Thursday, September 3, 2015

Our Ref: CPWB/UN/2015.

UNITED NATIONS / WORLD BANK ORGANIZATION
United Nations House, 617/618.Diplomatic Zone,Central Area District,Federal Capital Territory,Abuja, Nigeria.
Our Ref: CPWB/UN/2015.

Attention: Dear Beneficiary,

RE: APPROVED COMPENSATION PAYMENT AWARD OF US$1.5M

We found your email/name in our list and that is why we are contacting you, This have been agreed upon and have been signed Therefore, we are happy to inform you that an arrangement has perfectly been concluded to effect your payment as soon as possible in our bid to be transparent. However, it is our pleasure to inform you that your ATM Card Number; 7876 3100 03001420 has been approved and upgraded in your favour, Meanwhile, your Secret Pin Number will be available as soon as you confirm to us the receipt of your ATM CARD.The ATM Card Value is $1,500,000.00 USD Only (One Million Five Hundred Thousand United States Dollars). Please contact Mr. Lancelot Ego, Email: remittdeppt22@yahoo.co.jp with the following information to facilitate your claims.

FULL NAME:
AGE:
GENDER:
ADDRESS:
COUNTRY:
OCCUPATION:
MOBILE NUMBER:

Best Regards,
Mr. Samson Adekunle.
CIV NAVSUBTORPFAC NEW YORK.UNITED NATIONS / WORLD BANK ORGANIZATION.

Email analysis :

NOTE : remittdeppt22@yahoo.co.jp
NOTE : wumtjsmt@gmail.com
NOTE : Our Ref: CPWB/UN/2015.

Limpe seu nome com pagamento parcelado!

Tire seu nome do SPC Serasa CCF sem negociar ou pagar as dividas. Esta com nome limpo porém não consegue crédito? Temos a solução. Nosso serviço consiste em baixa suas dividas sem negociar ou pagar suas dividas. Serviço disponível para CPF e CNPJ. Os valores cobrado pelo serviço é fixo tanto para CPF e CNPJ. Temos opção de pagamento parcelado ou avista com desconto

Baixamos as seguintes dividas.
CHEQUES S/FUNDOS:
PROTESTOS:
AÇÕES JUDICIAIS:
DÍVIDA VENCIDA:
ANOTAÇÕES :
CADIM:
AVALISTA:
Entre outros:

Para tirar suas dividas responda esse e-mail ou entre em contato por telefone. Entre em contato e ganhe uma consulta de suas dividas

Atenciosamente Quality Consultoria.
Site: Click aqui para acessar nosso site!
Telefone: 15 4062-9396

Email enviado de acordo com as normas da ABEMD - Associacao Brasileira de Marketing Direto

Email analysis :

NOTE : return@maravilha-online.com
NOTE : from klay115.infonew.net.br ([138.117.196.115])
NOTE : atendimento@consultoria-quality.com

Formation pour gagner en bourse

Bonjour,

La bourse a vraiment mauvaise réputation ces derniers temps. Vous pensez peut être que c'est très dangereux.

Que comme dit notre président François Hollande, le monde de la finance est notre ennemi. Que la faillite des banques n'est pas loin, que les paradis fiscaux comme Chypre peuvent engloutir notre épargne. Et qu'il est préférable d'investir dans des épargnes garanties comme le livret ou même l'immobilier.

Vous avez raison, la bourse a mauvaise réputation. Mais il serait dommage de ne pas profiter des hausses ou des baisses de certains actifs financiers sous prétexte d'un manque d'informations ou tout simplement à cause d'un discours enflammé d'un homme politique...

Il est désormais possible et très facile de miser à la hausse comme à la baisse sur les marchés financiers et ce sur des périodes très courtes allant de 5 à 10 minutes. Pour tout comprendre à cela, nous vous proposons de vous rendre sur ce lien :

A très bientôt,

--

Vanessa

+++

media traffic ltd
6 loanni stvlianou 2nd floor, off/apt, 202 nicosia, cyprus 2003

Email analysis :

NOTE : Received : from trafficdominator.org (69.94.159.162)
NOTE : vanessa@trafficdominator.org

Tuesday, September 1, 2015

Quickly Contact Diplomat Frank Hilton For Your Cash Call +1(951) 263-2316

THis Will Be The last Time I Contact You About Your Compensation Fund .

Central Bank of Nigeria, Investigation has revealed that After all promises to deliver your funds 1$ has not been paid to you, However, am glad to inform you on the development of your compensation funds, For your information Your Diplomat Has arrived Ontario International Airport California, You are given 24 hours to confirm your full house/office address and valid phone number to Diplomat Named Frank Hilton To enable him deliver small box containing the cash amount of (FIVE HUNDRED THOUSAND DOLLARS ) to you today. contact

You must contact him now through email:( hilton877@yahoo.se ) or +1(951) 263-2316
Get back to me with update.

CONGRATULATIONS.
DR GODWIN EBELE
GOVERNORCENTRAL BANK OF NIGERIA

Email analysis :

NOTE : marketing@leku.com
NOTE : hilton877@qq.com
NOTE : Quickly Contact Diplomat Frank Hilton For Your Cash Call +1(951) 263-2316
NOTE : Received : from User (unknown [212.175.165.140]) by mails.leku.com (Postfix)

Payment for driving on toll road, invoice #00000485134 (Virus)

Notice to Appear,

You have not paid for driving on a toll road.
You are kindly asked to service your debt in the shortest time possible.

You can find the invoice is in the attachment.

Yours faithfully,
Warren Mccarthy,
E-ZPass Manager.

E-ZPass_Invoice_00000485134.zip

File analysis :

OPEN : E-ZPass_Invoice_00000485134.zip
RESULT : File is a virus.

Virus analysis :

ALYac : JS:Trojan.Crypt.NO
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.Crypt.NO
Arcabit : JS:Trojan.Crypt.NO
Avira : HTML/ExpKit.Gen2
BitDefender : JS:Trojan.Crypt.NO
Comodo : Heur.Dual.Extensions
Cyren : JS/Nemucod.D.gen
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AV
Emsisoft : JS:Trojan.Crypt.NO (B)
F-Prot : JS/Nemucod.D.gen
F-Secure : JS:Trojan.Crypt.NO
Fortinet : JS/Nemucod.AJ!tr.dldr
GData : JS:Trojan.Crypt.NO
McAfee : JS/Nemucod.i
MicroWorld-eScan : JS:Trojan.Crypt.NO
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : Troj/JSDldr-AF
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.Crypt.NO

Email analysis :

NOTE : cadaloz@kadir.doyumsuzgeceler.com
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Php-Script : cadaloz.net/post.php for 94.23.148.159
NOTE : Received : from kadir.doyumsuzgeceler.com
NOTE : (37.58.75.120-static.reverse.softlayer.com. [37.58.75.120])

Rép : RFQ Confirmation (VIRUS)

Good day,

Pls find attached the Inquiry specification list, kindly send us quotation.

Thanks & Best Regards,
Sashi Ranjan Rath
osco Excellence
Tel 1 (i250) : 870 773210230
Tel 2 (FB250) : 870 773208568
Tel 3 (F-77) : 870 765 091 412
Tel 4 (F-77) : 870 765 091 411
Fax: 870 765091413
Sat C 1 (Tlx): 447703830
Sat C 2 (Tlx): 447703831
Email: ismaelcarrillo_zf@yahoo.com

Order 4223.zip

File analysis :

OPEN : Order 4223.zip
RESULT : File is a virus.

Virus analysis :

SHA256: 387b4893e924421f9e91f1ee2a938b9017fe30f3bfae07abbfbf0d1b121d98fa

Baidu-International : Adware.MSIL.iBryte.DFE
ESET-NOD32 : a variant of MSIL/Kryptik.DFE
Malwarebytes : Trojan.ZBAgent.RNDGen
Qihoo-360 : HEUR/QVM03.0.Malware.Gen
Rising : PE:Malware.Generic/QRS!1.9E2D[F1]
Sophos : Mal/Generic-S
Tencent : Win32.Trojan.Inject.Auto

Email analysis :

NOTE : stefano.sambucci@transpacific.com
NOTE : ismaelcarrillo_zf@yahoo.com
NOTE : Received : from so199-177.asiawhere.com (219.84.199.177)
NOTE : Received : from 41.190.2.39 ([41.190.2.39])
NOTE : by webmail.mimifund.com (Horde Framework)
NOTE : User-Agent : Internet Messaging Program (IMP) H3 (4.3.9)
NOTE : Return-Path : < stefano.sambucci@transpacific.com >
NOTE : X-No-Auth : unauthenticated sender