TELEGRAPHIC TRANSFER NOTICE

Attn: The Beneficiary

TELEGRAPHIC TRANSFER NOTICE.

We are hereby officially notify you concerning your fund telegraphic Transfer through our bank, Suntrust Bank, New York, to your bank account, which has been officially approved by the management of World Bank Swiss (WBS) to credit the sum of US$18.5 Million into your bank account.

Note that I have started processing your payment and every thing concerning the immediate remittance of your funds will be carried out within the shortest possible time from the time we received your? Below needed information.

Also be informed that the Governor of Bank in Cote D Ivoire (CI) will sign on your payment advice and a copy of the advice will be sent to the World Bank in Swiss for some record purposes. Meanwhile your information and your full contact details were received from our research manager, Barr.Paul Peterson on your behalf to FRB for immediate release of your fund.

This fund was part of usa lottery unclaim discovery fund with World Bank of Switzerland, which the Swiss Bank has decided to distribute it generously to help few lucky individuals and the American Government is in agreement with the Swiss Bank to distribute the fund to 700 hundred thousand people in America, Europe & Asia in other to help improve their businesses.

Therefore, reconfirm the aforesaid information accurately, because this office cannot afford to be held liable for any wrong transfer of funds or liable of any fund credited into an unknown account.

These are the information we needed to be reconfirmed by you.

1.Your Full Bank Account Details
2.Your Direct Cell or office phone to reach you
3.Your address of locations
4.Your full name

Finally, you are required to reconfirm directly to me the above information to enable me use it to process your bill of payment. Your quick response shall be mostly appreciated; all your response should be directed through our alternative email address for the immediate attention of the credit control department.

Yours Faithfully,
Dr.Fred Willison.
Vice Chairman, Director, Credit /Telex Department

Email analysis :

NOTE : xbankofamerican@gmail.com
NOTE : xxxbankofameric688@gmail.com
NOTE : marilobouabre20@yahoo.co.jp
NOTE : Received : from [41.189.47.193]

NOTE : by web101518.mail.kks.yahoo.co.jp
NOTE : X-Mailer : YahooMailWebService/0.8.111_67

Notice to Appear

Notice to Appear,

This is to inform you to appear in the Court on the September 02 for your case hearing. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.

Note: The case may be heard by the judge in your absence if you do not come.

The copy of Court Notice is attached to this email.

Regards,
Gary Noble,
Court Secretary.

000475484.zip

File analysis :

OPEN : 000475484.zip
RESULT : File is a virus.

Virus analysis :

SHA256 : 0c8d2b8cba6611097793124c3dac9e9313207ba8857b41330ca021c89f52c82f
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AV
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan-Downloader.JS.Agent.hhe
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN

Email analysis :

NOTE : Notice to Appear
NOTE : gary.noble@wayneshostingworld.co.uk
NOTE : Received : from doggroom by server.wayneshostingworld.co.uk with local (Exim 4.85)
NOTE : Received : from server.wayneshostingworld.co.uk (wayneshostingworld.co.uk. [78.129.234.106])
NOTE : X-Php-Script : doggroomingparlour.co.uk/post.php for 77.111.207.70

Invoice Jeff Herman

invoice53444271 Jeff Herman.zip

File analysis :

OPEN : invoice53444271 Jeff Herman.zip
RESULT : File is a virus.

Virus analysis :

SHA256: 9c6ce032c5b4f521b0ace607a50a499812ecb9845741862a0f7f9183a87c7c49

ALYac : Trojan.Agent.BMBU
AVG : FakeAlert
AVware : Trojan.Win32.Generic!BT
Ad-Aware : Trojan.Agent.BMBU
Agnitum : Trojan.DL.Dofoil!MdY5QMP4IPM
Arcabit : Trojan.Agent.BMBU
Avast : Win32:Trojan-gen
Baidu-International : Trojan.Win32.Dofoil.bstr
BitDefender : Trojan.Agent.BMBU
CAT-QuickHeal : TrojanDownloader.Upatre.r4
Cyren : W32/Trojan3.RIE
ESET-NOD32 : a variant of Win32/Kryptik.DUYG
Emsisoft : Trojan.Agent.BMBU (B)
F-Prot : W32/Trojan3.RIE
F-Secure : Trojan.Agent.BMBU
Fortinet : W32/Kryptik.DUMX!tr
GData : Trojan.Agent.BMBU
Ikarus : Trojan-Downloader.Win32.Upatre
Jiangmin : TrojanDownloader.Dofoil.bhq
K7AntiVirus : Trojan ( 004cddfe1 )
K7GW : Trojan ( 004cddfe1 )
Kaspersky : Trojan-Downloader.Win32.Dofoil.bstr
Malwarebytes : Spyware.Dyre
McAfee : Upatre-FACE!67B2464F5D77
McAfee-GW-Edition : Upatre-FACE!67B2464F5D77
MicroWorld-eScan : Trojan.Agent.BMBU
Microsoft : TrojanDownloader:Win32/Upatre
NANO-Antivirus : Trojan.Win32.Dyre.dvrjgu
Panda : Trj/CI.A
Qihoo-360 : HEUR/QVM19.1.Malware.Gen
Sophos : Troj/Upatre-LD
TrendMicro : TROJ_UP.10D6D122
TrendMicro-HouseCall : TROJ_UP.10D6D122
VBA32 : Heur.Trojan.Hlux
VIPRE : Trojan.Win32.Generic!BT
ViRobot : Trojan.Win32.Upatre.43520.A[h]
Zillya : 'Downloader.UpatreGen.Win32.68
nProtect : Trojan.Agent.BMBU

Email analysis :

NOTE : bespalov@stati.orene.ru
NOTE : Received : by stati.orene.ru (Postfix, from userid 5001)
NOTE : 94.79.7.6 ()

Indebtedness for driving on toll road #000948265 (Virus)

Notice to Appear,

You have not paid for driving on a toll road.
You are kindly asked to pay your debt as soon as possible.

The copy of the invoice is attached to this email.

Sincerely,
Thomas Gorman,
E-ZPass Agent.

E-ZPass_Invoice_000948265.zip

File analysis :

OPEN FILE : E-ZPass_Invoice_000948265.zip
RESULT : FILE IS A VIRUS

Virus analysis :

SHA256 : 5ec5b13bbf1d2a2179168acfaec53da59afa6b8ca480930e1b56d996b51dd140
ALYac : JS:Trojan.JS.Downloader.AN
AVG : JS/Downloader.Agent
AVware : Malware.JS.Generic (JS)
Ad-Aware : JS:Trojan.JS.Downloader.AN
Arcabit : JS:Trojan.JS.Downloader.AN
Avast : JS:Agent-DOB [Trj]
BitDefender : JS:Trojan.JS.Downloader.AN
CAT-QuickHeal : JS.Downloader.Z
Comodo : Heur.Dual.Extensions
DrWeb : SCRIPT.Virus
ESET-NOD32 : JS/TrojanDownloader.Nemucod.AS
Emsisoft : JS:Trojan.JS.Downloader.AN (B)
F-Secure : JS:Trojan.JS.Downloader.AN
Fortinet : JS/Agent.CPL!tr
GData : JS:Trojan.JS.Downloader.AN
Kaspersky : Trojan.JS.Agent.cpl
McAfee : JS/Nemucod.c
McAfee-GW-Edition : JS/Nemucod.c
MicroWorld-eScan : JS:Trojan.JS.Downloader.AN
Microsoft : TrojanDownloader:JS/Nemucod.P
NANO-Antivirus : Trojan.Script.Agent.dtchtk
Rising : NORMAL:Trojan.DL.Script.JS.Nemucod.b!1616509[F1]
Sophos : JS/DwnLdr-MON
VIPRE : Malware.JS.Generic (JS)
nProtect : JS:Trojan.JS.Downloader.AN

Email analysis :

NOTE : thomas.gorman@jerusalem.hostyou.com.br
NOTE : client-ip=104.238.195.142;
NOTE : Sender Address Domain - jerusalem.hostyou.com.br
NOTE : X-Source-Args : /usr/bin/php /home/centova/public_html/coisaseria.com.br/post.php
NOTE : < centova@jerusalem.hostyou.com.br >
NOTE : Mime-Version : 1.0
NOTE : X-Source-Dir : centova.com:/public_html/coisaseria.com.br
NOTE : X-Priority : 3
NOTE : X-Get-Message-Sender-Via : jerusalem.hostyou.com.br:
NOTE : authenticated_id: centova/primary_hostname/system user
NOTE : X-Source : /usr/bin/php
NOTE : Received : by 10.202.17.82 with SMTP
NOTE : Received : from centova by jerusalem.hostyou.com.br
NOTE : Indebtedness for driving on toll road #000948265

Hi Comrade!

Hi Comrade!

Good tidings to you, With urgent need for assistance, I have summoned up courage to contact you. I have no intention of contacting you at this moment rather an emergency prompted me to seek for urgent gateway and i will be glad if you can be of assistance in understanding my personal experience and work with you presently with my on-going military mission here in Afghanistan which is going to be fruitful and profitable to both of us financially. I am Capt.Elizabeth an officer in the US Army and the International security Assistance Force Officer (ISAF) with the Forward Operating Base Shank, Kandahar city of Afghanistan, for Peace keeping force. I am presently in Service now and i really need your help in assisting me with the safe keeping of two truks. I hope you can be trusted? I will explain further when i get a response from you.

This are the information s I need from you to keep the trust.

Your full name
Home and office address
Sex/age/occupation
Telephone
Your scanned I.D Card for identification Purpose only.

Once I receive this information I shall enclose to you on how to get the package asap.

May God be with you.

Capt.Elizabeth.

Email analysis :

NOTE : capt.elizabetmcnamara@usa.net
NOTE : capt.elizabetmcnamara@mail.tj
NOTE : Received : from User (unknown [95.170.141.11])

NOTE : by mail1.strb.ru (Postfix) with ESMTP
NOTE : Tomsk is far from Kandahar...

Pls provide the following details

Dear Sir / Madam,

I am interested in purchasing your products , which sample image is attached to below Login link. Please follow the link below Login link to view the sample image I am interested to order from your company, and we sincerely hope to establish a long-term business relation with your esteemed company. Click Here to login: http://www.ptss.edu.my/v6/administrator/templates/system/documents.html If so kindly, provide the following details, send me your latest catalog. Also, inform me about the Minimum Order Quantity, Delivery time or FOB, and payment terms warranty:

I await your advise.
Best Wishes,
Mrs. Linda Yong

Analysis :

CLICK : LINK
VALIDATE : FORM
RESULT :

Email analysis :

NOTE : bencook551127@yahoo.co.id
NOTE : Return-Path : spam@practicenet.co.uk
NOTE : X-Ms-Exchange-Crosstenant-Fromentityheader : HybridOnPrem
NOTE : X-Msmail-Priority : Normal
NOTE : Pls provide the following details