Date: Fri, 26 Apr 2013 12:46:25 +0400 [04:46:25 EDT]
From: USPS client manager Lelia Holden [firstname.lastname@example.org]
Subject: USPS delivery failure report
Priority: High Priority 1
Our company’s courier couldn’t make the delivery of package.
REASON: Postal code contains an error.
LOCATION OF YOUR PARCEL: New York
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL: UGL38SHK4T
Label is enclosed to the letter.
Print a label and show it at your post office.
An additional information:
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.26 for each day of keeping of it.
You can find the information about the procedure and conditions of parcels keeping in the nearest office.
Thank you for using our services.
There is an attachment LABEL-ID-56723547-GFK72.zip which in turn contains an executable file LABEL-ID-56723547-GFK72.exe which is designed to look like a PDF file. VirusTotal results are a pretty poor 7/46.
The malicious binary has the following checksums:
Comodo CAMAS reports some very unusual behaviour around LDAP registry keys, not present in the Anubis report or ThreatExpert report.
Update: a rather more comprehensive ThreatTrack report can be found here [pdf].