Tuesday, April 26, 2016

invoice confirmation (Virus)

Good day,

Please find attached invoice for the past months. Remit the new payment
by 30/05/2016 as outlines under our payment agreement.

Regards

Sino

FILE : invoice0879657_pdf.ace

invoice0879657_pdf.ace is a virus.
SHA256: fe382fb45d36b6e03728384999eb79b38f198168dc6fcc4ddbdabb69439a205a
DrWeb : Trojan.PWS.Stealer.1932
ESET-NOD32 : a variant of MSIL/Injector.OZV
Sophos : Mal/DrodAce-A

Email analysis :

NOTE : bik@isioco.fr
NOTE : User-Agent : Roundcube Webmail/1.1.4
NOTE : Received : from us32L.aryadns.com (us132.aryadns.com. [64.31.31.132])
NOTE : Received : from webmail.isioco.fr (localhost [IPv6:::1])
NOTE : by us32L.aryadns.com (Postfix)
NOTE : client-ip=64.31.31.132;

Thursday, January 14, 2016

URGENT RFQ (MORE VIRUS)

Dear Sir,

We sent you an order inquiry last week, but we did not receive any response from your regarding our order.

ATTACHED is a copy of NEW ORDER LIST for December Shipment. Please let me know the availability and your best prices of MATERIALS MARKED IN BLUE.

We will be waiting for your quotation.

Best Regards,
Roy
Al Nasser LLC

Virus analysis :

RFQ NO (14203) JAN DELIVERY ETA ETD PMM 01062016 jpeg1..ace

SHA256 : dacb8ff543c462f954500431f2a795a24ed10fa454cd7f27e3f0f1787dbe58fa
AVG : MSIL9.BEMV
Ad-Aware : Gen:Variant.Zusy.175290
Arcabit : Trojan.Zusy.D2ACBA
Avast : MSIL:Injector-NE [Trj]
BitDefender : Gen:Variant.Zusy.175290
Cyren : W32/Trojan.ZNMT-3910
DrWeb : Trojan.PWS.Siggen1.45471
ESET-NOD32 : a variant of MSIL/Injector.NLR
Emsisoft : Gen:Variant.Zusy.175290 (B)
F-Prot : W32/Trojan3.TDU
F-Secure : Gen:Variant.Zusy.175290
Fortinet : PossibleThreat.P0
GData : Gen:Variant.Zusy.175290
Ikarus : Evilware.Outbreak
Kaspersky : Trojan-PSW.Win32.Tepfer.psxdsw
MicroWorld-eScan : Gen:Variant.Zusy.175290
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Sophos : Mal/DrodAce-A

RFQ#Requirments Quote list ETD 05012015 RFxNumber 6200133094 jpeg2..ace

SHA256 : b7dd4530f2b97c33d1ea6df114d8fd7a9a6c6b1b78288394fbcf175b182e4da0
AVG : MSIL9.BEMV
Ad-Aware : Gen:Variant.Zusy.175290
Arcabit : Trojan.Zusy.D2ACBA
Avast : MSIL:Injector-NE [Trj]
Avira : TR/Dropper.MSIL.242773
BitDefender : Gen:Variant.Zusy.175290
Cyren : W32/Trojan.PNIW-7381
DrWeb : Trojan.PWS.Siggen1.45471
ESET-NOD32 : a variant of MSIL/Injector.NLR
Emsisoft : Gen:Variant.Zusy.175290 (B)
F-Secure : Gen:Variant.Zusy.175290
Fortinet : PossibleThreat.P0
GData : Gen:Variant.Zusy.175290
Ikarus : Evilware.Outbreak
Kaspersky : Trojan-PSW.Win32.Tepfer.psxdsx
MicroWorld-eScan : Gen:Variant.Zusy.175290
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Sophos : Mal/DrodAce-A

Email analysis :

NOTE : brainkings24@gmail.com
NOTE : ecos@atr.ecos.kz
NOTE : Received : from [142.54.171.74] (helo=User)


NOTE : by ecos.kz

Urgent RQF

Dear Sir,

We sent you an order inquiry last week, but we did not receive any response from your regarding our order.

ATTACHED is a copy of NEW ORDER LIST for December Shipment. Please let me know the availability and your best prices of MATERIALS MARKED IN BLUE.

We will be waiting for your quotation.

Best Regards,
Roy
Al Nasser LLC
Proforma Invoice

RFQ#Requirments Quote list ETA ETD 05012015 RFxNumber 6200133094 jpeg.ace

Virus analysis :

DrWeb : Trojan.PWS.Stealer.15120
ESET-NOD32 : a variant of MSIL/Injector.NLF
Qihoo-360 : HEUR/QVM03.0.Malware.Gen 20160105
Sophos : Mal/DrodAce-A 20160105

Email analysis :

NOTE : prabhukumar59@yahoo.com
NOTE : ecos@atr.ecos.kz
NOTE : 185.22.65.41 (mail.ecos.kz)


NOTE : Received : from [142.54.171.74] (helo=User) by ecos.kz

Friday, July 24, 2015

Inquiry

Dear Sir,

Refers to the new order raised to your company,
Attached please find the order and swift copy of the last shipment.
Kindly open the PDF file to view details

Regards
Thanks & Regards,

Michail Harik
CMT executive – Platinum Team
Aramex Doha – Doha, Qatar
Tel +974 44200193
aramex.com

pr.no.567890.docx

File analysis :

File : pr.no.567890.docx
SHA256 : dbdb40864695b3e8ffd980f051d829b38fb38bbd93711cfb2188165cc58c0ec9
NOTE : File pr.no.567890.docx is a virus

AVG : PSW.Generic12.CAPW
Ad-Aware : Trojan.GenericKD.2591074
Arcabit Trojan.Generic.D278962
Avast : MSIL:Zbot-Z [Trj]
Avira : TR/Dropper.MSIL.173869
BitDefender : Trojan.GenericKD.2591074
DrWeb : Trojan.PWS.Siggen1.39434
ESET-NOD32 : a variant of MSIL/Injector.KXP
Emsisoft : Trojan.GenericKD.2591074 (B)
F-Secure : Trojan.GenericKD.2591074
Fortinet : MSIL/Injector.KSL!tr
GData : Trojan.GenericKD.2591074
Ikarus : Trojan.MSIL.Injector
Kaspersky : Trojan-Dropper.Win32.Sysn.batm
McAfee : PWS-FCDG!4A71EF2B2FA1
McAfee-GW-Edition : PWS-FCDG!4A71EF2B2FA1
MicroWorld-eScan : Trojan.GenericKD.2591074
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Symantec : Infostealer.Limitail

Email analysis :

NOTE : info@paltinum.com
NOTE : X-Sender-Id : nisakorn@thai-nichi.com
NOTE : X-Msmail-Priority : Normal
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : client-ip=173.203.6.144;
NOTE : Received : from smtp144.ord.emailsrvr.com
NOTE : (smtp144.ord.emailsrvr.com. [173.203.6.144])
NOTE : Received : from smtp27.relay.ord1a.emailsrvr.com
NOTE : (localhost.localdomain [127.0.0.1]) by smtp27.relay.ord1a.emailsrvr.com
NOTE : Received : by smtp27.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
NOTE : Received : from User ([UNAVAILABLE]. [66.76.199.160])


NOTE : by 0.0.0.0:25 (trex/5.4.2)
NOTE : Inquiry