Thursday, September 22, 2016

Dear Friend. My private email address is (mrshmaria@foxmail.com

Dear Friend.

I am Mrs. Maria, the Head of file Department in Bank of Africa. I seek your assistance and I am assured of your capability to champion this business opportunity, to remit the sum of $10.5 million U S dollars into your account. If you are interested please let me know so that i can send you the full details of this transaction. I agree that 40% of this money will be for you, while 10% will be set aside for all expenses incurred during the business and 50% would be for me. If you are interested to execute this business with me, you should contact me in my private email and provide me the below requested information to avoid any delays, and I will furnish you with more elaborate information. My private email address is (mrshmaria@foxmail.com)

(1)Your Name
(2)Your age.........................
(3)Your occupation..................
(4)Your full residential address...............
(5)Your private phone and fax number

I await your prompt response. Best regards,

Mrs. Maria
Email(mrshmaria@foxmail.com)

call me if you are instrested +226 65369757

Email analysis :

NOTE : u_oi@aol.fr
NOTE : Received : from 88.150.176.22

Assurance ****** (Hameçonnage Ameli)

Madame,Monsieur

Après les derniers calculs de votre assurance maladie , nous avons déterminé que vous êtes admissible à recevoir un remboursement d'un montant de 99.00 euro. Nous vous invitons à consulter les démarches à suivre en Cliquant-ici

Cordialement,

Ameli.fr - assurance maladie ameli 2016 France
https://www.ameli.fr

Email analysis :

NOTE : onrage.forge@paltalk.free.fr
NOTE : Cmm-Sender-Ip : 104.47.36.75


Phishing analysis :

CLICK : Cliquant-ici
OPEN : http://exxpo.com.br/js/extjs/js.html
RESULT : Phishing was removed...

documents (Virus)

Ramona huger Office Manager
Box Rentals LLC
Sanibel Executive Suites
Crestwood Apts.
Cleveland Apts.
rayatboxrentals@cableone.net
www.sanibelsuites.com
2230 East 8th St / Office
Joplin, Mo.64801
Cell-417-312-3661
Office-417-624-7900
Fax- 417-624-7971

5496921_55724.zip

Email analysis :

NOTE :

NOTE : Return-Path : < ramona.huger@cableone.net >
NOTE : Mime-Version : 1.0
NOTE : Message-Id : < *.*.*.JavaMail.zimbra@cableone.net >
NOTE : X-Mailer : Zimbra 8.0.7_GA_6021 (ZimbraWebClient - GC46 (Win)/8.0.7_GA_6021)
NOTE : Thread-Topic : documents
NOTE : Received : from PHC-i5-VAIO (unknown [113.186.230.214])


NOTE : [SPAM] documents

File analysis :

Download : 5496921_55724.zip.
Result : 5496921_55724.zip is a virus.

Virus analysis :

SHA256 16bb72cc0a9a02626ef293df46696f489935e5890df483251976d38d1bf613d9
ALYac JS:Trojan.Crypt.PV
AVG JS/Downloader.Agent.54_Q
Ad-Aware JS:Trojan.Crypt.PV
AhnLab-V3 JS/Obfus.S137
Antiy-AVL Trojan/Generic.ASMalwRG.70
Arcabit JS:Trojan.Crypt.PV
Avira (no cloud) HEUR/Suspar.Gen
Baidu JS.Trojan-Downloader.Nemucod.jn
BitDefender JS:Trojan.Crypt.PV
CAT-QuickHeal JS.Locky.FA
Cyren JS/Nemucod.CA1
DrWeb JS.DownLoader.2236
ESET-NOD32 JS/TrojanDownloader.Nemucod.AZC
Emsisoft JS:Trojan.Crypt.PV (B)
F-Prot JS/Nemucod.CA1
F-Secure JS:Trojan.Crypt.PV
Fortinet JS/Nemucod.SMK9!tr
GData JS:Trojan.Crypt.PV
Ikarus Trojan-Ransom.Script.Locky
K7AntiVirus Trojan ( 004f43681 )
K7GW Trojan ( 004f43681 )
Kaspersky Trojan-Downloader.JS.Cryptoload.als
McAfee JS/Nemucod.jg
McAfee-GW-Edition JS/Nemucod.jg
eScan JS:Trojan.Crypt.PV
Microsoft TrojanDownloader:JS/Swabfex.P
Sophos Mal/DrodZp-A
Tencent Js.Trojan.Raas.Auto

Open Virus :

NOTE : CYTUKE64504.wsf
NOTE : Windows Script File (WSF)
NOTE : http://pastebin.com/BqrxRQqW
RAW : http://pastebin.com/raw/BqrxRQqW

CHANGE OF YOUR BANK ACCOUNT DETAILS.

CHANGE OF YOUR BANK ACCOUNT DETAILS.

We have received an official notification on 09-19-2016 from Teresa L. Haskins, who claimed that you have authorized her to handle everything concerning the release of your inheritance Fund which is US$3.5 Million as she has confirmed to us that you are now in the Hospital taking care of your cancer illness. Meanwhile, in the consideration to our Official code of conduct and services here in west, Africa, we deem it necessary that we should get in touch with you first for confirmation before we can proceed with her request. Therefore, we need your prompt instruction to proceed with her in this matter for the purpose of remitting the fund to her nominative bank account details below:-

Bank: Bank of America
Address: 1143 Nashville Pike
Gallatin, Tennessee 37066
Account Name: Teresa Haskins
Account Number: 483032646884
Electronic Transfer: 064000020
Wire Transfer: 026009593

The release of the fund will be fixed as soon as we receive your prompt response to this message. it is very important that you should get in touch with Mr. Sani Kabir with immediate confirmation to enable the bank's administrative department transfer this money to her above mentioned bank account as you instructed. Contact back via email address ( sanikabir.private@hotmail.com )

NOTE: Failure to reply will give the other option than to believe you are the one that gave her the power to receive the payment on your behalf and enable us to proceed to complete the transfer to her above nominative bank account.

Yours faithfully,
Mr. Asue Ighodalo.
Chairman, Sterling Bank Plc.

Email analysis :

NOTE : sanikabir.private@hotmail.com
NOTE : dispatch@mail.roymiller.com
NOTE : 104.167.99.34 (reversing.co.il)

LAST TRANSFER NOTIFICATION

FEDERAL MINISTRY OF FINANCE NATIONAL HOUSE OF ASSEMBLY COMPLEX SENATE HOUSE - UPPER CHAMBERS WUSE DISTRICT, COTONOU BENIN REP.
IF YOU FAIL TO SEND THE $49 THIS WEEK YOUR $2,500,000.00 IS GONE.....!!!
Our Ref: FGN /SNT/STB

CONTACT ME BACK USING THE E MAIL BELOW: (daveknight9727@gmail.com )

Compliment of the season to you and your family,

Please I have to inform you again, that we are not playing over this, I know my reason for the continuous sending of this notification to you, the fact is that you can't seem to trust any one again over this payment for what you have been in cantered in many months ago, but I want you to trust me, I cannot scam you for $49 it is for bank processing of your payment, the fees of $49 is clearly written to you before, I did not invent the bill to defraud you of $49 it is an official bank payment processing fee, and the good part of this, is that you will never, ever be disturbed again over any kind of payment/fees, this is final, and the forms from there becomes effective once we submit your payment application processing fee and pay the form fee of $49 I don't want you to loose this fund this time,

because you may never get another such good opportunity, the Federal government is keen and very determined to pay your overdue debts, this is not a fluke, I would not The processing charges which was initially on the high price has been cut down by the payout bank considering the poor economic situations that make it difficult for the middle class citizens to meet up with the processing charges of their entitlement. Upon the confirmation of your processing charges you will get your $2,500,000.00 into your account within 15hrs.

Only what you will do now is to Contact us back if you are interested of receiving your fund and information has be given to you where to send the bank processing charges to avoid wrong transaction, finally my advice to you is not to abandon this transaction because of the requirement of
($49)

SEND THE $49 TO THE DETAILS BELOW. through Western Union Or Money Gram Urgent:

Receiver Name ... Anthony Emekamu
Country .....Benin Republic.
City .................Cotonou.
Amount .....$49.00 US Dollars
Text question: When
Answer: Now

Send the payment MTCN/REF# once you have sent the $49 together with your account details for the wire transfer.

Get back to me at daveknight9727@gmail.com

Thanks

As soon as the fee payment is received, you will receive your $2.5M same today without any delay.

Best Regards
David Knight ESQ

Email analysis :

NOTE : info@finger.co.kr
NOTE : 14.63.222.224

URGENTLY CONFIRM

HELLO,
PLEASE WANT YOU TO URGENTLY CONFIRM TO ME IF YOU HAVE RECEIVED YOUR
FUND.PLEASE DO CONFIRM NOW IF YOU HAVE OR NOT.
REGARDS
REV.JEAN BRIDIANE

Email analysis :

NOTE : noreply@reversing.co.il
NOTE : 104.167.99.34 (reversing.co.il)

Dear Beneficiary $3.6 Million USA Dollars,

Dear Beneficiary $3.6 Million USA Dollars,

This is to inform you that your funds of $3.6 Million USA Dollars which was on hold by the International Monetary Funds for the past few months ago and we did not heard from you again, so after the board executives meeting yesterday it was concluded that your fund should be release to you. So it has been forwarded to the D.H.L for the immediate delivery to you. today afternoon and i will give you tracking numbers, So the only fee you have to pay to them is $49.00USD for them to purchase your delivery files and start delivery your consignment tomorrow and arrive time is 5:35PM your time make sure that you must be at home tomorrow at 5:35PM after sending this last fee and forward your delivery address with the MTCN# be very fast and do this transfer so your package will follow first P.L.N Tomorrow, here is tracking to others people who receive their own last three weeks to confirm that you will receive your own like him just tracking with www.dhl.com Tracking number (Waybill: 3649333240)

Find below information where you send the require $49.00 for the immediate via MONEY GRAM

Receiver------------ JOHN OZU
Country-----------------Benin Republic
Location City---------Cotonou
Text Question--------When
Answer-----------------Now
Amount--------------$49.Only
Mtcn-----------------
Sender ------------
Your receiver name ...............
And your home address..............

Be advise that the $49.00 is a compulsory as they told me that is only money you will pay until you receive your payment completely.

I will be looking forward to hear from you with the payment information's and your receiver address.

Email(ups.courier201@gmail.com)
+229 62255849
Yours faithfully.

Mr Karim Barhoumi
International Monetary Funds (IMF)
Representative in Benin Republic

Email analysis :

NOTE : ups.courier201@gmail.com
NOTE : kazupyon.@mbg.ocn.ne.jp
NOTE : [197.234.219.73]


NOTE : 153.149.231.12 (mogw1006.ocn.ad.jp)