Infração de Transito 10-08-2016 (Virus)

A partir do dia 10/08/2016, a Via Fácil realmente iniciou a aplicação de multas.

Todo motorista que passar a mais de 40 km/h receberá uma multa por excesso

de velocidade. Segundo a STP (empresa administradora), a multa do Sem Parar

é gerada pela Policia Rodoviária.

você foi multado veja abaixo copia da multa.

Download da multa aqui...

Email analysis :

NOTE : detran@drz.com.br
NOTE : Received : from unknown (HELO pc-PC)
NOTE : (menoli@drz.com.br@200.204.161.106)

NOTE : by beta.sercomtel.com.br

Link analysis :

CLICK : Download da multa aqui...
OPEN : https://tinyurl.com/j3nav3q?=visualizar/multa/10/08/2016
DOWNLOAD FILE FROM : https://dc431.4shared.com
RESULT : File is a virus.

Virus analysis :

FILENAME : Infração-de-transito-15-08-2016.rar
SHA256 : b3baf1dedb71e91ca1006d412b8ee7eb59bf6a0388bb89abd3aefc3ee0c14dd6

Ad-Aware : Gen:Variant.Symmi.60015
Arcabit : Trojan.Symmi.DEA6F
Avast : Win32:Malware-gen
Avira (no cloud) : TR/Downloader.sdtq
BitDefender : Gen:Variant.Symmi.60015
ESET-NOD32 : Win32/TrojanDownloader.Banload.XMW
Emsisoft : Gen:Variant.Symmi.60015 (B)
F-Secure : Gen:Variant.Symmi.60015
GData : Gen:Variant.Symmi.60015
Ikarus : Trojan-Downloader.Win32.Banload
K7GW : Trojan-Downloader ( 004f64451 )
Kaspersky : Trojan-Downloader.Win32.Delf.kkdi
McAfee : Artemis!383F16692822
eScan : Gen:Variant.Symmi.60015
TrendMicro : HEUR_NAMETRICK.A
TrendMicro-HouseCall : TROJ_GE.4D16FF7F

Conclusion :

Virus hosted by 4shared.com
Link to the virus hosted by tinyurl.com

Rép : bill (Virus)

This bill just came through and it has your name on it.
What is this about?

bill.doc

File analysis :

OPEN : bill.doc
RESULT : bill.doc is a virus.

Virus analysis :

ALYac : Trojan.Msword.NTC
AVG : Zbot.AKEI
AVware : Trojan.Win32.Generic!BT
Ad-Aware : Trojan.Msword.NTC
AhnLab-V3 : W97M/Dropper
Antiy-AVL : Trojan[PSW]/Win32.Fareit
Arcabit : HEUR(high).VBA.Trojan
Avast : Win32:Dropper-gen [Drp]
Avira : TR/Crypt.ZPACK.217559
BitDefender : Trojan.Msword.NTC
CAT-QuickHeal : W97M.Dropper.OF
Cyren : W97M/Dropper.D.gen
DrWeb : Trojan.PWS.Stealer.4118
ESET-NOD32 : VBA/TrojanDropper.Agent.EG
Emsisoft : Trojan.Msword.NTC (B)
F-Prot : W97M/Dropper.D.gen
F-Secure : Trojan.Msword.NTC
Fortinet : WM/Agent!tr
GData : Trojan.Msword.NTC
Ikarus : Trojan.Win32.PSW
Kaspersky : Trojan-PSW.Win32.Fareit.bium
McAfee : W97M/Dropper!E6CB6F898524
McAfee-GW-Edition : W97M/Dropper!E6CB6F898524
MicroWorld-eScan : Trojan.Msword.NTC
Microsoft : TrojanDropper:O97M/Farheyt
NANO-Antivirus : Trojan.Script.MulDrop.dyxcgh
Panda : O97M/Downloader
Sophos : Troj/Vawtrak-CO
Symantec : W97M.Downloader
Tencent : Win32.Trojan-qqpass.Qqrob.Amch
TrendMicro : W2KM_FAREIT.IBI
TrendMicro-HouseCall : W2KM_FAREIT.IBI
VIPRE : Trojan.Win32.Generic!BT
nProtect : Trojan-Downloader/W97M.Iron

Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.4.0
NOTE : X-Remote : 108.178.222.238 ()

NOTE : Mime-Version : 1.0
NOTE : Received : from localhost (HELO queue) (127.0.0.1)
NOTE : Rép : bill

Rép : New order (Virus)

GoodDay,

Find the attached specifications in the purchase order for our company end of the year sales before sending your Proforma Invoice and do get back to me with your quotations asap. An Official order placement will follow as soon as possible. But note that we have restructured the order so the first order will not exceed 20-40feet containers.

Thanks & Best Regards,
Manager Purchasing Department
Shirley Lee

TMS Titanium

HEADQUARTERS

12215 Kirkham Rd., Suite 300
Poway, CA 92064

EMAIL: sales@tmstitanium.com

SALES AND CUSTOMER SERVICE

Toll Free: (888) 748-8510
Local: (858) 748-8510

FAX

(858) 748-8526

scanned purchase order.ace

File analysis :

NOTE : Open scanned purchase order.ace
NOTE : scanned purchase order.ace is a virus.

Virus analysis :

Avast : Win32:Malware-gen
ESET-NOD32 : a variant of Win32/Injector.CNFH
GData : Archive.Trojan.Agent.14JCQ5
Ikarus : Trojan.Win32.Injector
Kaspersky : Trojan.Win32.Scarsi.aaab
Panda : Generic Suspicious
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Sophos : Mal/DrodAce-A

Email analysis :

NOTE : sales@tmstitanium.com
NOTE : SUNSHINESLISA1@YAHOO.COM
NOTE : Received : from [67.227.193.36]
NOTE : (UnknownHost [67.227.193.36]) by mail2.postbulletin.com

New order 1320

Dear supplier,

Please find the attached purchase order and acknowledge the receipt.

We await your response with details.

Thanks,

Monica Paquette
Purchasing Manager.
JUBAILI TRADE COMPANY.
32107 Bad Salzuflen

Germany

T: +49-5208-9102-7523
F: +49-5208-9102-9054
M: +49 151 616023605

Web: www.ararmaturen.net

PO_FY6667544pdf.ace

PO_FY6667544pdf.ace analysis :

PO_FY6667544pdf.ace is a virus.

Virus analysis :

AVG : MSIL9.XGT
Ad-Aware : Gen:Variant.Kazy.758648
Arcabit : Trojan.Kazy.DB9378
BitDefender : Gen:Variant.Kazy.758648
ESET-NOD32 : a variant of MSIL/Kryptik.DZP
Emsisoft : Gen:Variant.Kazy.758648 (B)
F-Secure : Gen:Variant.Kazy.758648
GData : Gen:Variant.Kazy.758648
Ikarus : Trojan.MSIL.Crypt
Kaspersky : Trojan.MSIL.Inject.dbmu
MicroWorld-eScan : Gen:Variant.Kazy.758648
Microsoft : Trojan:Win32/Dynamer!ac
Sophos : Mal/DrodAce-A
TrendMicro : TSPY_GOLROTED.CP
TrendMicro-HouseCall : TSPY_GOLROTED.CP

Email analysis :

NOTE : monica.p@tech-center.com
NOTE : Received : from 210.195.249.3 (klg-58-154.tm.net.my [202.188.58.154])

NOTE : by cactus4.qatar.net.qa (Oracle Communications Messaging Exchange Server)
NOTE : does not designate 82.148.101.71 as permitted sender

Rép : RFQ Confirmation (VIRUS)

Good day,

Pls find attached the Inquiry specification list, kindly send us quotation.

Thanks & Best Regards,
Sashi Ranjan Rath
osco Excellence
Tel 1 (i250) : 870 773210230
Tel 2 (FB250) : 870 773208568
Tel 3 (F-77) : 870 765 091 412
Tel 4 (F-77) : 870 765 091 411
Fax: 870 765091413
Sat C 1 (Tlx): 447703830
Sat C 2 (Tlx): 447703831
Email: ismaelcarrillo_zf@yahoo.com

Order 4223.zip

File analysis :

OPEN : Order 4223.zip
RESULT : File is a virus.

Virus analysis :

SHA256: 387b4893e924421f9e91f1ee2a938b9017fe30f3bfae07abbfbf0d1b121d98fa

Baidu-International : Adware.MSIL.iBryte.DFE
ESET-NOD32 : a variant of MSIL/Kryptik.DFE
Malwarebytes : Trojan.ZBAgent.RNDGen
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Rising : PE:Malware.Generic/QRS!1.9E2D[F1]
Sophos : Mal/Generic-S
Tencent : Win32.Trojan.Inject.Auto

Email analysis :

NOTE : stefano.sambucci@transpacific.com
NOTE : ismaelcarrillo_zf@yahoo.com
NOTE : Received : from so199-177.asiawhere.com (219.84.199.177)
NOTE : Received : from 41.190.2.39 ([41.190.2.39])
NOTE : by webmail.mimifund.com (Horde Framework)
NOTE : User-Agent : Internet Messaging Program (IMP) H3 (4.3.9)
NOTE : Return-Path : < stefano.sambucci@transpacific.com >
NOTE : X-No-Auth : unauthenticated sender

Invoice Jeff Herman

invoice53444271 Jeff Herman.zip

File analysis :

OPEN : invoice53444271 Jeff Herman.zip
RESULT : File is a virus.

Virus analysis :

SHA256: 9c6ce032c5b4f521b0ace607a50a499812ecb9845741862a0f7f9183a87c7c49

ALYac : Trojan.Agent.BMBU
AVG : FakeAlert
AVware : Trojan.Win32.Generic!BT
Ad-Aware : Trojan.Agent.BMBU
Agnitum : Trojan.DL.Dofoil!MdY5QMP4IPM
Arcabit : Trojan.Agent.BMBU
Avast : Win32:Trojan-gen
Baidu-International : Trojan.Win32.Dofoil.bstr
BitDefender : Trojan.Agent.BMBU
CAT-QuickHeal : TrojanDownloader.Upatre.r4
Cyren : W32/Trojan3.RIE
ESET-NOD32 : a variant of Win32/Kryptik.DUYG
Emsisoft : Trojan.Agent.BMBU (B)
F-Prot : W32/Trojan3.RIE
F-Secure : Trojan.Agent.BMBU
Fortinet : W32/Kryptik.DUMX!tr
GData : Trojan.Agent.BMBU
Ikarus : Trojan-Downloader.Win32.Upatre
Jiangmin : TrojanDownloader.Dofoil.bhq
K7AntiVirus : Trojan ( 004cddfe1 )
K7GW : Trojan ( 004cddfe1 )
Kaspersky : Trojan-Downloader.Win32.Dofoil.bstr
Malwarebytes : Spyware.Dyre
McAfee : Upatre-FACE!67B2464F5D77
McAfee-GW-Edition : Upatre-FACE!67B2464F5D77
MicroWorld-eScan : Trojan.Agent.BMBU
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Dyre.dvrjgu
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-LD
TrendMicro : TROJ_UP.10D6D122
TrendMicro-HouseCall : TROJ_UP.10D6D122
VBA32 : Heur.Trojan.Hlux
VIPRE : Trojan.Win32.Generic!BT
ViRobot : Trojan.Win32.Upatre.43520.A[h]
Zillya : 'Downloader.UpatreGen.Win32.68
nProtect : Trojan.Agent.BMBU

Email analysis :

NOTE : bespalov@stati.orene.ru
NOTE : Received : by stati.orene.ru (Postfix, from userid 5001)
NOTE : 94.79.7.6 ()

Order for Sp/LLC /2015 (Virus)

Dear Sir/Madam,

It was nice to see you again. In attachment you will find the order for Sp/LLC /2015 Please first confirm the price with us. If you have any question about the changes, please ask. In attachment also the logo’s for NieZoe Woven Label new. I know the woven label NieZoe you have to take more quantity. Please let us know the quantity and price. We can use in future also.

Thank you in advance.

Met vriendelijke groet,

Best regards,

Mit Mreundlichen Krussen,
logo
Larlou Lvan Looten
Sales Manager

Nmbyerstraat Noord 162 | 6225 EJ Maastricht The Netherlands | HR14054804 VAT NL809075957B00
T 0031 43 3521470

File analysis :

SHA256 : cc4db92ec0f923c02171c746fd8417b6763257d9a2fcfd6b30818da344791ea3
Filename : Sp-LLC -2015.docx
ALYac : Gen:Variant.Kazy.679360
Ad-Aware : Gen:Variant.Kazy.679360
Arcabit : Trojan.Kazy.DA5DC0
BitDefender : Gen:Variant.Kazy.679360
DrWeb : BackDoor.Bladabindi.1056
ESET-NOD32 : a variant of MSIL/Injector.KSL
Emsisoft : Gen:Variant.Kazy.679360 (B)
F-Secure : Gen:Variant.Kazy.679360
Fortinet : MSIL/Injector.KSL!tr
GData : Gen:Variant.Kazy.679360
Kaspersky : HEUR:Trojan.Win32.Generic
MicroWorld-eScan : Gen:Variant.Kazy.679360
TrendMicro-HouseCall : TROJ_GE.856647F7

Email analysis :

NOTE : NieZoe@NieZoe.COM
NOTE : nisakorn@thai-nichi.com
NOTE : Received : from User ([UNAVAILABLE].
NOTE : [66.76.199.160]) by 0.0.0.0:25 (trex/5.4.2);

NOTE : Received : by smtp24.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)