*** This is an automatically generated email, please do not reply ***
Package.zip
Email analysis :
NOTE : fedexsupport@pack.net
NOTE : fedextechsupport@pack.com
NOTE : hastie@mareebakidscampus.com.au
NOTE : Received : from host-92-22-197-80.as13285.net
NOTE : ([92.22.197.80]:54492 helo=gzlvoyzrbwepqapwirs) by vps1.imagesmithhosting.com
Virus Analysis :
OPEN : Package.zip
RESULT :
ALYac : Trojan.GenericKD.2188524
AVG : Downloader.Small.NON
Ad-Aware : Trojan.GenericKD.2188524
Avast : Win32:Malware-gen
Avira : TR/Crypt.ZPACK.121693
BitDefender : Trojan.GenericKD.2188524
Cyren : W32/Injector.JMET-1851
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AK
Emsisoft : Trojan.GenericKD.2188524 (B)
F-Prot : W32/Injector.QL
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/Androm.AK!tr.bdr
GData : Trojan.GenericKD.2188524
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Backdoor.Win32.Androm.gjey
McAfee : RDN/Generic.dx!djn
MicroWorld-eScan : Trojan.GenericKD.2188524
Microsoft : Worm:Win32/Gamarue
Qihoo-360 : HEUR/QVM07.1.Malware.Gen
Sophos : Mal/Wonton-G
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_GE.ED42C15B
TrendMicro-HouseCall : Suspicious_GEN.F47V0228
VBA32 : BScope.Trojan-Spy.Zbot
VIPRE : Trojan.Win32.Generic!BT
{Filename?} Re Transfer Slip
Atención: Este mensaje contenía uno o más anexos que han sido eliminados
Atención: (TRF-CPY01099.zip, TRF-CPY01099.JPG.exe).
Atención: Por favor, lea el(los) anexo(s) "aviauto-Attachment-Warning.txt" para más información.
Good Day,
Kindly find attached swift copy for $200,000.00 paid into your account today. Balance will be remitted in coming week. Advice when money has been received.
Accounts Department
Chung Lin,
Country Manager
Kaiser Business Consulting
27th Floor, Quill 7 KL Sentral
Jalan Stesen Sentral 5
Kuala Lumpur 50470 Malaysia
Tel: + 60 3 2776 6834
Fax: + 60 3 2776 6999
Website www.kaiserassociates.com
Email analysis :
NOTE : trencin@ekoqelet.sk
NOTE : stanleymtanaka@yahoo.com
NOTE : Received : from User (213-151-202-20.static.orange.sk [213.151.202.20])
NOTE : (authenticated bits=0) by mail.aviauto.net
File analysis :
Este es un mensaje del Servicio de ProtecciÛn de Virus para Correo ElectrÛnico MailScanner El archivo anexado original "TRF-CPY01099.zip" est· en la lista de anexos inaceptables para este sitio y el mismo ha sido reemplazado por este mensaje de aviso. Si desea recibir una copia del archivo anexado original, por favor envÌe un correo electrÛnico al departamento de soporte incluyendo este mensaje. Alternativamente, puede llamar a dicho departamento, teniendo el contenido de este mensaje a mano.
El Fri Feb 27 15:42:01 2015 el analizador de virus dijo:
MailScanner: Executable DOS/Windows programs are dangerous in email (TRF-CPY01099.JPG.exe) No programs allowed (TRF-CPY01099.JPG.exe) Nota para el departamento de soporte: Revisar en the aviauto (mail.aviauto.net) MailScanner en /var/spool/MailScanner/quarantine/20150227 (mensaje t1RKdVkP012668). (Postmaster - AVIAUTO www.aviauto.net For all your IT requirements visit: http://www.transtec.co.uk )
Atención: (TRF-CPY01099.zip, TRF-CPY01099.JPG.exe).
Atención: Por favor, lea el(los) anexo(s) "aviauto-Attachment-Warning.txt" para más información.
Good Day,
Kindly find attached swift copy for $200,000.00 paid into your account today. Balance will be remitted in coming week. Advice when money has been received.
Accounts Department
Chung Lin,
Country Manager
Kaiser Business Consulting
27th Floor, Quill 7 KL Sentral
Jalan Stesen Sentral 5
Kuala Lumpur 50470 Malaysia
Tel: + 60 3 2776 6834
Fax: + 60 3 2776 6999
Website www.kaiserassociates.com
Email analysis :
NOTE : trencin@ekoqelet.sk
NOTE : stanleymtanaka@yahoo.com
NOTE : Received : from User (213-151-202-20.static.orange.sk [213.151.202.20])
NOTE : (authenticated bits=0) by mail.aviauto.net
File analysis :
Este es un mensaje del Servicio de ProtecciÛn de Virus para Correo ElectrÛnico MailScanner El archivo anexado original "TRF-CPY01099.zip" est· en la lista de anexos inaceptables para este sitio y el mismo ha sido reemplazado por este mensaje de aviso. Si desea recibir una copia del archivo anexado original, por favor envÌe un correo electrÛnico al departamento de soporte incluyendo este mensaje. Alternativamente, puede llamar a dicho departamento, teniendo el contenido de este mensaje a mano.
El Fri Feb 27 15:42:01 2015 el analizador de virus dijo:
MailScanner: Executable DOS/Windows programs are dangerous in email (TRF-CPY01099.JPG.exe) No programs allowed (TRF-CPY01099.JPG.exe) Nota para el departamento de soporte: Revisar en the aviauto (mail.aviauto.net) MailScanner en /var/spool/MailScanner/quarantine/20150227 (mensaje t1RKdVkP012668). (Postmaster - AVIAUTO www.aviauto.net For all your IT requirements visit: http://www.transtec.co.uk )
Friday, February 13, 2015
Scanned Image
Please open the attached document.
This document was digitally sent to you using an HP Digital Sending device.
-------------------------------------------------------------------------------
This email has been scanned for viruses and spam.
-------------------------------------------------------------------------------
Image.zip
Image.zip analysis :
OPEN FILE : Image.zip
EXTRACT : Image.scr
AVware Win32.Malware!Drop
Ad-Aware Gen:Variant.Graftor.175463
AhnLab-V3 Trojan/Win32.MDA
Avast Win32:Trojan-gen
Avira TR/Agent.psxz.445
Baidu-International Trojan.Win32.Waski.F
BitDefender Gen:Variant.Graftor.175463
ClamAV Win.Trojan.Upatre-165
Cyren W32/Trojan.BKZM-6931
DrWeb Trojan.Upatre.125
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Gen:Variant.Graftor.175463 (B)
F-Prot W32/Trojan3.NUW
F-Secure Gen:Variant.Graftor.175463
Fortinet W32/Waski.F!tr
GData Gen:Variant.Graftor.175463
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.fbe
Malwarebytes Trojan.FakeMS.ED
McAfee Artemis!E85B4BDFB116
McAfee-GW-Edition BehavesLike.Win32.BadFile.mm
MicroWorld-eScan Gen:Variant.Graftor.175463
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Dyreza-CB
Symantec Downloader.Upatre
Tencent Win32.Trojan.Inject.Auto
TrendMicro TROJ_UPATRE.YYSO
TrendMicro-HouseCall TROJ_UPATRE.YYSO
VIPRE Win32.Malware!Drop
Email analysis :
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < ushrb@brainkast.com>
NOTE : Received : from unknown (HELO HJPSMPV) (14.168.92.95)
NOTE : Scanned Image
This document was digitally sent to you using an HP Digital Sending device.
-------------------------------------------------------------------------------
This email has been scanned for viruses and spam.
-------------------------------------------------------------------------------
Image.zip
Image.zip analysis :
OPEN FILE : Image.zip
EXTRACT : Image.scr
AVware Win32.Malware!Drop
Ad-Aware Gen:Variant.Graftor.175463
AhnLab-V3 Trojan/Win32.MDA
Avast Win32:Trojan-gen
Avira TR/Agent.psxz.445
Baidu-International Trojan.Win32.Waski.F
BitDefender Gen:Variant.Graftor.175463
ClamAV Win.Trojan.Upatre-165
Cyren W32/Trojan.BKZM-6931
DrWeb Trojan.Upatre.125
ESET-NOD32 Win32/TrojanDownloader.Waski.F
Emsisoft Gen:Variant.Graftor.175463 (B)
F-Prot W32/Trojan3.NUW
F-Secure Gen:Variant.Graftor.175463
Fortinet W32/Waski.F!tr
GData Gen:Variant.Graftor.175463
Ikarus Trojan-Downloader.Win32.Upatre
Kaspersky Trojan-Downloader.Win32.Upatre.fbe
Malwarebytes Trojan.FakeMS.ED
McAfee Artemis!E85B4BDFB116
McAfee-GW-Edition BehavesLike.Win32.BadFile.mm
MicroWorld-eScan Gen:Variant.Graftor.175463
Microsoft TrojanDownloader:Win32/Upatre
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Dyreza-CB
Symantec Downloader.Upatre
Tencent Win32.Trojan.Inject.Auto
TrendMicro TROJ_UPATRE.YYSO
TrendMicro-HouseCall TROJ_UPATRE.YYSO
VIPRE Win32.Malware!Drop
Email analysis :
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < ushrb@brainkast.com>
NOTE : Received : from unknown (HELO HJPSMPV) (14.168.92.95)
NOTE : Scanned Image
Friday, January 30, 2015
Fax = Trojan
Fax message (Fax #0086091)
http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000
Fax message (Fax #0458849)
http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000
Fax message (Fax #3457735)
http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000
Fax message (Fax #4644306)
http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000
Fax message (Fax #6410561)
http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000
Email analysis for 5 emails :
NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)
pristineusa.com whois :
Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com
hifafarah.com whois :
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com
get-the-best.com whois :
Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM
Analysis of link
- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.
Analysis of file
ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP
http://79.96.148.163/.~NEW_RECEIVED_FAX/incoming.html
Sent date: Thu, 22 Jan 2015 15:00:49 +0000
Fax message (Fax #0458849)
http://pristineusa.com/~_RECEIVED~FAX~MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:13:35 +0000
Fax message (Fax #3457735)
http://hifafarah.com/._RECEIVED.MESSAGES/incoming-fax_letter.html
Sent date: Thu, 22 Jan 2015 15:26:03 +0000
Fax message (Fax #4644306)
http://89.161.234.149/-_NEW_RECEIVED.FAX_MESSAGES/incoming.fax~letter.html
Sent date: Thu, 22 Jan 2015 15:08:31 +0000
Fax message (Fax #6410561)
http://www.get-the-best.com/~_RECEIVED.FAX_MESSAGES/incoming.html
Sent date: Thu, 22 Jan 2015 15:16:23 +0000
Email analysis for 5 emails :
NOTE : Received : from unknown (HELO my-fax.com) (85.133.33.10)
NOTE : Received : from unknown (HELO my-fax.com) (40.131.4.2)
NOTE : Received : from unknown (HELO my-fax.com) (91.183.230.243)
NOTE : Received : from unknown (HELO my-fax.com) (66.203.160.26)
NOTE : Received : from unknown (HELO my-fax.com) (64.20.199.98)
pristineusa.com whois :
Registrant Name: PRISTINE SOFTWARE
Registrant Organization: PRISTINE SOFTWARE
Registrant Street: 1411 W. Covell Blvd Ste 106
Registrant City: Davis
Registrant State/Province: CA
Registrant Postal Code: 95616
Registrant Country: US
Registrant Phone: +1.5307584484
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: mmadani@pristineusa.com
hifafarah.com whois :
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Pkwy West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9027492701
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: 24ebf0cf0a16123311014b9d998ad564@domaindiscreet.com
get-the-best.com whois :
Registry Admin ID: Admin Name: Lentz, Eduardo
Admin Organization: Get The Best, Inc.
Admin Street: P.O. Box 18630
Admin City: Boulder
Admin State/Province: CO
Admin Postal Code: 80308
Admin Country: US
Admin Phone: (303) 941-2118
Admin Fax: 999 999 9999
Admin Email: gtbusa@IX.NETCOM.COM
Analysis of link
- CLICK LINK
- DOWNLOAD FILE : (fax_message72933.zip)
- EXTRACT FILE : fax_message23055.exe
- PAGE REDIRECTED TO FAX SERVICE WEBSITE.
Analysis of file
ALYac : Trojan.Upatre.J
AVG : Downloader.Generic14.IJZ
AVware : Trojan-Downloader.Win32.Upatre.ao (v)
Ad-Aware : Trojan.Upatre.J
Agnitum : Trojan.Staser!
AhnLab-V3 : Win-Trojan/Downloader.38400.FA
Antiy-AVL : Trojan/Win32.Staser
Avast : Win32:Trojan-gen
Avira : TR/Dldr.Kryptik.pza
BitDefender : Trojan.Upatre.J
ByteHero : Virus.Win32.Heur.c
CAT-QuickHeal : (Suspicious) - DNAScan
Comodo : TrojWare.Win32.TrojanDownloader.Waski.BA
Cyren : W32/Trojan.NMXE-6820
DrWeb : Trojan.Upatre.125
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.Upatre.J (B)
F-Prot : W32/Trojan3.NHH
F-Secure : Trojan-Downloader:W32/Upatre.J
Fortinet : W32/Kryptik.CWCJ!tr
GData : Trojan.Upatre.J
Ikarus : Trojan-Downloader.Waski
Jiangmin : Trojan/Staser.amk
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan.Win32.Staser.awvp
Malwarebytes : Trojan.Email.FakeDoc
McAfee : Upatre-FAAJ!3B474BAEAC5F
McAfee-GW-Edition : BehavesLike.Win32.Autorun.nt
MicroWorld-eScan : Trojan.Upatre.J
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Kryptik.dmuguo
Norman : Upatre.FN
Sophos : Troj/Dyreza-AT
Symantec : Downloader.Upatre!gen8
TheHacker : Trojan/Kryptik.cwaa
TotalDefense : Win32/Upatre.IVVGEBC
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : TROJ_UPATRE.SMNC
VIPRE : Trojan-Downloader.Win32.Upatre.ao (v)
nProtect : Trojan/W32.Agent.38400.XP
Thursday, January 22, 2015
Incoming Fax Report
************************************
INCOMING FAX REPORT
************************************
Date/Time: Tuesday, 21.01.2015
Speed: 123bps
Connection time: 01:06
Page: 3
Resolution: Normal
Remote ID: 871-748-171158
Line number: 9
DTMF/DID:
Description: Internal only
************************************
FAX-id9123912481712931.zip
Email analysis :
NOTE : no-reply@premium-fax.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < respellsrcwe1918@regalix.com >
NOTE : Remote : 82.130.246.56 (56.82-130-246.static.clientes.euskaltel.es)
NOTE : Incoming Fax Report
FAX-id9123912481712931.zip analysis :
AVG Generic36.ARVN 20150122
AVware Trojan.Win32.Generic!BT 20150122
Ad-Aware Trojan.GenericKD.2099790 20150122
Avast Win32:Trojan-gen 20150122
Avira TR/Crowti.A.152 20150122
BitDefender Trojan.GenericKD.2099790 20150122
CMC Trojan.Win32.Krap.2!O 20150120
Cyren W32/Trojan.SNJZ-4571 20150122
DrWeb Trojan.Encoder.514 20150122
ESET-NOD32 Win32/Filecoder.CO 20150122
Emsisoft Trojan.GenericKD.2099790 (B) 20150122
F-Prot W32/Trojan3.NGI 20150122
F-Secure Trojan.GenericKD.2099790 20150122
GData Trojan.GenericKD.2099790 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Trojan ( 7000000c1 ) 20150122
K7GW Trojan ( 7000000c1 ) 20150122
Kaspersky Trojan-Ransom.Win32.Blocker.gkdv 20150122
McAfee Artemis!20834704BF1B 20150122
MicroWorld-eScan Trojan.GenericKD.2099790 20150122
Microsoft Ransom:Win32/Crowti.A 20150122
Qihoo-360 Win32/Trojan.Multi.daf 20150122
Sophos Mal/DrodZp-A 20150122
Symantec Trojan.Cryptolocker.F 20150122
Tencent Win32.Trojan.Inject.Auto 20150122
TrendMicro TROJ_FILECODER.K 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
nProtect Trojan.GenericKD.2099790 20150122
INCOMING FAX REPORT
************************************
Date/Time: Tuesday, 21.01.2015
Speed: 123bps
Connection time: 01:06
Page: 3
Resolution: Normal
Remote ID: 871-748-171158
Line number: 9
DTMF/DID:
Description: Internal only
************************************
FAX-id9123912481712931.zip
Email analysis :
NOTE : no-reply@premium-fax.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < respellsrcwe1918@regalix.com >
NOTE : Remote : 82.130.246.56 (56.82-130-246.static.clientes.euskaltel.es)
NOTE : Incoming Fax Report
FAX-id9123912481712931.zip analysis :
AVG Generic36.ARVN 20150122
AVware Trojan.Win32.Generic!BT 20150122
Ad-Aware Trojan.GenericKD.2099790 20150122
Avast Win32:Trojan-gen 20150122
Avira TR/Crowti.A.152 20150122
BitDefender Trojan.GenericKD.2099790 20150122
CMC Trojan.Win32.Krap.2!O 20150120
Cyren W32/Trojan.SNJZ-4571 20150122
DrWeb Trojan.Encoder.514 20150122
ESET-NOD32 Win32/Filecoder.CO 20150122
Emsisoft Trojan.GenericKD.2099790 (B) 20150122
F-Prot W32/Trojan3.NGI 20150122
F-Secure Trojan.GenericKD.2099790 20150122
GData Trojan.GenericKD.2099790 20150122
Ikarus Trojan-Spy.Agent 20150122
K7AntiVirus Trojan ( 7000000c1 ) 20150122
K7GW Trojan ( 7000000c1 ) 20150122
Kaspersky Trojan-Ransom.Win32.Blocker.gkdv 20150122
McAfee Artemis!20834704BF1B 20150122
MicroWorld-eScan Trojan.GenericKD.2099790 20150122
Microsoft Ransom:Win32/Crowti.A 20150122
Qihoo-360 Win32/Trojan.Multi.daf 20150122
Sophos Mal/DrodZp-A 20150122
Symantec Trojan.Cryptolocker.F 20150122
Tencent Win32.Trojan.Inject.Auto 20150122
TrendMicro TROJ_FILECODER.K 20150122
TrendMicro-HouseCall Suspicious_GEN.F47V0121 20150122
VIPRE Trojan.Win32.Generic!BT 20150122
nProtect Trojan.GenericKD.2099790 20150122
Employee Documents - Internal Use
DOCUMENT NOTIFICATION, Powered by NetDocuments
DOCUMENT NAME: Employee Documents
DOCUMENT LINK: http://spitalcuzavodaiasi.ro/CUSTOMER.DOCUMENT-STORAGE-DATA/get_invoice_document.html
DOCUMENT LINK: http://lamichelangelo.it/CUSTOMER-DOCUMENT-STORAGE_DATA/get_last_document.html
DOCUMENT LINK: http://www.trans-arts.com/CUSTOMER~DOCUMENT-DATA/last-invoice-document.html
Documents are encrypted in transit and store in a secure repository
---------------------------------------------------------------------------------
This message may contain information that is privileged and confidential. If you received this transmission in error, please notify the sender by reply email and delete the message and any attachments.
Email analysis :
NOTE : no-replay@invoice.com
NOTE : User-Agent : Roundcube Webmail/1.1.1
NOTE : Received : from unknown (HELO invoice.com) (37.191.103.140)
NOTE : Received : from unknown (HELO invoice.com) (69.42.188.58)
NOTE : Received : from unknown (HELO invoice.com) (80.156.199.162)
Process Analysis :
CLICK : one of the three links.
DOWNLOAD : invoice_pdf80985.zip
EXTRACT : invoice_pdf40132.exe
invoice_pdf40132.exe analysis :
AVG : Crypt3.BTYL : 20150122
Ad-Aware : Gen:Variant.Zbot.154 : 20150122
AhnLab-V3 : Spyware/Win32.Zbot : 20150122
Avast : Win32:Malware-gen : 20150122
BitDefender : Gen:Variant.Zbot.154 : 20150122
CMC : Packed.Win32.Katusha.3!O : 20150120
Cyren : W32/Trojan.RHQS-4975 : 20150122
DrWeb : Trojan.Upatre.128 : 20150122
ESET-NOD32 : Win32/TrojanDownloader.Waski.F : 20150122
Emsisoft : Gen:Variant.Zbot.154 (B) : 20150122
F-Prot : W32/Trojan3.NGH : 20150122
F-Secure : Gen:Variant.Zbot.154 : 20150122
GData : Gen:Variant.Zbot.154 : 20150122
K7AntiVirus : Trojan-Downloader ( 0049d22b1 ) : 20150122
Kaspersky : Trojan.Win32.Staser.awtk : 20150122
Malwarebytes : Trojan.Email.FakeDoc : 20150122
McAfee : Downloader-FAHF!01F769E9BD9A : 20150122
MicroWorld-eScan : Gen:Variant.Zbot.154 : 20150122
Qihoo-360 : Malware.QVM20.Gen : 20150122
Rising : PE:Malware.FakePDF@CV!1.9C3A : 20150121
Sophos : Troj/Dyreza-AM : 20150122
Symantec : Downloader.Upatre : 20150122
nProtect : Trojan/W32.Agent.15872.TX : 20150122
DOCUMENT NAME: Employee Documents
DOCUMENT LINK: http://spitalcuzavodaiasi.ro/CUSTOMER.DOCUMENT-STORAGE-DATA/get_invoice_document.html
DOCUMENT LINK: http://lamichelangelo.it/CUSTOMER-DOCUMENT-STORAGE_DATA/get_last_document.html
DOCUMENT LINK: http://www.trans-arts.com/CUSTOMER~DOCUMENT-DATA/last-invoice-document.html
Documents are encrypted in transit and store in a secure repository
---------------------------------------------------------------------------------
This message may contain information that is privileged and confidential. If you received this transmission in error, please notify the sender by reply email and delete the message and any attachments.
Email analysis :
NOTE : no-replay@invoice.com
NOTE : User-Agent : Roundcube Webmail/1.1.1
NOTE : Received : from unknown (HELO invoice.com) (37.191.103.140)
NOTE : Received : from unknown (HELO invoice.com) (69.42.188.58)
NOTE : Received : from unknown (HELO invoice.com) (80.156.199.162)
Process Analysis :
CLICK : one of the three links.
DOWNLOAD : invoice_pdf80985.zip
EXTRACT : invoice_pdf40132.exe
invoice_pdf40132.exe analysis :
AVG : Crypt3.BTYL : 20150122
Ad-Aware : Gen:Variant.Zbot.154 : 20150122
AhnLab-V3 : Spyware/Win32.Zbot : 20150122
Avast : Win32:Malware-gen : 20150122
BitDefender : Gen:Variant.Zbot.154 : 20150122
CMC : Packed.Win32.Katusha.3!O : 20150120
Cyren : W32/Trojan.RHQS-4975 : 20150122
DrWeb : Trojan.Upatre.128 : 20150122
ESET-NOD32 : Win32/TrojanDownloader.Waski.F : 20150122
Emsisoft : Gen:Variant.Zbot.154 (B) : 20150122
F-Prot : W32/Trojan3.NGH : 20150122
F-Secure : Gen:Variant.Zbot.154 : 20150122
GData : Gen:Variant.Zbot.154 : 20150122
K7AntiVirus : Trojan-Downloader ( 0049d22b1 ) : 20150122
Kaspersky : Trojan.Win32.Staser.awtk : 20150122
Malwarebytes : Trojan.Email.FakeDoc : 20150122
McAfee : Downloader-FAHF!01F769E9BD9A : 20150122
MicroWorld-eScan : Gen:Variant.Zbot.154 : 20150122
Qihoo-360 : Malware.QVM20.Gen : 20150122
Rising : PE:Malware.FakePDF@CV!1.9C3A : 20150121
Sophos : Troj/Dyreza-AM : 20150122
Symantec : Downloader.Upatre : 20150122
nProtect : Trojan/W32.Agent.15872.TX : 20150122
Friday, November 14, 2014
Virus from Essex...
Virus relayed from essex.org.uk :
Voice Message #0168935504
====================================
NOTE : X-Remote : 208.118.175.61 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (208.118.175.61)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0168935504
====================================
Voice redirected message
http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:18:30 +0000
====================================
Voice Message #0461019860
====================================
NOTE : X-Remote : 50.246.114.145 (mail.nbaccorp.com)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from mail.nbaccorp.com (HELO essex.org.uk) (50.246.114.145)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path :
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0461019860
====================================
Voice redirected message
http://vsrwhitefish.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:16:02 +0000
====================================
Voice Message #0479943726
====================================
NOTE : X-Remote : 82.79.67.81 (impress.ro)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from impress.ro (HELO essex.org.uk) (82.79.67.81)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0479943726
====================================
Voice redirected message
http://vietnamflight.vn/bankline/message.php
Sent: Thu, 13 Nov 2014 12:38:01 +0000
====================================
Voice Message #0830285419
====================================
NOTE : X-Remote : 209.76.245.60 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (209.76.245.60)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0830285419
====================================
Voice redirected message
http://karich.com.my/bankline/message.php
Sent: Thu, 13 Nov 2014 11:59:55 +0000
====================================
Voice Message #1032155137
====================================
NOTE : X-Remote : 173.10.48.121 (173-10-48-121-michigan.hfc.comcastbusiness.net)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from 173-10-48-121-michigan.hfc.comcastbusiness.net (HELO essex.org.uk) (173.10.48.121)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #1032155137
====================================
Voice redirected message
http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:41:17 +0000
====================================
Domains related to scams :
====================================
http://karich.com.my/bankline/message.php
====================================
Registrant Name: Joanne Chin Karich
Registrant Street: Sdn Bhd No.1, Jalan 27 A, Kawasan 16, Sungai Rasa
Registrant City: 41300 Kuala Lumpur Wilayah Persekutuan
Registrant Country : Malaysia
Registrant Phone : (Tel) 03-33928488 (Fax) 03-33929069
Registrant Email : joanne@karich.com.my
====================================
====================================
http://zorcorp.com/bankline/message.php
====================================
Registrant Name : john zorbas
Registrant Street : 80 collard st. suite 200
Registrant City : toronto
Registrant State/Province : ON
Registrant Postal Code : m5r1g2
Registrant Country : CA
Registrant Phone : +1.4165646882
Registrant Email : zorcorp@rojers.blackberry.net
====================================
====================================
http://vietnamflight.vn/bankline/message.php
====================================
Registrant Name : Công ty NetNam
Registrant Owner Name : Công Ty TNHH Du Lịch Châu Á Thái Bình Dương
DNS : ns1.sapatours.com , ns2.sapatours.com
====================================
====================================
http://vsrwhitefish.com/bankline/message.php
====================================
Registrant Name : Betty Luderman
Registrant Organization : Village Square Realty
Registrant Street : 411 Spokane Ave
Registrant City : Whitefish
Registrant State/Province : MT
Registrant Postal Code : 59937
Registrant Country : US
Registrant Phone : +1.4068623541
Registrant Email : bettylud@bresnan.net
====================================
Scam.cz action :
====================================
- Clicking one of the link.
- Download : Secure-messageBankline_pdf.zip
- Open : Secure-messageBankline_pdf.zip
- Redirect to http://www.rbs.co.uk/corporate/electronic-services/g2/datalink.ashx
- Analysis : Secure-messageBankline_pdf.zip
====================================
Secure-messageBankline_pdf.zip is a trojan :
====================================
AVG : Luhe.Fiha.A
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.1973036
Avira : TR/Crypt.ZPACK.94167
Baidu-International : Trojan.Win32.Battdil.bI
BitDefender : Trojan.GenericKD.1973036
Cyren : W32/Trojan.YDSE-4442
DrWeb : Trojan.Upatre.115
ESET-NOD32 : Win32/Battdil.I
Emsisoft : Trojan.GenericKD.1973036 (B)
F-Prot : W32/Trojan3.MDD
F-Secure : Trojan-Downloader:W32/Upatre.I
Fortinet : W32/Upatre.BTC!tr
GData : Trojan.GenericKD.1973036
Ikarus : Trojan-Spy.Zbot
Kaspersky : Trojan.Win32.Staser.aqlf
Malwarebytes : Trojan.Upatre
McAfee : Artemis!C852DFF3E4DE
MicroWorld-eScan : Trojan.GenericKD.1973036
Microsoft : TrojanDownloader:Win32/Upatre
Norman : Upatre.FH
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Troj/Zbot-JFC
Symantec : Downloader.Upatre
TrendMicro : TROJ_INJECT.WJSP
====================================
Voice Message #0168935504
====================================
NOTE : X-Remote : 208.118.175.61 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (208.118.175.61)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0168935504
====================================
Voice redirected message
http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:18:30 +0000
====================================
Voice Message #0461019860
====================================
NOTE : X-Remote : 50.246.114.145 (mail.nbaccorp.com)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from mail.nbaccorp.com (HELO essex.org.uk) (50.246.114.145)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path :
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0461019860
====================================
Voice redirected message
http://vsrwhitefish.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:16:02 +0000
====================================
Voice Message #0479943726
====================================
NOTE : X-Remote : 82.79.67.81 (impress.ro)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from impress.ro (HELO essex.org.uk) (82.79.67.81)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0479943726
====================================
Voice redirected message
http://vietnamflight.vn/bankline/message.php
Sent: Thu, 13 Nov 2014 12:38:01 +0000
====================================
Voice Message #0830285419
====================================
NOTE : X-Remote : 209.76.245.60 ()
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from unknown (HELO essex.org.uk) (209.76.245.60)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #0830285419
====================================
Voice redirected message
http://karich.com.my/bankline/message.php
Sent: Thu, 13 Nov 2014 11:59:55 +0000
====================================
Voice Message #1032155137
====================================
NOTE : X-Remote : 173.10.48.121 (173-10-48-121-michigan.hfc.comcastbusiness.net)
NOTE : X-Sender : martin.smith@essex.org.uk
NOTE : Content-Type : text/plain; charset=US-ASCII; format=flowed
NOTE : Received : from 173-10-48-121-michigan.hfc.comcastbusiness.net (HELO essex.org.uk) (173.10.48.121)
NOTE : Received : from domain.local (domain.local [192.168.0.25]) by essex.org.uk (Postfix)
NOTE : User-Agent : Roundcube Webmail/1.0.1
NOTE : Return-Path : < martin.smith@essex.org.uk >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Voice Message #1032155137
====================================
Voice redirected message
http://zorcorp.com/bankline/message.php
Sent: Thu, 13 Nov 2014 12:41:17 +0000
====================================
Domains related to scams :
====================================
http://karich.com.my/bankline/message.php
====================================
Registrant Name: Joanne Chin Karich
Registrant Street: Sdn Bhd No.1, Jalan 27 A, Kawasan 16, Sungai Rasa
Registrant City: 41300 Kuala Lumpur Wilayah Persekutuan
Registrant Country : Malaysia
Registrant Phone : (Tel) 03-33928488 (Fax) 03-33929069
Registrant Email : joanne@karich.com.my
====================================
====================================
http://zorcorp.com/bankline/message.php
====================================
Registrant Name : john zorbas
Registrant Street : 80 collard st. suite 200
Registrant City : toronto
Registrant State/Province : ON
Registrant Postal Code : m5r1g2
Registrant Country : CA
Registrant Phone : +1.4165646882
Registrant Email : zorcorp@rojers.blackberry.net
====================================
====================================
http://vietnamflight.vn/bankline/message.php
====================================
Registrant Name : Công ty NetNam
Registrant Owner Name : Công Ty TNHH Du Lịch Châu Á Thái Bình Dương
DNS : ns1.sapatours.com , ns2.sapatours.com
====================================
====================================
http://vsrwhitefish.com/bankline/message.php
====================================
Registrant Name : Betty Luderman
Registrant Organization : Village Square Realty
Registrant Street : 411 Spokane Ave
Registrant City : Whitefish
Registrant State/Province : MT
Registrant Postal Code : 59937
Registrant Country : US
Registrant Phone : +1.4068623541
Registrant Email : bettylud@bresnan.net
====================================
Scam.cz action :
====================================
- Clicking one of the link.
- Download : Secure-messageBankline_pdf.zip
- Open : Secure-messageBankline_pdf.zip
- Redirect to http://www.rbs.co.uk/corporate/electronic-services/g2/datalink.ashx
- Analysis : Secure-messageBankline_pdf.zip
====================================
Secure-messageBankline_pdf.zip is a trojan :
====================================
AVG : Luhe.Fiha.A
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.1973036
Avira : TR/Crypt.ZPACK.94167
Baidu-International : Trojan.Win32.Battdil.bI
BitDefender : Trojan.GenericKD.1973036
Cyren : W32/Trojan.YDSE-4442
DrWeb : Trojan.Upatre.115
ESET-NOD32 : Win32/Battdil.I
Emsisoft : Trojan.GenericKD.1973036 (B)
F-Prot : W32/Trojan3.MDD
F-Secure : Trojan-Downloader:W32/Upatre.I
Fortinet : W32/Upatre.BTC!tr
GData : Trojan.GenericKD.1973036
Ikarus : Trojan-Spy.Zbot
Kaspersky : Trojan.Win32.Staser.aqlf
Malwarebytes : Trojan.Upatre
McAfee : Artemis!C852DFF3E4DE
MicroWorld-eScan : Trojan.GenericKD.1973036
Microsoft : TrojanDownloader:Win32/Upatre
Norman : Upatre.FH
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Troj/Zbot-JFC
Symantec : Downloader.Upatre
TrendMicro : TROJ_INJECT.WJSP
====================================
Tuesday, October 28, 2014
Nota Fiscal Eletrônica
INFORMAMOS QUE O LINK DA NOTA FÍSCAL ENVIADA ANTERIORMENTE FOI CORROMPIDO,
EM FUNÇÃO DISTO, ESTAMOS DISPONIBILIZANDO UM NOVO LINK PARA DOWNLOAD.
PEDIMOS DESCULPAS PELOS TRANSTORNOS.
Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em SETEMBRO/2014.
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Este email está limpo de vírus e malwares porque a proteção do avast! Antivírus está ativa.
Email analysis :
NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Message-Id : < *@BRASILPC >
NOTE : X-Antivirus : avast! (VPS 141027-2, 27/10/2014), Outbound message
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from brasil2014-PC (unknown [179.155.140.18])
NOTE : by mail.termaco.com.br (Postfix)
NOTE : Nota Fiscal Eletrônica
Link analysis :
CLICK : 004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : http://ge.tt/api/1/files/7EMX4r22/0/blob?download
DOWNLOAD : Reemissão de Nota N 9038312-01.rar
Virus analysis :
Comodo : TrojWare.Win32.TrojanDownloader.Delf.SAD : 20141028
ESET-NOD32 : a variant of Win32/TrojanDownloader.Banload.ULY : 20141028
Kaspersky : HEUR:Trojan-Downloader.Script.Generic : 20141028
EM FUNÇÃO DISTO, ESTAMOS DISPONIBILIZANDO UM NOVO LINK PARA DOWNLOAD.
PEDIMOS DESCULPAS PELOS TRANSTORNOS.
Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em SETEMBRO/2014.
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Este email está limpo de vírus e malwares porque a proteção do avast! Antivírus está ativa.
Email analysis :
NOTE : X-Antivirus-Status : Clean
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Message-Id : < *@BRASILPC >
NOTE : X-Antivirus : avast! (VPS 141027-2, 27/10/2014), Outbound message
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from brasil2014-PC (unknown [179.155.140.18])
NOTE : by mail.termaco.com.br (Postfix)
NOTE : Nota Fiscal Eletrônica
Link analysis :
CLICK : 004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : http://ge.tt/api/1/files/7EMX4r22/0/blob?download
DOWNLOAD : Reemissão de Nota N 9038312-01.rar
Virus analysis :
Comodo : TrojWare.Win32.TrojanDownloader.Delf.SAD : 20141028
ESET-NOD32 : a variant of Win32/TrojanDownloader.Banload.ULY : 20141028
Kaspersky : HEUR:Trojan-Downloader.Script.Generic : 20141028
Friday, October 17, 2014
Your document
To view your document, please open attachment.
< document_1425792.pdf.zip >
Virus analysis :
Ad-Aware Trojan.GenericKD.1928929
Avast Win32:Malware-gen
Avira TR/Crypt.Xpack.88959
BitDefender Trojan.GenericKD.1928929
Cyren W32/Trojan.JOFL-9265
ESET-NOD32 a variant of MSIL/Injector.FWC
F-Prot W32/Trojan3.LMV
Fortinet MSIL/FWC!tr
Ikarus Backdoor.Androm
Kaspersky Trojan.Win32.Inject.tbsl
Malwarebytes Trojan.MSIL.Injector
McAfee Artemis!94EA6E94CF43
MicroWorld-eScan Trojan.GenericKD.1928929
Qihoo-360 Win32/Trojan.Multi.daf
Rising PE:Malware.FakePDF@CV!1.9C3A
Sophos Troj/MSIL-APK
Tencent Win32.Trojan.Inject.Auto
TrendMicro-HouseCall TROJ_GE.C9ACEC0C
Email analysis :
NOTE : Return-Path : < no-reply@97e2896c.skybroadband.com >
NOTE : Received : from 97e2896c.skybroadband.com (151.226.137.108)
NOTE : Message-Id : < I1N3IJT6.6426198@robtec.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_NextPart_000_0006_*"
NOTE : X-Remote : 151.226.137.108 (97e2896c.skybroadband.com)
NOTE : Your document
< document_1425792.pdf.zip >
Virus analysis :
Ad-Aware Trojan.GenericKD.1928929
Avast Win32:Malware-gen
Avira TR/Crypt.Xpack.88959
BitDefender Trojan.GenericKD.1928929
Cyren W32/Trojan.JOFL-9265
ESET-NOD32 a variant of MSIL/Injector.FWC
F-Prot W32/Trojan3.LMV
Fortinet MSIL/FWC!tr
Ikarus Backdoor.Androm
Kaspersky Trojan.Win32.Inject.tbsl
Malwarebytes Trojan.MSIL.Injector
McAfee Artemis!94EA6E94CF43
MicroWorld-eScan Trojan.GenericKD.1928929
Qihoo-360 Win32/Trojan.Multi.daf
Rising PE:Malware.FakePDF@CV!1.9C3A
Sophos Troj/MSIL-APK
Tencent Win32.Trojan.Inject.Auto
TrendMicro-HouseCall TROJ_GE.C9ACEC0C
Email analysis :
NOTE : Return-Path : < no-reply@97e2896c.skybroadband.com >
NOTE : Received : from 97e2896c.skybroadband.com (151.226.137.108)
NOTE : Message-Id : < I1N3IJT6.6426198@robtec.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----=_NextPart_000_0006_*"
NOTE : X-Remote : 151.226.137.108 (97e2896c.skybroadband.com)
NOTE : Your document
Thursday, October 16, 2014
Nota Fiscal Eletrônica
Segue Anexo a Nota Fiscal Eletrônica de Serviços, emitida em AGOSTO/2014.
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
7004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Email analysis :
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from localhost (localhost [127.0.0.1]) by mail.termaco.com.br
NOTE : Received : from mail.termaco.com.br ([127.0.0.1]) by
NOTE : Received : from brasil2014-PC (unknown [179.155.133.141]) by mail.termaco.com.br
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Mime-Version : 1.0
NOTE : Nota Fiscal Eletrônica
CLICK : 7004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : https://www.dropbox.com/s/to2t0hwqkkmhq5a/Nota_Eletronica_MFI015.rar?dl=1
Este arquivo deve ser armazenado.
NF-E- Emitida.PDF
7004361097000577215001000052842100874662-ProcNfe.PDF
Prezado Cliente(a)
Segue em anexo a cópia da NOTA FISCAL em PDF onde está a relação dos pedidos e demais detalhes do pagamento. Informamos que o valor foi debitado com sucesso! Qualquer dúvida em relação aos pedidos entrar em contato conosco que explicaremos!
Atenciosamente,
Ricardo B. Santos
Setor Financeiro.
Email analysis :
NOTE : Return-Path : < sac.ba@termaco.com.br >
NOTE : Received : from mail.termaco.com.br (200.217.161.6)
NOTE : Received : from localhost (localhost [127.0.0.1]) by mail.termaco.com.br
NOTE : Received : from mail.termaco.com.br ([127.0.0.1]) by
NOTE : Received : from brasil2014-PC (unknown [179.155.133.141]) by mail.termaco.com.br
NOTE : X-Virus-Scanned : amavisd-new at mail.termaco.com.br
NOTE : Mime-Version : 1.0
NOTE : Nota Fiscal Eletrônica
CLICK : 7004361097000577215001000052842100874662-ProcNfe.PDF
OPEN : https://www.dropbox.com/s/to2t0hwqkkmhq5a/Nota_Eletronica_MFI015.rar?dl=1
No more dropbox file... (Nota_Eletronica_MFI015.rar)
Thursday, October 9, 2014
Alert Transactions Report by users from 2014-09-28 to 2014-09-28
Your requested report is attached here.
< transact_store.zip >
Email analysis :
NOTE : Return-Path :
NOTE : Received : from unknown (HELO pulik.in) (41.216.215.152)
NOTE : Received : from [177.140.36.115] (helo=mgroiipvpbw.iyxefpsmk.ua)
NOTE : X-Mailer : The Bat! (v3.71.14) Professional
NOTE : X-Priority : 3 (Normal)
NOTE : Message-Id : < *.*@nwhxppulruhvq.ecbucf.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----------*"
NOTE : Alert Transactions Report by users from 2014-09-28 to 2014-09-28
Virus analysis :
AVG : MSIL5.RCS
Ad-Aware : Trojan.Agent.BFYC
Avira : TR/Crypt.Xpack.98991
Baidu-International : Trojan.Win32.Wauchos.bAF
BitDefender : Trojan.Agent.BFYC
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AF
Emsisoft : Trojan.Agent.BFYC (B)
F-Secure : Trojan.Agent.BFYC
Fortinet : W32/Wauchos.AF!tr
GData : Trojan.Agent.BFYC
Ikarus : Win32.Outbreak
Kaspersky : Backdoor.Win32.Androm.fcxu
McAfee : Artemis!182EE0F73CD9
MicroWorld-eScan : Trojan.Agent.BFYC
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Sophos : Troj/Zbot-JAQ
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TheHacker : W32/Bagle.gen.pwdzip5
TrendMicro : TROJ_WAUCHOS.WFB
< transact_store.zip >
Email analysis :
NOTE : Return-Path :
NOTE : Received : from unknown (HELO pulik.in) (41.216.215.152)
NOTE : Received : from [177.140.36.115] (helo=mgroiipvpbw.iyxefpsmk.ua)
NOTE : X-Mailer : The Bat! (v3.71.14) Professional
NOTE : X-Priority : 3 (Normal)
NOTE : Message-Id : < *.*@nwhxppulruhvq.ecbucf.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="----------*"
NOTE : Alert Transactions Report by users from 2014-09-28 to 2014-09-28
Virus analysis :
AVG : MSIL5.RCS
Ad-Aware : Trojan.Agent.BFYC
Avira : TR/Crypt.Xpack.98991
Baidu-International : Trojan.Win32.Wauchos.bAF
BitDefender : Trojan.Agent.BFYC
ESET-NOD32 : Win32/TrojanDownloader.Wauchos.AF
Emsisoft : Trojan.Agent.BFYC (B)
F-Secure : Trojan.Agent.BFYC
Fortinet : W32/Wauchos.AF!tr
GData : Trojan.Agent.BFYC
Ikarus : Win32.Outbreak
Kaspersky : Backdoor.Win32.Androm.fcxu
McAfee : Artemis!182EE0F73CD9
MicroWorld-eScan : Trojan.Agent.BFYC
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Sophos : Troj/Zbot-JAQ
Symantec : Backdoor.Trojan
Tencent : Win32.Trojan.Inject.Auto
TheHacker : W32/Bagle.gen.pwdzip5
TrendMicro : TROJ_WAUCHOS.WFB
Friday, October 3, 2014
Fax Report
*************************************
INCOMING FAX REPORT
*************************************
Date/Time: Thursday, 02.10.2014
Speed: 474bps
Connection time: 09:08
Page: 5
Resolution: Normal
Remote ID: 811-748-179982
Line number: 9
DTMF/DID:
Description: Internal only
*************************************
< fax00842121453281728.zip >
Virus analysis :
===================================================
AVG : Crypt3.ASZZ
Avast : Win32:Trojan-gen
Avira : TR/Crypt.ZPACK.102086
Baidu-International : Trojan.Win32.Filecoder.bCO
BitDefender : Trojan.GenericKD.1896987
Bkav : W32.HfsAutoA.D289
ClamAV : Zip.Suspect.ExecutableFax-zippwd-1
Cyren : W32/Trojan.GDDK-5927
ESET-NOD32 : Win32/Filecoder.CO
F-Prot : W32/Trojan3.LBO
F-Secure : Trojan:W32/Agent.DVSR
Ikarus : Trojan-Ransom.CryptoWall
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan (7000000c1)
McAfee : RDN/Generic.dx!dfz
Sophos : Mal/DrodZp-A
Symantec : Trojan.Cryptodefense
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_RANSOM.YMJJ
===================================================
Mail analysis :
===================================================
NOTE : ugo.orlando@toutattache.com
NOTE : Return-Path : < underwriteye@rjsinger.com >
NOTE : Received : from unknown (HELO KJIONYSKE) (91.186.207.186)
NOTE : Message-Id : < 94K3LVMS.2835547@rjsinger.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="------------020006060602000502040307"
NOTE : Fax Report
===================================================
INCOMING FAX REPORT
*************************************
Date/Time: Thursday, 02.10.2014
Speed: 474bps
Connection time: 09:08
Page: 5
Resolution: Normal
Remote ID: 811-748-179982
Line number: 9
DTMF/DID:
Description: Internal only
*************************************
< fax00842121453281728.zip >
Virus analysis :
===================================================
AVG : Crypt3.ASZZ
Avast : Win32:Trojan-gen
Avira : TR/Crypt.ZPACK.102086
Baidu-International : Trojan.Win32.Filecoder.bCO
BitDefender : Trojan.GenericKD.1896987
Bkav : W32.HfsAutoA.D289
ClamAV : Zip.Suspect.ExecutableFax-zippwd-1
Cyren : W32/Trojan.GDDK-5927
ESET-NOD32 : Win32/Filecoder.CO
F-Prot : W32/Trojan3.LBO
F-Secure : Trojan:W32/Agent.DVSR
Ikarus : Trojan-Ransom.CryptoWall
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan (7000000c1)
McAfee : RDN/Generic.dx!dfz
Sophos : Mal/DrodZp-A
Symantec : Trojan.Cryptodefense
Tencent : Win32.Trojan.Inject.Auto
TrendMicro : TROJ_RANSOM.YMJJ
===================================================
Mail analysis :
===================================================
NOTE : ugo.orlando@toutattache.com
NOTE : Return-Path : < underwriteye@rjsinger.com >
NOTE : Received : from unknown (HELO KJIONYSKE) (91.186.207.186)
NOTE : Message-Id : < 94K3LVMS.2835547@rjsinger.com >
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Mime-Version : 1.0
NOTE : Content-Type : multipart/mixed; boundary="------------020006060602000502040307"
NOTE : Fax Report
===================================================
Monday, September 29, 2014
BACS Transfer : Remittance for JSAG051GBP
We have arranged a BACS transfer to your bank for the following amount : 4298.00
Please find details at our secure link below:
http://peytansplace.com/Documents/payment26092014-12
peytansplace.com whois :
Domain Name: PEYTANSPLACE.COM
Registry Domain ID: 1606469297_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-07-15 08:51:51
Creation Date: 2010-07-14 12:55:20
Registrar Registration Expiration Date: 2015-07-14 12:55:20
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Stacy Gilmore
Registrant Organization: imaaxx
Registrant Street: 4981 Hwy #7 East
Registrant Street: Unit 12A, Suite 207
Registrant City: Markham
Registrant State/Province: Ontario
Registrant Postal Code: L3R1N1
Registrant Country: Canada
Registrant Phone: +1.9056407548
Registrant Email: sales@imaaxx.com
Registry Admin ID:
Admin Name: Stacy Gilmore
Admin Organization: imaaxx
Admin Street: 4981 Hwy #7 East
Admin Street: Unit 12A, Suite 207
Admin City: Markham
Admin State/Province: Ontario
Admin Postal Code: L3R1N1
Admin Country: Canada
Admin Phone: +1.9056407548
Admin Email: sales@imaaxx.com
Registry Tech ID:
Tech Name: Stacy Gilmore
Tech Organization: imaaxx
Tech Street: 4981 Hwy #7 East
Tech Street: Unit 12A, Suite 207
Tech City: Markham
Tech State/Province: Ontario
Tech Postal Code: L3R1N1
Tech Country: Canada
Tech Phone: +1.9056407548
Tech Email: sales@imaaxx.com
Name Server: NS1.MEGANAMESERVERS.COM
Name Server: NS2.MEGANAMESERVERS.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-9-29T10:00:00Z
Please find details at our secure link below:
http://peytansplace.com/Documents/payment26092014-12
peytansplace.com whois :
Domain Name: PEYTANSPLACE.COM
Registry Domain ID: 1606469297_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-07-15 08:51:51
Creation Date: 2010-07-14 12:55:20
Registrar Registration Expiration Date: 2015-07-14 12:55:20
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Stacy Gilmore
Registrant Organization: imaaxx
Registrant Street: 4981 Hwy #7 East
Registrant Street: Unit 12A, Suite 207
Registrant City: Markham
Registrant State/Province: Ontario
Registrant Postal Code: L3R1N1
Registrant Country: Canada
Registrant Phone: +1.9056407548
Registrant Email: sales@imaaxx.com
Registry Admin ID:
Admin Name: Stacy Gilmore
Admin Organization: imaaxx
Admin Street: 4981 Hwy #7 East
Admin Street: Unit 12A, Suite 207
Admin City: Markham
Admin State/Province: Ontario
Admin Postal Code: L3R1N1
Admin Country: Canada
Admin Phone: +1.9056407548
Admin Email: sales@imaaxx.com
Registry Tech ID:
Tech Name: Stacy Gilmore
Tech Organization: imaaxx
Tech Street: 4981 Hwy #7 East
Tech Street: Unit 12A, Suite 207
Tech City: Markham
Tech State/Province: Ontario
Tech Postal Code: L3R1N1
Tech Country: Canada
Tech Phone: +1.9056407548
Tech Email: sales@imaaxx.com
Name Server: NS1.MEGANAMESERVERS.COM
Name Server: NS2.MEGANAMESERVERS.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-9-29T10:00:00Z
Tuesday, September 16, 2014
Fax Report Virus
************************************
INCOMING FAX REPORT
************************************
Date/Time: Monday, 15.09.2014
Speed: 742bps
Connection time: 02:05
Page: 6
Resolution: Normal
Remote ID: 961-748-175192
Line number: 2
DTMF/DID:
Description: Internal only
************************************
< fax0082716711362511.zip >
Virus analysis :
==================================
AVG : Inject2.AVZG : 20140916
Ad-Aware : Trojan.GenericKD.1863035 : 20140916
Avast : Win32:Trojan-gen : 20140916
Avira : TR/Crypt.ZPACK.65977 : 20140916
Baidu-International : Trojan.Win32.Ransom.AR : 20140916
BitDefender : Trojan.GenericKD.1863035 : 20140916
CMC : Trojan.Win32.Swizzor.2!O : 20140916
Cyren : W32/Trojan.PSFN-7581 : 20140916
DrWeb : Trojan.Encoder.514 : 20140916
ESET-NOD32 : Win32/Filecoder.NCE : 20140916
Emsisoft : Trojan.GenericKD.1863035 (B) : 20140916
F-Prot : W32/Trojan3.KSP : 20140916
F-Secure : Trojan.GenericKD.1863035 : 20140916
GData : Trojan.GenericKD.1863035 : 20140916
Ikarus : Trojan-Spy.Agent : 20140916
K7AntiVirus : Trojan ( 7000000c1 ) : 20140915
K7GW : Trojan ( 7000000c1 ) : 20140915
Kaspersky : Trojan-Ransom.Win32.Cryptodef.bmw : 20140916
McAfee : RDN/Suspicious.bfr!bh : 20140916
MicroWorld-eScan : Trojan.GenericKD.1863035 : 20140916
Microsoft : Ransom:Win32/Crowti.A : 20140916
Panda : Trj/Chgt.F : 20140915
Qihoo-360 : HEUR/Malware.QVM07.Gen : 20140916
Sophos : Mal/DrodZp-A : 20140916
Symantec : Trojan.Cryptodefense : 20140916
Tencent : Win32.Trojan.Inject.Auto : 20140916
TrendMicro : TROJ_RANSOM.YMJH : 20140916
TrendMicro-HouseCall : TROJ_RANSOM.YMJH : 20140916
nProtect : Trojan.GenericKD.1863035 : 20140916
==================================
INCOMING FAX REPORT
************************************
Date/Time: Monday, 15.09.2014
Speed: 742bps
Connection time: 02:05
Page: 6
Resolution: Normal
Remote ID: 961-748-175192
Line number: 2
DTMF/DID:
Description: Internal only
************************************
< fax0082716711362511.zip >
Virus analysis :
==================================
AVG : Inject2.AVZG : 20140916
Ad-Aware : Trojan.GenericKD.1863035 : 20140916
Avast : Win32:Trojan-gen : 20140916
Avira : TR/Crypt.ZPACK.65977 : 20140916
Baidu-International : Trojan.Win32.Ransom.AR : 20140916
BitDefender : Trojan.GenericKD.1863035 : 20140916
CMC : Trojan.Win32.Swizzor.2!O : 20140916
Cyren : W32/Trojan.PSFN-7581 : 20140916
DrWeb : Trojan.Encoder.514 : 20140916
ESET-NOD32 : Win32/Filecoder.NCE : 20140916
Emsisoft : Trojan.GenericKD.1863035 (B) : 20140916
F-Prot : W32/Trojan3.KSP : 20140916
F-Secure : Trojan.GenericKD.1863035 : 20140916
GData : Trojan.GenericKD.1863035 : 20140916
Ikarus : Trojan-Spy.Agent : 20140916
K7AntiVirus : Trojan ( 7000000c1 ) : 20140915
K7GW : Trojan ( 7000000c1 ) : 20140915
Kaspersky : Trojan-Ransom.Win32.Cryptodef.bmw : 20140916
McAfee : RDN/Suspicious.bfr!bh : 20140916
MicroWorld-eScan : Trojan.GenericKD.1863035 : 20140916
Microsoft : Ransom:Win32/Crowti.A : 20140916
Panda : Trj/Chgt.F : 20140915
Qihoo-360 : HEUR/Malware.QVM07.Gen : 20140916
Sophos : Mal/DrodZp-A : 20140916
Symantec : Trojan.Cryptodefense : 20140916
Tencent : Win32.Trojan.Inject.Auto : 20140916
TrendMicro : TROJ_RANSOM.YMJH : 20140916
TrendMicro-HouseCall : TROJ_RANSOM.YMJH : 20140916
nProtect : Trojan.GenericKD.1863035 : 20140916
==================================
NatWest link for Virus
NatWest Logo
You have a new private message from NatWest
To view/read this your secure message please click here
Email Encryption Provided by NatWest. Learn More.
Email Security Powered by Voltage IBE
Copyright 2014 National Westminster Bank Plc. All rights reserved.
Footer Logo NatWest
To unsubscribe please click here
National Westminster Bank Plc. All rights, save as expressly granted, are reserved. Reproduction in any form of any part of the contents of this website without our prior written consent is prohibited unless for personal use only.
Email analysis :
=================================================
NOTE : Return-Path : < denqv@bpbcorp.com >
NOTE : Received : from unknown (HELO localhost) (113.167.221.144)
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : You have received a new secure message from NatWest
=================================================
Link analysis :
=================================================
NOTE : Click "To view/read this your secure message please click here"
NOTE : Open "http://high-hollin.org/nrhscgfayh/rxyxzmsbsy.html"
NOTE : A new download is processed :
NOTE : File "SecureMessage.zip" from http://www.explicacoesmagicmath.pt
NOTE : File "SecureMessage.zip" is a VIRUS !
=================================================
Virus analysis (DEF 20140916) :
=================================================
AVware : Win32.Malware!Drop
Avira : TR/ATRAPS.A.1717
Baidu-International : Trojan.Win32.Upatre.ABlK
DrWeb : Trojan.DownLoad3.34292
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan (7000000c1)
K7GW : Trojan(7000000c1)
Kaspersky : Trojan-Downloader.Win32.Upatre.avh
Kingsoft : VIRUS_UNKNOWN
Malwarebytes : Trojan.Upatre
McAfee : Artemis!AE3D2F8620F0
Microsoft : TrojanDownloader:Win32/Upatre.AA
Panda : Trj/Chgt.F
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Mal/DrodZp-A
Symantec : Trojan.Zbot
Tencent : Win32.Trojan-downloader.Upatre.Wqmz
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.S.Agent.20992.PD
=================================================
Whois Analysis :
=================================================
high-hollin.org
=================================================
Domain Name:HIGH-HOLLIN.ORG
Domain ID: D153034212-LROR
Creation Date: 2008-06-20T18:34:26Z
Updated Date: 2012-06-19T08:02:22Z
Registry Expiry Date: 2015-06-20T18:34:26Z
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Sponsoring Registrar IANA ID: 69
Domain Status: ok
Registrant ID:tuMZ59PcSs2k5l1K
Registrant Name:Douglas McCowen
Registrant Organization:None
Registrant Street: Riverside Barn
Registrant City:Winford- BRISTOL
Registrant State/Province:Avon
Registrant Postal Code:BS408HJ
Registrant Country:GB
Registrant Phone:+44.7985466869
Registrant Email:dhl_mccowen@hotmail.com
Admin ID:tuMZ59PcSs2k5l1K
Admin Name:Douglas McCowen
Admin Organization:None
Admin Street: Riverside Barn
Admin City:Winford- BRISTOL
Admin State/Province:Avon
Admin Postal Code:BS408HJ
Admin Country:GB
Admin Phone:+44.7985466869
Admin Email:dhl_mccowen@hotmail.com
Tech ID:tu9LIBi0nseyvCgJ
Tech Name:Pickaweb Limited Domains Dpt
Tech Organization:Pickaweb Limited
Tech Street: 7 Marlow Copse
Tech City:Chatham
Tech State/Province:Kent
Tech Postal Code:ME59DP
Tech Country:GB
Tech Phone:+44.8712180841
Tech Email:domains@pickaweb.co.uk
Name Server:NS7.UKHOSTSUPPORT.COM
Name Server:NS8.UKHOSTSUPPORT.COM
=================================================
explicacoesmagicmath.pt
=================================================
Domain Name: explicacoesmagicmath.pt
Creation Date (dd/mm/yyyy): 04/02/2013
Expiration Date (dd/mm/yyyy): 03/02/2015
Status: ACTIVE
Registrant
Francisco Cascao
Rua Francisco sa Miranda Lt 7
538
2975 538
Email: franciscocascao@iol.pt
Entidade Gestora / Billing Contact
EASYHOST - SERVI?OS INTERNET, UNIPESSOAL LDA
Email: dns@easyhost.pt
RACKSPOT LDA
Email: helpdesk@rackspot.com
Nameserver: explicacoesmagicmath.pt NS a.ns.rackspot.com.
Nameserver: explicacoesmagicmath.pt NS b.ns.rackspot.com.
=================================================
You have a new private message from NatWest
To view/read this your secure message please click here
Email Encryption Provided by NatWest. Learn More.
Email Security Powered by Voltage IBE
Copyright 2014 National Westminster Bank Plc. All rights reserved.
Footer Logo NatWest
To unsubscribe please click here
National Westminster Bank Plc. All rights, save as expressly granted, are reserved. Reproduction in any form of any part of the contents of this website without our prior written consent is prohibited unless for personal use only.
Email analysis :
=================================================
NOTE : Return-Path : < denqv@bpbcorp.com >
NOTE : Received : from unknown (HELO localhost) (113.167.221.144)
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : You have received a new secure message from NatWest
=================================================
Link analysis :
=================================================
NOTE : Click "To view/read this your secure message please click here"
NOTE : Open "http://high-hollin.org/nrhscgfayh/rxyxzmsbsy.html"
NOTE : A new download is processed :
NOTE : File "SecureMessage.zip" from http://www.explicacoesmagicmath.pt
NOTE : File "SecureMessage.zip" is a VIRUS !
=================================================
Virus analysis (DEF 20140916) :
=================================================
AVware : Win32.Malware!Drop
Avira : TR/ATRAPS.A.1717
Baidu-International : Trojan.Win32.Upatre.ABlK
DrWeb : Trojan.DownLoad3.34292
ESET-NOD32 : Win32/TrojanDownloader.Waski.A
Ikarus : Trojan-Spy.Agent
K7AntiVirus : Trojan (7000000c1)
K7GW : Trojan(7000000c1)
Kaspersky : Trojan-Downloader.Win32.Upatre.avh
Kingsoft : VIRUS_UNKNOWN
Malwarebytes : Trojan.Upatre
McAfee : Artemis!AE3D2F8620F0
Microsoft : TrojanDownloader:Win32/Upatre.AA
Panda : Trj/Chgt.F
Qihoo-360 : HEUR/QVM20.1.Malware.Gen
Sophos : Mal/DrodZp-A
Symantec : Trojan.Zbot
Tencent : Win32.Trojan-downloader.Upatre.Wqmz
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.S.Agent.20992.PD
=================================================
Whois Analysis :
=================================================
high-hollin.org
=================================================
Domain Name:HIGH-HOLLIN.ORG
Domain ID: D153034212-LROR
Creation Date: 2008-06-20T18:34:26Z
Updated Date: 2012-06-19T08:02:22Z
Registry Expiry Date: 2015-06-20T18:34:26Z
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Sponsoring Registrar IANA ID: 69
Domain Status: ok
Registrant ID:tuMZ59PcSs2k5l1K
Registrant Name:Douglas McCowen
Registrant Organization:None
Registrant Street: Riverside Barn
Registrant City:Winford- BRISTOL
Registrant State/Province:Avon
Registrant Postal Code:BS408HJ
Registrant Country:GB
Registrant Phone:+44.7985466869
Registrant Email:dhl_mccowen@hotmail.com
Admin ID:tuMZ59PcSs2k5l1K
Admin Name:Douglas McCowen
Admin Organization:None
Admin Street: Riverside Barn
Admin City:Winford- BRISTOL
Admin State/Province:Avon
Admin Postal Code:BS408HJ
Admin Country:GB
Admin Phone:+44.7985466869
Admin Email:dhl_mccowen@hotmail.com
Tech ID:tu9LIBi0nseyvCgJ
Tech Name:Pickaweb Limited Domains Dpt
Tech Organization:Pickaweb Limited
Tech Street: 7 Marlow Copse
Tech City:Chatham
Tech State/Province:Kent
Tech Postal Code:ME59DP
Tech Country:GB
Tech Phone:+44.8712180841
Tech Email:domains@pickaweb.co.uk
Name Server:NS7.UKHOSTSUPPORT.COM
Name Server:NS8.UKHOSTSUPPORT.COM
=================================================
explicacoesmagicmath.pt
=================================================
Domain Name: explicacoesmagicmath.pt
Creation Date (dd/mm/yyyy): 04/02/2013
Expiration Date (dd/mm/yyyy): 03/02/2015
Status: ACTIVE
Registrant
Francisco Cascao
Rua Francisco sa Miranda Lt 7
538
2975 538
Email: franciscocascao@iol.pt
Entidade Gestora / Billing Contact
EASYHOST - SERVI?OS INTERNET, UNIPESSOAL LDA
Email: dns@easyhost.pt
RACKSPOT LDA
Email: helpdesk@rackspot.com
Nameserver: explicacoesmagicmath.pt NS a.ns.rackspot.com.
Nameserver: explicacoesmagicmath.pt NS b.ns.rackspot.com.
=================================================
Thursday, September 11, 2014
Rép : Swift Payment Confirmation.
Good day,
I tried calling you, but couldn't reach you, Please find attached swift copy of payment made today, And kindly get back to me with all necessary document for shipment.
7/09/14 14:12:20 LOcalOutAcks-2536-0883793
--------------------Instance Type Transission--------------------
Notification (Transmission) of Original sent to SWFT (ACK) Nerwork Delivcr Status Nerwork Ack
Priorty/Delivcry:
Normal
Swift Lnput:
FIN 103 Single Customer Credit Transfer
Sender:
CORUTZTZXXX
CRDB BANK LIMTTED
DAR ES SALAAMTZ
Receivr :
CITTUS32XXX
CITTBANK N.A
NEW YORK ,NY US
---------------------Message Text--------------------
20:Sender's Reference
986/25LUMUMBA
23B:Bank Operation CodcCRED
32A:Val Dte/Curr/Interbnk Settld Amt
Date:7 September 2014
Currency:USD (US DOLLAR)
50K:Ordering Customer- Name & Address
---------------------Message Text--------------------
{CHK:GDF65HET676F}
PKI Signature: MAC-Equivalcnt
---------------------Intervtions---------------------
Caiegory:Nerwork Report
Creation Time:7/09/14 14:12:20
Application:SWTFT Interface
Operato:Systern
Text{1:G2CORUTZTZAXXX4800211}{5189:1331566}{7761:0}{209267349056400}
Regards
Asjad Sayeed/Northern Tannery
Sent from my iPhone
< TT copy.7z >
Virus Analysis :
AVG Inject2.AUZR 20140911
Ad-Aware Gen:Variant.Zusy.105684 20140911
Avira TR/Betabot.A.178 20140911
Baidu-International Trojan.Win32.Neurevt.aJXs 20140911
BitDefender Gen:Variant.Zusy.105684 20140911
Cyren W32/Ransom.QLKF-8999 20140911
DrWeb Trojan.PWS.Stealer.13199 20140911
ESET-NOD32 a variant of Win32/Injector.BLNI 20140911
Emsisoft Gen:Variant.Zusy.105684 (B) 20140911
F-Secure Gen:Variant.Zusy.105684 20140911
Fortinet W32/Neurevt.API!tr 20140911
GData Gen:Variant.Zusy.105684 20140911
Ikarus Trojan.Crypt 20140911
K7AntiVirus Riskware ( 0040eff71 ) 20140910
K7GW Riskware ( 0040eff71 ) 20140910
Kaspersky Trojan.Win32.Neurevt.api 20140911
Kingsoft VIRUS_UNKNOWN 20140911
MicroWorld-eScan Gen:Variant.Zusy.105684 20140911
NANO-Antivirus Trojan.Win32.Stealer.derrjx 20140911
Panda Trj/CI.A 20140910
Sophos Troj/Inject-BCM 20140911
TrendMicro TROJ_GEN.R00JC0EIA14 20140911
Mail analysis :
NOTE : Received : from ebeautiquestore.com (203.175.170.39)
NOTE : Received : from User (unknown [69.26.211.159]) by ebeautiquestore.com
I tried calling you, but couldn't reach you, Please find attached swift copy of payment made today, And kindly get back to me with all necessary document for shipment.
7/09/14 14:12:20 LOcalOutAcks-2536-0883793
--------------------Instance Type Transission--------------------
Notification (Transmission) of Original sent to SWFT (ACK) Nerwork Delivcr Status Nerwork Ack
Priorty/Delivcry:
Normal
Swift Lnput:
FIN 103 Single Customer Credit Transfer
Sender:
CORUTZTZXXX
CRDB BANK LIMTTED
DAR ES SALAAMTZ
Receivr :
CITTUS32XXX
CITTBANK N.A
NEW YORK ,NY US
---------------------Message Text--------------------
20:Sender's Reference
986/25LUMUMBA
23B:Bank Operation CodcCRED
32A:Val Dte/Curr/Interbnk Settld Amt
Date:7 September 2014
Currency:USD (US DOLLAR)
50K:Ordering Customer- Name & Address
---------------------Message Text--------------------
{CHK:GDF65HET676F}
PKI Signature: MAC-Equivalcnt
---------------------Intervtions---------------------
Caiegory:Nerwork Report
Creation Time:7/09/14 14:12:20
Application:SWTFT Interface
Operato:Systern
Text{1:G2CORUTZTZAXXX4800211}{5189:1331566}{7761:0}{209267349056400}
Regards
Asjad Sayeed/Northern Tannery
Sent from my iPhone
< TT copy.7z >
Virus Analysis :
AVG Inject2.AUZR 20140911
Ad-Aware Gen:Variant.Zusy.105684 20140911
Avira TR/Betabot.A.178 20140911
Baidu-International Trojan.Win32.Neurevt.aJXs 20140911
BitDefender Gen:Variant.Zusy.105684 20140911
Cyren W32/Ransom.QLKF-8999 20140911
DrWeb Trojan.PWS.Stealer.13199 20140911
ESET-NOD32 a variant of Win32/Injector.BLNI 20140911
Emsisoft Gen:Variant.Zusy.105684 (B) 20140911
F-Secure Gen:Variant.Zusy.105684 20140911
Fortinet W32/Neurevt.API!tr 20140911
GData Gen:Variant.Zusy.105684 20140911
Ikarus Trojan.Crypt 20140911
K7AntiVirus Riskware ( 0040eff71 ) 20140910
K7GW Riskware ( 0040eff71 ) 20140910
Kaspersky Trojan.Win32.Neurevt.api 20140911
Kingsoft VIRUS_UNKNOWN 20140911
MicroWorld-eScan Gen:Variant.Zusy.105684 20140911
NANO-Antivirus Trojan.Win32.Stealer.derrjx 20140911
Panda Trj/CI.A 20140910
Sophos Troj/Inject-BCM 20140911
TrendMicro TROJ_GEN.R00JC0EIA14 20140911
Mail analysis :
NOTE : Received : from ebeautiquestore.com (203.175.170.39)
NOTE : Received : from User (unknown [69.26.211.159]) by ebeautiquestore.com
Monday, September 8, 2014
Rép : Copy of Shipping Document
Good day,
Attached is the draft copy of your shipping documents including the bill of lading. Kindly check and confirm if every thing is OK so we can proceed with the original documents.
Yanni SHO
Senior Customer Service Executive
Sales & Marketing Dept.
MAERSK SHIPPING LINE S.A.
Main Line: +86 6775 7800
Direct Line: +865 6799 1182
Main Fax: +65 6775 7079
www.***.com
« MAERSK SHIPPING LINE S.A.Sailing ahead with passion since 1978 - to know more… » !
© 2014 Microsoft Terms Privacy & cookies Developers English (United States)
< shipping document.7z >
shipping document.7z is a Virus :
==================================================
Ad-Aware Gen:Variant.Zusy.105684 20140908
BitDefender Gen:Variant.Zusy.105684 20140908
Emsisoft Gen:Variant.Zusy.105684 (B) 20140908
F-Secure Gen:Variant.Zusy.105684 20140907
GData Gen:Variant.Zusy.105684 20140908
==================================================
Email :
==================================================
NOTE : Received : from host.smartpoint.in (69.167.141.142)
NOTE : Received : from [69.26.211.159] (port=51168 helo=User)
NOTE : by host.smartpoint.in with esmtpa (Exim 4.82) (envelope-from < maersk.line@mail.ru >)
NOTE : X-Get-Message-Sender-Via : host.smartpoint.in:
NOTE : authenticated_id: importstut@ruthshipping.com
NOTE : Rép : Copy of Shipping Document
==================================================
Attached is the draft copy of your shipping documents including the bill of lading. Kindly check and confirm if every thing is OK so we can proceed with the original documents.
Yanni SHO
Senior Customer Service Executive
Sales & Marketing Dept.
MAERSK SHIPPING LINE S.A.
Main Line: +86 6775 7800
Direct Line: +865 6799 1182
Main Fax: +65 6775 7079
www.***.com
« MAERSK SHIPPING LINE S.A.Sailing ahead with passion since 1978 - to know more… » !
© 2014 Microsoft Terms Privacy & cookies Developers English (United States)
< shipping document.7z >
shipping document.7z is a Virus :
==================================================
Ad-Aware Gen:Variant.Zusy.105684 20140908
BitDefender Gen:Variant.Zusy.105684 20140908
Emsisoft Gen:Variant.Zusy.105684 (B) 20140908
F-Secure Gen:Variant.Zusy.105684 20140907
GData Gen:Variant.Zusy.105684 20140908
==================================================
Email :
==================================================
NOTE : Received : from host.smartpoint.in (69.167.141.142)
NOTE : Received : from [69.26.211.159] (port=51168 helo=User)
NOTE : by host.smartpoint.in with esmtpa (Exim 4.82) (envelope-from < maersk.line@mail.ru >)
NOTE : X-Get-Message-Sender-Via : host.smartpoint.in:
NOTE : authenticated_id: importstut@ruthshipping.com
NOTE : Rép : Copy of Shipping Document
==================================================
Subscribe to:
Posts (Atom)