Thursday, November 17, 2016

Rép : FINANCING YOUR PROJECT

Fund available for investment please get in touch for more details.

Regional Representative
Sheikh Naseefa Investment Group Company

Telfax: +971 2413 0001

Email analysis :

NOTE : sheikhnaseefinvestmentgroup020@gmail.com
NOTE : User-Agent : Horde Application Framework 5
NOTE : Rép : FINANCING YOUR PROJECT
NOTE : client-ip=202.128.161.127;

Attention


The delivery of your package is currently ongoing with our Dip. Richard Great
and he has arrived at Washington DC International Airport with the package
Please send him your delivery details as stated below; contact info is;

@ phone# +1 828-756-0997 or text him in case he may be busy.

SINCERELY
Mr.Tony Dan

Email analysis :

NOTE : morganobeche@gmail.com
NOTE : gaelle.cohen@gmail.com
NOTE : markdon@cantv.net
NOTE : X-Originating-Ip : [23.27.244.254]

bernadette

Je me permets de vous contacter pour parler de mon expérience. J'ai rencontré un homme sur un site de rencontre du non de Didier Lapierre, et nous avons échangé nos adresses mail pour mieux converser, je me suis fait arnaquer sur le site de rencontre meetic: je me rends compte que je suis en communication avec exactement le même profil, juste un petit changement de nom. La personne avec qui je discute est Donald Thivolle, pseudo la force sur meetic, il me dit d’être sur Angers, que son meilleur ami s’appelle Pascal Pichon. Qu’il a dû partir en Italie pour son fils Thomas qui doit subir un greffe de poumon. Que pour cela, il faut qu’il paye 14 000€. Il m’a demandé si je pouvais l’aider, et c’est malheureusement ce que j’ai fait, avec un mandat cash urgent envoyé hier de 1 200€, au frère de son ami, un soi-disant Mallet Christophe, habitant allée de Beauregard, 37200 Tours Quand je lis les témoignages, j’ai eu le même discours. Ce qui me perturbe vraiment, c’est que je l’ai eu au téléphone et il a bien un accent polonais, je l’ai eu en webcam et c’est bien la même personne que sur les photos. Cela me détruit, car j’y croyais vraiment Ensuite, il me demanda une somme de 1800 euros, car il devait payer sa chambre d'hôtel, car on lui menaçait de le jeter à la porte-là, j'ai commencé à douter de sa sincérité alors j'ai exposé mon cas à une amie qui, ma mise en contact avec Mr George Arthuro qui est un agent Interpole qui m'a beaucoup aidé. En effet, il m'a démonté que s'était de l'arnaque alors il m'a aidé à récupérer tout mon argent Voici L'Adresse : lieutenant.george.arthuro@francemel.fr pour ceux qui sont dans une situation d'arnaque.

Email analysis :

NOTE : bernadette2011@hotmail.fr
NOTE : lieutenant.george.arthuro@francemel.fr

Wednesday, November 16, 2016

Oxfam Donation!!!

Dear E-mail Account User,

Congratulations! You e-mail has just won you the sum of $3,000,000.00 USD as a charity donations/aid from Oxfam International in conjunction with South African National Lotto Further information on the processing and disbursement of your grant entitlements,alongside the provision of your qualification documentations, will be disclosed to you so get back to us for more information.

Email analysis :

NOTE : oxfaminternational786@gmail.com
NOTE : aldila@yes24.co.id
NOTE : Received : from User (8ta-146-92-50.telkomadsl.co.za [41.146.92.50])


NOTE : (Authenticated sender: aldila@yes24.co.id) by mail.hanastar.net.id

< no subject >


2016111105002973550858.zip

File analysis :

Download : 2016111105002973550858.zip
Result : 2016111105002973550858.zip is a virus.

Virus analysis :

ALYac Trojan.JS.Downloader.GYQ
AVG JS/Downloader.Agent.62_I
AVware Trojan-Downloader.JS.Nemucod.bbp (v)
Ad-Aware Trojan.JS.Downloader.GYQ
AegisLab Troj.Downloader.Js.Cryptoload!c
AhnLab-V3 JS/Obfus
Antiy-AVL Trojan/Generic.ASVCS3S.3F7
Arcabit Trojan.JS.Downloader.GYQ
Avast JS:Downloader-DSB [Trj]
Avira (no cloud) HEUR/Suspar.Gen
Baidu JS.Trojan-Downloader.Nemucod.od
BitDefender Trojan.JS.Downloader.GYQ
CAT-QuickHeal JS.Locky.JE
Cyren JS/Nemucod.CA2
DrWeb JS.DownLoader.1225
ESET-NOD32 JS/TrojanDownloader.Nemucod.BMK
Emsisoft Trojan.JS.Downloader.GYQ (B)
F-Prot JS/Nemucod.CA2
F-Secure Trojan.JS.Downloader.GYQ
Fortinet JS/Nemucod.BDA!tr
GData Trojan.JS.Downloader.GYQ
Ikarus Trojan-Downloader.JS.Nemucod
K7AntiVirus Trojan ( 004dfe6d1 )
K7GW Trojan ( 004dfe6d1 )
Kaspersky Trojan-Downloader.JS.Agent.nbi
McAfee JS/Nemucod.jg
McAfee-GW-Edition JS/Nemucod.jg
eScan Trojan.JS.Downloader.GYQ
Microsoft TrojanDownloader:JS/Nemucod!rfn
NANO-Antivirus Trojan.Script.Heuristic-js.iacgm
Rising Downloader.Cryptoload!8.7DA (topis)
Sophos Mal/DrodZp-A
Symantec Trojan.Gen.NPE
Tencent Js.Trojan.Raas.Auto
TrendMicro JS_NEMUCOD.SMK14
VIPRE Trojan-Downloader.JS.Nemucod.bbp (v)

Final result :

I opened the virus, and the raw version of this virus is here : http://pastebin.com/raw/FVM8wh4v

This virus sounds like a ransomware...

Email analysis :

NOTE : diann.laughton99@winterbrew.com
NOTE : User-Agent : Microsoft-MacOutlook/14.0.0.100825
NOTE : Received : from customer-SLRC-130-213.megared.net.mx
NOTE : (unknown [201.164.130.213])

!!!World Bank Notification!!!

Attention: Beneficiary

The office of the European Union, the President Federal Republic of Nigerian (Mohammed Buhari), the CIA, FBI, EFCC, British Government, American Government and United Nations Organization in Benin Republic, Ghana, Burkina Faso, Malaysia, South Africa, Togo, Senegal in collaboration with UK (London) Anti-Crime Squad received a report of fund transaction/scam against you and other British, US and Asian citizens including other countries whom the aforementioned countries vital offices/authorities have recompensed you due to meeting held with the International Financial Agency, the IMF, four countries Government and the World High Commission against fraud and other international fund transaction activities by the four country Citizens during the recent G20 and ACSP meeting. Your name was among those approved listed beneficiary to be paid by the International Financial Intelligent Unit (NFIU) through the United Nations account holder bank.

You are to contact the UN appointed officer immediately for the release/transfer of your approved compensation fund valued $750,000.00 United States Dollars only. With matter of urgency, you are to reconfirm to the UN appointed officer your full data as follows:

A)Your Full Name, B) Present Address, C) Home and Mobile Telephone Numbers, D) Occupation, E) Company Name and Position.

As soon as you send this information to the officer he will direct you accordingly on the release of your Fund. You are to contact Mr.Mensha Baah Head supervisor with the information below, for the release of your fund now.

Contact Person: Mr.Mensha Baah.
C/8815 off Ring Road, P.O.Box 2515
Cadastral, Zone A, Central Business District
Accra-Ghana.
Email: officeunited@yahoo.com.hk
smtp.office365.com:587
Yours in Service,

Maria Colgate (Secretary Foreign Affair)
World Bank Payment Monitoring Unit.
1818 H Street, N.W.Washington, DC 20433

Email analysis :

NOTE : officeunited@yahoo.com.hk
NOTE : prova@thsbo.com
NOTE : Ms.Maria Colgate
NOTE : Received : from User (unknown [154.118.65.101])


NOTE : by mail.thsbo.com (Postfix)