Notice to Appear,
You have not paid for driving on a toll road.
You are kindly asked to pay your debt as soon as possible.
The copy of the invoice is attached to this email.
Sincerely,
Thomas Gorman,
E-ZPass Agent.
E-ZPass_Invoice_000948265.zip
File analysis :
OPEN FILE : E-ZPass_Invoice_000948265.zip
RESULT : FILE IS A VIRUS
Virus analysis :
SHA256 : 5ec5b13bbf1d2a2179168acfaec53da59afa6b8ca480930e1b56d996b51dd140
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AS
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan.JS.Agent.cpl
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
MicroWorld-eScan : JS:Trojan.JS.Downloader.AN
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN
Email analysis :
NOTE : thomas.gorman@jerusalem.hostyou.com.br
NOTE : client-ip=104.238.195.142;
NOTE : Sender Address Domain - jerusalem.hostyou.com.br
NOTE : X-Source-Args : /usr/bin/php /home/centova/public_html/coisaseria.com.br/post.php
NOTE : < centova@jerusalem.hostyou.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Source-Dir : centova.com:/public_html/coisaseria.com.br
NOTE : X-Priority : 3
NOTE : X-Get-Message-Sender-Via : jerusalem.hostyou.com.br:
NOTE : authenticated_id: centova/primary_hostname/system user
NOTE : X-Source : /usr/bin/php
NOTE : Received : by 10.202.17.82 with SMTP
NOTE : Received : from centova by jerusalem.hostyou.com.br
NOTE : Indebtedness for driving on toll road #000948265
Thursday, August 27, 2015
Friday, July 24, 2015
Inquiry
Dear Sir,
Refers to the new order raised to your company,
Attached please find the order and swift copy of the last shipment.
Kindly open the PDF file to view details
Regards
Thanks & Regards,
Michail Harik
CMT executive – Platinum Team
Aramex Doha – Doha, Qatar
Tel +974 44200193
aramex.com
pr.no.567890.docx
File analysis :
File : pr.no.567890.docx
SHA256 : dbdb40864695b3e8ffd980f051d829b38fb38bbd93711cfb2188165cc58c0ec9
NOTE : File pr.no.567890.docx is a virus
AVG : PSW.Generic12.CAPW
Ad-Aware : Trojan.GenericKD.2591074
Arcabit Trojan.Generic.D278962
Avast : MSIL:Zbot-Z [Trj]
Avira : TR/Dropper.MSIL.173869
BitDefender : Trojan.GenericKD.2591074
DrWeb : Trojan.PWS.Siggen1.39434
ESET-NOD32 : a variant of MSIL/Injector.KXP
Emsisoft : Trojan.GenericKD.2591074 (B)
F-Secure : Trojan.GenericKD.2591074
Fortinet : MSIL/Injector.KSL!tr
GData : Trojan.GenericKD.2591074
Ikarus : Trojan.MSIL.Injector
Kaspersky : Trojan-Dropper.Win32.Sysn.batm
McAfee : PWS-FCDG!4A71EF2B2FA1
McAfee-GW-Edition : PWS-FCDG!4A71EF2B2FA1
MicroWorld-eScan : Trojan.GenericKD.2591074
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Symantec : Infostealer.Limitail
Email analysis :
NOTE : info@paltinum.com
NOTE : X-Sender-Id : nisakorn@thai-nichi.com
NOTE : X-Msmail-Priority : Normal
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : client-ip=173.203.6.144;
NOTE : Received : from smtp144.ord.emailsrvr.com
NOTE : (smtp144.ord.emailsrvr.com. [173.203.6.144])
NOTE : Received : from smtp27.relay.ord1a.emailsrvr.com
NOTE : (localhost.localdomain [127.0.0.1]) by smtp27.relay.ord1a.emailsrvr.com
NOTE : Received : by smtp27.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
NOTE : Received : from User ([UNAVAILABLE]. [66.76.199.160])
NOTE : by 0.0.0.0:25 (trex/5.4.2)
NOTE : Inquiry
Refers to the new order raised to your company,
Attached please find the order and swift copy of the last shipment.
Kindly open the PDF file to view details
Regards
Thanks & Regards,
Michail Harik
CMT executive – Platinum Team
Aramex Doha – Doha, Qatar
Tel +974 44200193
aramex.com
pr.no.567890.docx
File analysis :
File : pr.no.567890.docx
SHA256 : dbdb40864695b3e8ffd980f051d829b38fb38bbd93711cfb2188165cc58c0ec9
NOTE : File pr.no.567890.docx is a virus
AVG : PSW.Generic12.CAPW
Ad-Aware : Trojan.GenericKD.2591074
Arcabit Trojan.Generic.D278962
Avast : MSIL:Zbot-Z [Trj]
Avira : TR/Dropper.MSIL.173869
BitDefender : Trojan.GenericKD.2591074
DrWeb : Trojan.PWS.Siggen1.39434
ESET-NOD32 : a variant of MSIL/Injector.KXP
Emsisoft : Trojan.GenericKD.2591074 (B)
F-Secure : Trojan.GenericKD.2591074
Fortinet : MSIL/Injector.KSL!tr
GData : Trojan.GenericKD.2591074
Ikarus : Trojan.MSIL.Injector
Kaspersky : Trojan-Dropper.Win32.Sysn.batm
McAfee : PWS-FCDG!4A71EF2B2FA1
McAfee-GW-Edition : PWS-FCDG!4A71EF2B2FA1
MicroWorld-eScan : Trojan.GenericKD.2591074
Microsoft : Trojan:Win32/Dynamer!ac
Panda : Trj/CI.A
Symantec : Infostealer.Limitail
Email analysis :
NOTE : info@paltinum.com
NOTE : X-Sender-Id : nisakorn@thai-nichi.com
NOTE : X-Msmail-Priority : Normal
NOTE : X-Mimeole : Produced By Microsoft MimeOLE V6.00.2600.0000
NOTE : Mime-Version : 1.0
NOTE : X-Priority : 3
NOTE : X-Mailer : Microsoft Outlook Express 6.00.2600.0000
NOTE : client-ip=173.203.6.144;
NOTE : Received : from smtp144.ord.emailsrvr.com
NOTE : (smtp144.ord.emailsrvr.com. [173.203.6.144])
NOTE : Received : from smtp27.relay.ord1a.emailsrvr.com
NOTE : (localhost.localdomain [127.0.0.1]) by smtp27.relay.ord1a.emailsrvr.com
NOTE : Received : by smtp27.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
NOTE : Received : from User ([UNAVAILABLE]. [66.76.199.160])
NOTE : by 0.0.0.0:25 (trex/5.4.2)
NOTE : Inquiry
Monday, July 20, 2015
Order for Sp/LLC /2015 (Virus)
Dear Sir/Madam,
It was nice to see you again. In attachment you will find the order for Sp/LLC /2015 Please first confirm the price with us. If you have any question about the changes, please ask. In attachment also the logo’s for NieZoe Woven Label new. I know the woven label NieZoe you have to take more quantity. Please let us know the quantity and price. We can use in future also.
Thank you in advance.
Met vriendelijke groet,
Best regards,
Mit Mreundlichen Krussen,
logo
Larlou Lvan Looten
Sales Manager
Nmbyerstraat Noord 162 | 6225 EJ Maastricht The Netherlands | HR14054804 VAT NL809075957B00
T 0031 43 3521470
File analysis :
SHA256 : cc4db92ec0f923c02171c746fd8417b6763257d9a2fcfd6b30818da344791ea3
Filename : Sp-LLC -2015.docx
ALYac : Gen:Variant.Kazy.679360
Ad-Aware : Gen:Variant.Kazy.679360
Arcabit : Trojan.Kazy.DA5DC0
BitDefender : Gen:Variant.Kazy.679360
DrWeb : BackDoor.Bladabindi.1056
ESET-NOD32 : a variant of MSIL/Injector.KSL
Emsisoft : Gen:Variant.Kazy.679360 (B)
F-Secure : Gen:Variant.Kazy.679360
Fortinet : MSIL/Injector.KSL!tr
GData : Gen:Variant.Kazy.679360
Kaspersky : HEUR:Trojan.Win32.Generic
MicroWorld-eScan : Gen:Variant.Kazy.679360
TrendMicro-HouseCall : TROJ_GE.856647F7
Email analysis :
NOTE : NieZoe@NieZoe.COM
NOTE : nisakorn@thai-nichi.com
NOTE : Received : from User ([UNAVAILABLE].
NOTE : [66.76.199.160]) by 0.0.0.0:25 (trex/5.4.2);
NOTE : Received : by smtp24.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
It was nice to see you again. In attachment you will find the order for Sp/LLC /2015 Please first confirm the price with us. If you have any question about the changes, please ask. In attachment also the logo’s for NieZoe Woven Label new. I know the woven label NieZoe you have to take more quantity. Please let us know the quantity and price. We can use in future also.
Thank you in advance.
Met vriendelijke groet,
Best regards,
Mit Mreundlichen Krussen,
logo
Larlou Lvan Looten
Sales Manager
Nmbyerstraat Noord 162 | 6225 EJ Maastricht The Netherlands | HR14054804 VAT NL809075957B00
T 0031 43 3521470
File analysis :
SHA256 : cc4db92ec0f923c02171c746fd8417b6763257d9a2fcfd6b30818da344791ea3
Filename : Sp-LLC -2015.docx
ALYac : Gen:Variant.Kazy.679360
Ad-Aware : Gen:Variant.Kazy.679360
Arcabit : Trojan.Kazy.DA5DC0
BitDefender : Gen:Variant.Kazy.679360
DrWeb : BackDoor.Bladabindi.1056
ESET-NOD32 : a variant of MSIL/Injector.KSL
Emsisoft : Gen:Variant.Kazy.679360 (B)
F-Secure : Gen:Variant.Kazy.679360
Fortinet : MSIL/Injector.KSL!tr
GData : Gen:Variant.Kazy.679360
Kaspersky : HEUR:Trojan.Win32.Generic
MicroWorld-eScan : Gen:Variant.Kazy.679360
TrendMicro-HouseCall : TROJ_GE.856647F7
Email analysis :
NOTE : NieZoe@NieZoe.COM
NOTE : nisakorn@thai-nichi.com
NOTE : Received : from User ([UNAVAILABLE].
NOTE : [66.76.199.160]) by 0.0.0.0:25 (trex/5.4.2);
NOTE : Received : by smtp24.relay.ord1a.emailsrvr.com
NOTE : (Authenticated sender: nisakorn-AT-thai-nichi.com)
Friday, July 17, 2015
Temos uma mensagem para voce - Alfa
Boleto de Cobrança Referente ao pedido: 00197742
Caro(a) cliente
Informo que a duplicata com vencimento em 05/07 no valor de R$2.554,07 não foi paga.
Faça o download da 2ª via da duplicata atualizada para pagamento.
Download boleto atualizado
Aguardamos o pagamento do boleto. O não pagamento do acordo nos prazos estabelecidos
acarretara multa e juros de mora de 0,5% (meio por cento) ao dia.
Atenciosamente.
Aldo A. Silva
Setor Financeiro.
Alfa finaceira Ltda
CNPJ: 61.198.164/0001-60
ref: 933170
[Time_long]
Virus analysis
CLICK : Download boleto atualizado
OPEN : http://bit.ly/1e0X1SA
DOWNLOAD FILE : Documento_N_908301238HAK38-31.zip
SHA256 : 50fb97d11dc2dfd85ebf2242aa8919829ac955906094f1868d13dadabda45ffe
Avast : Win32:Malware-gen
Baidu-International : Trojan.Win32.Downloader.aa
DrWeb : Trojan.MulDrop5.63051
Kaspersky : HEUR:Trojan-Downloader.Win32.Generic
Sophos : Mal/BredoZp-B
Email analysis :
NOTE : melissa.santana@trifil.com.br
NOTE : Received : from vps2477.vpsunit.com (83.125.87.89)
NOTE : 83.125.87.89 (vps2477.vpsunit.com)
Caro(a) cliente
Informo que a duplicata com vencimento em 05/07 no valor de R$2.554,07 não foi paga.
Faça o download da 2ª via da duplicata atualizada para pagamento.
Download boleto atualizado
Aguardamos o pagamento do boleto. O não pagamento do acordo nos prazos estabelecidos
acarretara multa e juros de mora de 0,5% (meio por cento) ao dia.
Atenciosamente.
Aldo A. Silva
Setor Financeiro.
Alfa finaceira Ltda
CNPJ: 61.198.164/0001-60
ref: 933170
[Time_long]
Virus analysis
CLICK : Download boleto atualizado
OPEN : http://bit.ly/1e0X1SA
DOWNLOAD FILE : Documento_N_908301238HAK38-31.zip
SHA256 : 50fb97d11dc2dfd85ebf2242aa8919829ac955906094f1868d13dadabda45ffe
Avast : Win32:Malware-gen
Baidu-International : Trojan.Win32.Downloader.aa
DrWeb : Trojan.MulDrop5.63051
Kaspersky : HEUR:Trojan-Downloader.Win32.Generic
Sophos : Mal/BredoZp-B
Email analysis :
NOTE : melissa.santana@trifil.com.br
NOTE : Received : from vps2477.vpsunit.com (83.125.87.89)
NOTE : 83.125.87.89 (vps2477.vpsunit.com)
Rép : Purchase Order
Good day,
I am Sandra Matinez from Garnet Chemicals Here in Tennessee Unites State. We am urgently in need of the attached product please send us more details and quote your best price of the product .
I are looking forward to your early reply.
Regards,
Regards
Sandra
Garnet Chemical
150 East 58th Street
Main Floor A+D Building - 10155
Tennessee, City, Chattanooga
Direct Mobile: +14237098388
Email: sandra.matinz@aol.com
Email: sandra.m@garnetchemicals.com
Purchase Order.ace
File analysis : Purchase Order.ace
SHA256 : ac5a73fa12ef31c352342af6fa0c1afc7b4731044d575dbbcff92a0ed00b3454
AVG : Luhe.Fiha.A
ESET-NOD32 : a variant of MSIL/Injector.KUC
Ikarus : Trojan.MSIL.Injector
Sophos : Mal/DrodAce-A
Email analysis :
NOTE : sandra.matinz@aol.com
NOTE : smatinz@hitachi-koki.com.sg
NOTE : Received : from [52.2.188.185]
NOTE : (account prohorova@wiegand-logistics.ru HELO WIN-POBK0T90HNH.ec2.internal)
NOTE : by backend12.aha.ru (CommuniGate Pro SMTP 4.3.11)
NOTE : Received : from aha.ru (backend12.aha.ru. [62.113.86.201])
I am Sandra Matinez from Garnet Chemicals Here in Tennessee Unites State. We am urgently in need of the attached product please send us more details and quote your best price of the product .
I are looking forward to your early reply.
Regards,
Regards
Sandra
Garnet Chemical
150 East 58th Street
Main Floor A+D Building - 10155
Tennessee, City, Chattanooga
Direct Mobile: +14237098388
Email: sandra.matinz@aol.com
Email: sandra.m@garnetchemicals.com
Purchase Order.ace
File analysis : Purchase Order.ace
SHA256 : ac5a73fa12ef31c352342af6fa0c1afc7b4731044d575dbbcff92a0ed00b3454
AVG : Luhe.Fiha.A
ESET-NOD32 : a variant of MSIL/Injector.KUC
Ikarus : Trojan.MSIL.Injector
Sophos : Mal/DrodAce-A
Email analysis :
NOTE : sandra.matinz@aol.com
NOTE : smatinz@hitachi-koki.com.sg
NOTE : Received : from [52.2.188.185]
NOTE : (account prohorova@wiegand-logistics.ru HELO WIN-POBK0T90HNH.ec2.internal)
NOTE : by backend12.aha.ru (CommuniGate Pro SMTP 4.3.11)
NOTE : Received : from aha.ru (backend12.aha.ru. [62.113.86.201])
eFax message from "unknown" - 1 page(s), Caller-ID: 1-893-787-7876
Fax Message [Caller-ID: 1-893-787-7876
You have received a 1 page fax at Fri, 17 Jul 2015 07:03:05 +0900. * The reference number for this fax is atl_did1-1400166434-62714347775-154. Click here to view this fax using your PDF reader. Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
j2 Global | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | OneBox
2014 j2 Global, Inc. All rights reserved.
eFax is a registered trademark of j2 Global, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.
Virus analysis :
CLICK : atl_did1-1400166434-62714347775-154
CLICK : here
OPEN : http://descubreone.mx/securestorage/get_document.html
DOWNLOAD : A virus.
REDIRECT : https://www.efax.com/
Email analysis :
NOTE : message@inbound.efax.com
NOTE : Received : from unknown (HELO GPFSHLVXV) (119.194.222.13)
NOTE : 119.194.222.13 ()
NOTE : *@blueturtle.com.au
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
You have received a 1 page fax at Fri, 17 Jul 2015 07:03:05 +0900. * The reference number for this fax is atl_did1-1400166434-62714347775-154. Click here to view this fax using your PDF reader. Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
j2 Global | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | OneBox
2014 j2 Global, Inc. All rights reserved.
eFax is a registered trademark of j2 Global, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.
Virus analysis :
CLICK : atl_did1-1400166434-62714347775-154
CLICK : here
OPEN : http://descubreone.mx/securestorage/get_document.html
DOWNLOAD : A virus.
REDIRECT : https://www.efax.com/
Email analysis :
NOTE : message@inbound.efax.com
NOTE : Received : from unknown (HELO GPFSHLVXV) (119.194.222.13)
NOTE : 119.194.222.13 ()
NOTE : *@blueturtle.com.au
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
Wednesday, July 15, 2015
[SPAM] Facture N277264-502252
Bonjour,
Nous vous prions de bien vouloir trouver ci-jointe notre facture N°277264-502252. Nous vous en souhaitons bonne réception.
Bien sincèrement.
Le service comptable.
Maryanne Acosta
Email analysis :
NOTE : MaryanneAcostapy@public-gprs362522.centertel.pl
Nous vous prions de bien vouloir trouver ci-jointe notre facture N°277264-502252. Nous vous en souhaitons bonne réception.
Bien sincèrement.
Le service comptable.
Maryanne Acosta
Email analysis :
NOTE : MaryanneAcostapy@public-gprs362522.centertel.pl
Thursday, July 9, 2015
Facture n 87/48/00220 ,BRIANT
Bonjour,
tu vois morad en fin de journée, mais au cas où
voici les factures misent à jour,
factures N°6 pour la PP et la villa étageet facture des peintures très bonne fin de journée,
Chadwick BRIANT
87_48_00220.doc
File analysis :
OPEN : 87_48_00220.doc
RESULT 87_48_00220.doc is a virus.
Email analysis :
NOTE : Received : from 401mac.401trucksource.com (207.54.122.181)
NOTE : chadwickbriantsu@401mac.401trucksource.com
NOTE : TCMime 1.0 by Tencent
NOTE : QQMail 2.x
NOTE : X-Originating-Ip : 207.54.122.181
Virus analysis :
FIle : 87_48_00220.doc
SHA256 : a912466c03f5cea660b98468277f01fc66492a4dee7c014f15cfa5508312db29
AVG : Generic13_c.AEAY
Arcabit : HEUR.VBA.Trojan
Avast : Other:Malware-gen [Trj]
Avira : W97M/Agent.18522
BitDefender : Trojan.Doc.Downloader.DW
DrWeb : VBS.Dropper.61
Emsisoft : Trojan.Doc.Downloader.DW (B)
F-Secure : Trojan.Doc.Downloader.DW
Fortinet : WM/Agent!tr
GData : Trojan.Doc.Downloader.DW
Kaspersky : Trojan-Downloader.MSWord.Agent.oc
McAfee : W97M/Downloader.ajz
MicroWorld-eScan : Trojan.Doc.Downloader.DW
Microsoft : TrojanDownloader:W97M/Adnel
Sophos : Troj/DocDl-TF
Symantec : W97M.Downloader
TrendMicro : W2KM_BA.AB553B8F
TrendMicro-HouseCall : W2KM_BA.AB553B8F
tu vois morad en fin de journée, mais au cas où
voici les factures misent à jour,
factures N°6 pour la PP et la villa étageet facture des peintures très bonne fin de journée,
Chadwick BRIANT
87_48_00220.doc
File analysis :
OPEN : 87_48_00220.doc
RESULT 87_48_00220.doc is a virus.
Email analysis :
NOTE : Received : from 401mac.401trucksource.com (207.54.122.181)
NOTE : chadwickbriantsu@401mac.401trucksource.com
NOTE : TCMime 1.0 by Tencent
NOTE : QQMail 2.x
NOTE : X-Originating-Ip : 207.54.122.181
Virus analysis :
FIle : 87_48_00220.doc
SHA256 : a912466c03f5cea660b98468277f01fc66492a4dee7c014f15cfa5508312db29
AVG : Generic13_c.AEAY
Arcabit : HEUR.VBA.Trojan
Avast : Other:Malware-gen [Trj]
Avira : W97M/Agent.18522
BitDefender : Trojan.Doc.Downloader.DW
DrWeb : VBS.Dropper.61
Emsisoft : Trojan.Doc.Downloader.DW (B)
F-Secure : Trojan.Doc.Downloader.DW
Fortinet : WM/Agent!tr
GData : Trojan.Doc.Downloader.DW
Kaspersky : Trojan-Downloader.MSWord.Agent.oc
McAfee : W97M/Downloader.ajz
MicroWorld-eScan : Trojan.Doc.Downloader.DW
Microsoft : TrojanDownloader:W97M/Adnel
Sophos : Troj/DocDl-TF
Symantec : W97M.Downloader
TrendMicro : W2KM_BA.AB553B8F
TrendMicro-HouseCall : W2KM_BA.AB553B8F
Monday, July 6, 2015
revised order ( Virus )
Dear Sir,
Attach is our revised order, Waiting for your invoice
Thank you.
Ahmed Ragheb
Assad Business LLC
Tel:86-22-28246951
Download
File analysis :
CLICK : Download
OPEN : http://ge.tt/api/1/files/649DtgJ2/0/blob?download
DOWNLOAD : Revised Order..........rar
CONCLUSION : This is a virus.
Virus analysis :
SHA256: 6c6ff658c9a8c574898c139d40069db25e2f3377615269e35ae29ee3d2a17db5
AVG MSIL8.APEG
Ad-Aware Gen:Heur.MSIL.Androm.10
Arcabit Trojan.MSIL.Androm.10
Avast Win32:Malware-gen
Avira TR/Dropper.MSIL.52174
BitDefender Gen:Heur.MSIL.Androm.10
DrWeb Trojan.DownLoader14.27222
ESET-NOD32 a variant of MSIL/Injector.KNB
Emsisoft Gen:Heur.MSIL.Androm.10 (B)
F-Secure Gen:Heur.MSIL.Androm.10
GData Win32.Trojan-Dropper.Agent.GP
Kaspersky Trojan.MSIL.Inject.ccfx
Malwarebytes Spyware.Password
McAfee Dropper-FOC!BABC3B054967
MicroWorld-eScan Gen:Heur.MSIL.Androm.10
Panda Generic Suspicious 20150705
Sophos Mal/MSIL-OY
Symantec Suspicious.Cloud.5
TrendMicro HEUR_NAMETRICK.B
TrendMicro-HouseCall TROJ_GE.FE94127C
Email analysis :
NOTE : md.hashem2012@gmail.com
NOTE : Received : by 10.194.125.14 with HTTP
Attach is our revised order, Waiting for your invoice
Thank you.
Ahmed Ragheb
Assad Business LLC
Tel:86-22-28246951
Download
File analysis :
CLICK : Download
OPEN : http://ge.tt/api/1/files/649DtgJ2/0/blob?download
DOWNLOAD : Revised Order..........rar
CONCLUSION : This is a virus.
Virus analysis :
SHA256: 6c6ff658c9a8c574898c139d40069db25e2f3377615269e35ae29ee3d2a17db5
AVG MSIL8.APEG
Ad-Aware Gen:Heur.MSIL.Androm.10
Arcabit Trojan.MSIL.Androm.10
Avast Win32:Malware-gen
Avira TR/Dropper.MSIL.52174
BitDefender Gen:Heur.MSIL.Androm.10
DrWeb Trojan.DownLoader14.27222
ESET-NOD32 a variant of MSIL/Injector.KNB
Emsisoft Gen:Heur.MSIL.Androm.10 (B)
F-Secure Gen:Heur.MSIL.Androm.10
GData Win32.Trojan-Dropper.Agent.GP
Kaspersky Trojan.MSIL.Inject.ccfx
Malwarebytes Spyware.Password
McAfee Dropper-FOC!BABC3B054967
MicroWorld-eScan Gen:Heur.MSIL.Androm.10
Panda Generic Suspicious 20150705
Sophos Mal/MSIL-OY
Symantec Suspicious.Cloud.5
TrendMicro HEUR_NAMETRICK.B
TrendMicro-HouseCall TROJ_GE.FE94127C
Email analysis :
NOTE : md.hashem2012@gmail.com
NOTE : Received : by 10.194.125.14 with HTTP
Fw: Planilha 705620.7818618
Segue o documento conforme combinado
Tenha um bom dia.
Documento-1963167000.Docx (283,0 KB)
File analysis :
CLICK : Documento-1963167000.Docx (283,0 KB)
DOWNLOAD : http://www.eveshamhigh.co.uk/homework/Spanish/start.php#link=Documento-1963167000.Docx
LINK : broken, but virus was supposed.
Email analysis :
NOTE : scalarepetshop@yahoo.com.br
NOTE : financeiro.rywd@bol.com.br
NOTE : Received : from bol.com.br (a4-winter12.host.intranet [10.131.133.139])
NOTE : by a4-salsa2.host.intranet (Postfix)
NOTE : Received : from a4-salsa2.host.intranet
NOTE : (localhost.localdomain [127.0.0.1])
NOTE : by a4-salsa2.bol.com.br (Postfix)
Tenha um bom dia.
Documento-1963167000.Docx (283,0 KB)
File analysis :
CLICK : Documento-1963167000.Docx (283,0 KB)
DOWNLOAD : http://www.eveshamhigh.co.uk/homework/Spanish/start.php#link=Documento-1963167000.Docx
LINK : broken, but virus was supposed.
Email analysis :
NOTE : scalarepetshop@yahoo.com.br
NOTE : financeiro.rywd@bol.com.br
NOTE : Received : from bol.com.br (a4-winter12.host.intranet [10.131.133.139])
NOTE : by a4-salsa2.host.intranet (Postfix)
NOTE : Received : from a4-salsa2.host.intranet
NOTE : (localhost.localdomain [127.0.0.1])
NOTE : by a4-salsa2.bol.com.br (Postfix)
Thursday, July 2, 2015
Nota Fiscal de Serviços 29/06.
Nota Fiscal de Serviços Eletrônica
-------------------------
Série: 003
Número: 000.017.161
Data de emissão: 29/06/2015
Chave de acesso: Visualizar
Número do protocolo de autorização de uso: 1311310426761090
----------------------------------------
ROD FERNÃO DIAS, S/N, S/N - KM 813
CRUZ ALTA,
CEP: 37550-000 FONE: 3538298009
Virus Analysis :
NOTE : http://bit.ly/1NunmVk
NOTE : https://www.dropbox.com/s/kdp46m0rc2hjild/NFSe.0187317HA7Y3HA713123.rar?dl=1
Email analysis :
NOTE : renata.seixas@aggreko.com.br
NOTE : Received : from vps2370.vpsunit.com (83.125.87.20)
NOTE : Received : by vps2370.vpsunit.com
-------------------------
Série: 003
Número: 000.017.161
Data de emissão: 29/06/2015
Chave de acesso: Visualizar
Número do protocolo de autorização de uso: 1311310426761090
----------------------------------------
ROD FERNÃO DIAS, S/N, S/N - KM 813
CRUZ ALTA,
CEP: 37550-000 FONE: 3538298009
Virus Analysis :
NOTE : http://bit.ly/1NunmVk
NOTE : https://www.dropbox.com/s/kdp46m0rc2hjild/NFSe.0187317HA7Y3HA713123.rar?dl=1
Email analysis :
NOTE : renata.seixas@aggreko.com.br
NOTE : Received : from vps2370.vpsunit.com (83.125.87.20)
NOTE : Received : by vps2370.vpsunit.com
Monday, June 15, 2015
My Resume
Hey.
I saw your business today Fri, 12 Jun 2015 and found it very interesting. I was hoping there was any possibility of internship, just to prove my competence. As you will see in my attached CV, I am very qualified and have a very sweeping experience in this line of employment. I am confident it will be worth your time reading it, and I am even more confident you will find me very suitable in your company.
Please see my attached CV.
I'm very much looking forward to hearing from you.
Respectfully,
Gail Kosyla
My_Resume_2426.doc
Email analysis :
NOTE : rafaellostirling@yahoo.com
NOTE : client-ip=67.195.87.25;
File analysis :
My_Resume_2426.doc is a virus.
Virus analysis :
CAT-QuickHeal : O97M.Dropper.BR
ESET-NOD32 : VBA/TrojanDownloader.Agent.UK
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.O2LT4A
Ikarus : Trojan-Downloader.VBA.Agent
NANO-Antivirus : Trojan.Script.Agent.dslepx
Sophos : Troj/DocDl-QT
Symantec : W97M.Downloader
TrendMicro : W2KM_DLOADER.HB
TrendMicro-HouseCall : Suspicious_GEN.F47V0612
I saw your business today Fri, 12 Jun 2015 and found it very interesting. I was hoping there was any possibility of internship, just to prove my competence. As you will see in my attached CV, I am very qualified and have a very sweeping experience in this line of employment. I am confident it will be worth your time reading it, and I am even more confident you will find me very suitable in your company.
Please see my attached CV.
I'm very much looking forward to hearing from you.
Respectfully,
Gail Kosyla
My_Resume_2426.doc
Email analysis :
NOTE : rafaellostirling@yahoo.com
NOTE : client-ip=67.195.87.25;
File analysis :
My_Resume_2426.doc is a virus.
Virus analysis :
CAT-QuickHeal : O97M.Dropper.BR
ESET-NOD32 : VBA/TrojanDownloader.Agent.UK
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.O2LT4A
Ikarus : Trojan-Downloader.VBA.Agent
NANO-Antivirus : Trojan.Script.Agent.dslepx
Sophos : Troj/DocDl-QT
Symantec : W97M.Downloader
TrendMicro : W2KM_DLOADER.HB
TrendMicro-HouseCall : Suspicious_GEN.F47V0612
Monday, June 8, 2015
ACHATS EMBALLAGES
Bonjour,
Vous trouverez en pièce jointe la facture toujours en attente de règlement depuis le mois de Septembre d’un montant de 1927.80 €.
Pouvez-vous faire le nécessaire ASAP.
Stella Tryba
ACHATS EMBALLAGES
147C_553956074A.doc
Email analysis :
NOTE : StellaTrybams@mail1.zhr.cz
NOTE : Received : from mail1.zhr.cz (77.48.20.246)
NOTE : X-Mozilla-Draft-Info : internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0; attachmentreminder=0
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
File analysis :
NOTE : OPEN : 147C_553956074A.doc
RESULT : VIRUS
Virus analysis :
Arcabit HEUR.VBA.Trojan
Vous trouverez en pièce jointe la facture toujours en attente de règlement depuis le mois de Septembre d’un montant de 1927.80 €.
Pouvez-vous faire le nécessaire ASAP.
Stella Tryba
ACHATS EMBALLAGES
147C_553956074A.doc
Email analysis :
NOTE : StellaTrybams@mail1.zhr.cz
NOTE : Received : from mail1.zhr.cz (77.48.20.246)
NOTE : X-Mozilla-Draft-Info : internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0; attachmentreminder=0
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
File analysis :
NOTE : OPEN : 147C_553956074A.doc
RESULT : VIRUS
Virus analysis :
Arcabit HEUR.VBA.Trojan
Wednesday, May 27, 2015
Rép :Re:Re:NEW ORDER (Virus)
l have checked and back to you again, please check the attached Purchase Order and see the products and quantities WE needs and quote your best price by issuing us price list and Perform Invoice accordingly.you will see the specific brand,description of the product we want your company to supply to us. We expect to hear from you shortly to enable us set with the purchase arrangement/agreement once the price is competitive and we get your assurance on the quality of the products.
Your early reply is highly appreciated.
Thank You !
Regards
Mis.July Doin
Vice General Manager
---------------------------------------------------------
Purchasing Manager
Addweden Svenska SAP
Svenska AB 151 D Zip Code:55652
Tel:46-858-780000/Fax:46-858-780001
Email:julydoin1@hotmail.com
Email analysis :
NOTE : Julydoin@hotmail.com
NOTE : royalbankofscotlandn@gmail.com
Virus analysis :
SHA256: 64d7f46ef678cb27e60a7992be9f5095eb5b61b959a16d4cb9441757349fba11
FILENAME : NEW ORDER.ace
==================================
AVG : MSIL2.BGGQ
Ad-Aware : Gen:Variant.Kazy.263448
Avast : MSIL:GenMalicious-RW [Trj]
Avira : TR/Meredrop.EB.1
BitDefender : Gen:Variant.Kazy.263448
ESET-NOD32 : a variant of MSIL/Injector.BYE
Emsisoft : Gen:Variant.Kazy.263448 (B)
F-Secure : Gen:Variant.Kazy.263448
GData : Gen:Variant.Kazy.263448
Ikarus : Backdoor.Androm
Kaspersky : Trojan-Dropper.Win32.Sysn.aweg
MicroWorld-eScan : Gen:Variant.Kazy.263448
Panda : Generic Malware
Sophos : Mal/DrodAce-A
==================================
Your early reply is highly appreciated.
Thank You !
Regards
Mis.July Doin
Vice General Manager
---------------------------------------------------------
Purchasing Manager
Addweden Svenska SAP
Svenska AB 151 D Zip Code:55652
Tel:46-858-780000/Fax:46-858-780001
Email:julydoin1@hotmail.com
Email analysis :
NOTE : Julydoin@hotmail.com
NOTE : royalbankofscotlandn@gmail.com
Virus analysis :
SHA256: 64d7f46ef678cb27e60a7992be9f5095eb5b61b959a16d4cb9441757349fba11
FILENAME : NEW ORDER.ace
==================================
AVG : MSIL2.BGGQ
Ad-Aware : Gen:Variant.Kazy.263448
Avast : MSIL:GenMalicious-RW [Trj]
Avira : TR/Meredrop.EB.1
BitDefender : Gen:Variant.Kazy.263448
ESET-NOD32 : a variant of MSIL/Injector.BYE
Emsisoft : Gen:Variant.Kazy.263448 (B)
F-Secure : Gen:Variant.Kazy.263448
GData : Gen:Variant.Kazy.263448
Ikarus : Backdoor.Androm
Kaspersky : Trojan-Dropper.Win32.Sysn.aweg
MicroWorld-eScan : Gen:Variant.Kazy.263448
Panda : Generic Malware
Sophos : Mal/DrodAce-A
==================================
Thursday, May 21, 2015
Invoices
Please review the attached invoices and pay them at your earliest convenience. Feel free to contact us if you have any questions.
Thank you.
Email analysis :
NOTE : application@hmrc.gov.uk
NOTE : soundesti7@compufort.com
NOTE : Received : from [110.120.202.131]
NOTE : (port=19367 helo=[192.168.4.77])
NOTE : by 69.3.15.254
Virus analysis :
AVG FakeAlert
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2427700
Avast Win32:Trojan-gen
Avira TR/Crypt.Xpack.230760
Baidu-International Trojan.Win32.BitWall.ia
BitDefender Trojan.GenericKD.2427700
Cyren W32/Trojan.RXVE-1253
DrWeb Trojan.Click3.12191
ESET-NOD32 Win32/TrojanDownloader.Agent.BEL
Emsisoft Trojan.GenericKD.2427700 (B)
F-Prot W32/Trojan3.PUX
F-Secure Trojan.GenericKD.2427700
GData Trojan.GenericKD.2427700
Ikarus Trojan.Crypt
K7AntiVirus Trojan ( 7000000c1 )
K7GW Trojan ( 700001211 )
Kaspersky Trojan-Spy.Win32.BitWall.ia
Malwarebytes Trojan.Upatre.DG
McAfee Downloader-FAUU!06DC3128D83A
McAfee-GW-Edition New Malware.jj
MicroWorld-eScan Trojan.GenericKD.2427700
Microsoft TrojanDownloader:Win32/Ruckguv.A
Panda Trj/Chgt.O
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Invo-Zip
Symantec Infostealer.Limitail
Tencent Win32.Trojan.Fakedoc.Auto
TrendMicro TROJ_DLOADR.DYR
TrendMicro-HouseCall Suspicious_GEN.F47V0520
VIPRE Win32.Malware!Drop
ViRobot Backdoor.Win32.S.Agent.52736.AF[h]
nProtect Trojan.GenericKD.2427700
Thank you.
Email analysis :
NOTE : application@hmrc.gov.uk
NOTE : soundesti7@compufort.com
NOTE : Received : from [110.120.202.131]
NOTE : (port=19367 helo=[192.168.4.77])
NOTE : by 69.3.15.254
Virus analysis :
AVG FakeAlert
AVware Win32.Malware!Drop
Ad-Aware Trojan.GenericKD.2427700
Avast Win32:Trojan-gen
Avira TR/Crypt.Xpack.230760
Baidu-International Trojan.Win32.BitWall.ia
BitDefender Trojan.GenericKD.2427700
Cyren W32/Trojan.RXVE-1253
DrWeb Trojan.Click3.12191
ESET-NOD32 Win32/TrojanDownloader.Agent.BEL
Emsisoft Trojan.GenericKD.2427700 (B)
F-Prot W32/Trojan3.PUX
F-Secure Trojan.GenericKD.2427700
GData Trojan.GenericKD.2427700
Ikarus Trojan.Crypt
K7AntiVirus Trojan ( 7000000c1 )
K7GW Trojan ( 700001211 )
Kaspersky Trojan-Spy.Win32.BitWall.ia
Malwarebytes Trojan.Upatre.DG
McAfee Downloader-FAUU!06DC3128D83A
McAfee-GW-Edition New Malware.jj
MicroWorld-eScan Trojan.GenericKD.2427700
Microsoft TrojanDownloader:Win32/Ruckguv.A
Panda Trj/Chgt.O
Qihoo-360 HEUR/QVM19.1.Malware.Gen
Sophos Troj/Invo-Zip
Symantec Infostealer.Limitail
Tencent Win32.Trojan.Fakedoc.Auto
TrendMicro TROJ_DLOADR.DYR
TrendMicro-HouseCall Suspicious_GEN.F47V0520
VIPRE Win32.Malware!Drop
ViRobot Backdoor.Win32.S.Agent.52736.AF[h]
nProtect Trojan.GenericKD.2427700
Tuesday, May 12, 2015
My Resume
Hey there,
I saw your website today Tue, 12 May 2015 and im really hoping there is a opening or other possibility to get a chance to prove my competence.
As you will see in my resume I have a broad experience and knowledge in this line of work and im confident it will be worth your time reading it.
I am excited to hearing from you.
Please see my attached CV.
Best regards,
James Hattersley
Sent from my iPhone
Email analysis :
NOTE : any_montes73141@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-4
NOTE : X-Mailer : iPhone Mail (9A405)
Virus analysis :
Open : CV_14131.doc
Check : This file is a virus.
AVware : LooksLike.Macro.Downloader.a (v)
Avast : Other:Malware-gen [Trj]
CAT-QuickHeal : O97M.Dropper.FK
ESET-NOD32 : VBA/TrojanDownloader.Agent.PP
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.22MP55
Ikarus : Trojan-Downloader.VBA.Agent
McAfee : W97M/Downloader.afs
McAfee-GW-Edition : W97M/Downloader.afs
Microsoft : TrojanDownloader:O97M/Donoff.gen!C
Sophos : Mal/DocDl-E
Symantec : W97M.Downloader
Tencent : Win32.Trojan-downloader.Agent.Efkp
TrendMicro-HouseCall : Suspicious_GEN.F47V0511
VIPRE : LooksLike.Macro.Downloader.a (v)
I saw your website today Tue, 12 May 2015 and im really hoping there is a opening or other possibility to get a chance to prove my competence.
As you will see in my resume I have a broad experience and knowledge in this line of work and im confident it will be worth your time reading it.
I am excited to hearing from you.
Please see my attached CV.
Best regards,
James Hattersley
Sent from my iPhone
Email analysis :
NOTE : any_montes73141@yahoo.com
NOTE : X-Yahoo-Newman-Property : ymail-4
NOTE : X-Mailer : iPhone Mail (9A405)
Virus analysis :
Open : CV_14131.doc
Check : This file is a virus.
AVware : LooksLike.Macro.Downloader.a (v)
Avast : Other:Malware-gen [Trj]
CAT-QuickHeal : O97M.Dropper.FK
ESET-NOD32 : VBA/TrojanDownloader.Agent.PP
Fortinet : WM/Agent!tr
GData : Macro.Trojan.Agent.22MP55
Ikarus : Trojan-Downloader.VBA.Agent
McAfee : W97M/Downloader.afs
McAfee-GW-Edition : W97M/Downloader.afs
Microsoft : TrojanDownloader:O97M/Donoff.gen!C
Sophos : Mal/DocDl-E
Symantec : W97M.Downloader
Tencent : Win32.Trojan-downloader.Agent.Efkp
TrendMicro-HouseCall : Suspicious_GEN.F47V0511
VIPRE : LooksLike.Macro.Downloader.a (v)
Tuesday, April 21, 2015
Hola my photo (Virus)
hola my new photo , send u photo
my_new_photo837847238947238947238472398.zip
Virus analysis :
Qihoo-360 : HEUR/QVM10.1.Malware.Gen
Sophos : Mal/Generic-S
Email analysis :
NOTE : hoeno0@networkadvertising.org
NOTE : Received : from [205.11.98.44] (helo=fklgamr.xvlhelxpewb.com)
NOTE : by with esmtpa (Exim 4.69) (envelope-from)
my_new_photo837847238947238947238472398.zip
Virus analysis :
Qihoo-360 : HEUR/QVM10.1.Malware.Gen
Sophos : Mal/Generic-S
Email analysis :
NOTE : hoeno0@networkadvertising.org
NOTE : Received : from [205.11.98.44] (helo=fklgamr.xvlhelxpewb.com)
NOTE : by with esmtpa (Exim 4.69) (envelope-from)
Thursday, April 16, 2015
Scanned Image from a Xerox WorkCentre (Virus)
Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.
Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip
WorkCentre Pro Location: Machine location not set
Device Name: ***.com
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Email analysis :
NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)
File analysis :
ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006
Sent by: ***
Number of Images: 4
Attachment File Type: ZIP [PDF]
File Name: Scan001_1257165_041.zip
WorkCentre Pro Location: Machine location not set
Device Name: ***.com
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Email analysis :
NOTE : teg5@qmail.org
NOTE : Xerox.437@***
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from 70.43.79.186.nw.nuvox.net (70.43.79.186)
File analysis :
ALYac : Trojan.GenericKD.2294006
AVG : Crypt4.NUT
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2294006
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.186216
Baidu-International : Trojan.Win32.Upatre.vxw
BitDefender : Trojan.GenericKD.2294006
CAT-QuickHeal : TrojanDownloader.Upatre.r5
CMC : Packed.Win32.Obfuscated.10!O
Cyren : W32/Trojan.IYUD-8977
DrWeb : Trojan.DownLoader12.60119
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2294006 (B)
F-Prot : W32/Trojan3.OVQ
F-Secure : Trojan.GenericKD.2294006
Fortinet : W32/Waski.F!tr.dldr
GData : Trojan.GenericKD.2294006
Ikarus : Trojan-Downloader.Win32.Waski
K7AntiVirus : Trojan-Downloader ( 0049d22b1 )
K7GW : Trojan-Downloader ( 0049d22b1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vxw
Malwarebytes : Trojan.Upatre.Gen
McAfee : RDN/Generic.bfr!ih
McAfee-GW-Edition : RDN/Generic.bfr!ih
MicroWorld-eScan : Trojan.GenericKD.2294006
Microsoft : TrojanDownloader:Win32/Upatre.BC
NANO-Antivirus : Trojan.Win32.Upatre.dqmduh
Norman : Troj_Generic_2.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Mal/Upatre-R
Symantec : Downloader.Upatre
Tencent : Win32.Trojan.Downloader-pdf.Auto
TrendMicro : TROJ_UPATRE.CUB
TrendMicro-HouseCall : Suspicious_GEN.F47V0413
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.Agent.45568.JQ[h]
Zillya : Downloader.Upatre.Win32.22072
nProtect : Trojan.GenericKD.2294006
Thursday, April 9, 2015
NatWest Statement (Natwest Virus)
View Your March 2015 Online Financial Activity Statement
Keep track of your account with your latest Online Financial Activity Statement from NatWest Bank. It's available for you to view at this secure site. Just click to select how you would like to view your statement:
View/Download as a PDF
View all EStatements
So check out your statement right away, or at your earliest convenience.
Thank you for managing your account online.
Sincerely,
NatWest Bank
Please do not respond to this e-mail. If you have any questions about this inquiry message or your NatWest Bank Ū Merchant account, please speak to a Customer Service representative at 1-800-374-2639
NatWest Bank Customer Service Department
P.O. Box 414 | 38 Strand, WC2N 5JB, London
Copyright 2014 NatWest Company. All rights reserved.
AGNEUOMS0006001
Email analysis :
NOTE : noreply@natwest.com
NOTE : ldbsgw@brallc.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO IKAEMVMYO) (62.225.191.34)
Keep track of your account with your latest Online Financial Activity Statement from NatWest Bank. It's available for you to view at this secure site. Just click to select how you would like to view your statement:
View/Download as a PDF
View all EStatements
So check out your statement right away, or at your earliest convenience.
Thank you for managing your account online.
Sincerely,
NatWest Bank
Please do not respond to this e-mail. If you have any questions about this inquiry message or your NatWest Bank Ū Merchant account, please speak to a Customer Service representative at 1-800-374-2639
NatWest Bank Customer Service Department
P.O. Box 414 | 38 Strand, WC2N 5JB, London
Copyright 2014 NatWest Company. All rights reserved.
AGNEUOMS0006001
Email analysis :
NOTE : noreply@natwest.com
NOTE : ldbsgw@brallc.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO IKAEMVMYO) (62.225.191.34)
Monday, March 23, 2015
FW: Important documents (Bank Of America Virus)
Cash Pro logo
Cash Pro logo
Important account documents
Reference: C85
Case number: 4690473
Please scan attached document and fax it to +1 (888) 589-3716.
Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager.
Yours faithfully
Signature Image
Rosalyn Chavez
Senior Manager
Bank of America Commercial Banking
Rosalyn.Chavez@bankofamerica.com
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.
2014 Bank of America Corporation. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.
AccountDocuments.zip
Email analysis :
NOTE : Rosalyn.Chavez@bankofamerica.com
NOTE : yvx@blaudieck.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO ACSKURDN) (83.231.81.43)
Virus analysis :
OPEN : AccountDocuments.zip
RESULT : AccountDocuments.zip is a VIRUS
ALYac : Trojan.GenericKD.2234787
AVG : Generic_s.ELW
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : TrojWare.Win32.UMal.~A
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Suspect-BW!0D6F95F76EEC
McAfee-GW-Edition : Suspect-BW!0D6F95F76EEC
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Invo-Zip
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Hfr
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0319
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2
Cash Pro logo
Important account documents
Reference: C85
Case number: 4690473
Please scan attached document and fax it to +1 (888) 589-3716.
Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager.
Yours faithfully
Signature Image
Rosalyn Chavez
Senior Manager
Bank of America Commercial Banking
Rosalyn.Chavez@bankofamerica.com
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.
2014 Bank of America Corporation. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.
AccountDocuments.zip
Email analysis :
NOTE : Rosalyn.Chavez@bankofamerica.com
NOTE : yvx@blaudieck.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
NOTE : Received : from unknown (HELO ACSKURDN) (83.231.81.43)
Virus analysis :
OPEN : AccountDocuments.zip
RESULT : AccountDocuments.zip is a VIRUS
ALYac : Trojan.GenericKD.2234787
AVG : Generic_s.ELW
AVware : Win32.Malware!Drop
Ad-Aware : Trojan.GenericKD.2234787
Antiy-AVL : Trojan[Downloader]/Win32.Upatre
Avast : Win32:Trojan-gen
Avira : TR/Crypt.Xpack.166918
Baidu-International : Trojan.Win32.Upatre.vlt
BitDefender : Trojan.GenericKD.2234787
CAT-QuickHeal : TrojanDownloader.Upatre.r4
ClamAV : Win.Trojan.Upatre-582
Comodo : TrojWare.Win32.UMal.~A
Cyren : W32/Trojan.ZDMF-2227
DrWeb : Trojan.DownLoad3.35985
ESET-NOD32 : Win32/TrojanDownloader.Waski.F
Emsisoft : Trojan.GenericKD.2234787 (B)
F-Secure : Trojan-Downloader:W32/Dalexis.B
Fortinet : W32/UPATRE.F!tr
GData : Trojan.GenericKD.2234787
Ikarus : Trojan-Downloader.Win32.Upatre
K7AntiVirus : Trojan ( 7000000c1 )
K7GW : Trojan ( 7000000c1 )
Kaspersky : Trojan-Downloader.Win32.Upatre.vlt
Malwarebytes : Trojan.Upatre
McAfee : Suspect-BW!0D6F95F76EEC
McAfee-GW-Edition : Suspect-BW!0D6F95F76EEC
MicroWorld-eScan : Trojan.GenericKD.2234787
Microsoft : TrojanDownloader:Win32/Upatre.AZ
NANO-Antivirus : Trojan.Win32.Upatre.dpimul
Norman : Upatre.FT
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Invo-Zip
Symantec : Downloader.Upatre
Tencent : Win32.Trojan-downloader.Upatre.Hfr
TrendMicro : TROJ_UPATRE.SMNC
TrendMicro-HouseCall : Suspicious_GEN.F47V0319
VIPRE : Win32.Malware!Drop
ViRobot : Trojan.Win32.A.Downloader.28928.D[h]
nProtect : Trojan.Upatre.Gen.2
Subscribe to:
Posts (Atom)