Date: Tue, 23 Jul 2013 10:21:08 -0500 [11:21:08 EDT]There is an attachment A136_Incoming_Money_Transfer_Form.zip containing an executable file A136_Incoming_Money_Transfer_Form.exe. The VirusTotal detection rate is a miserable 6/47.
From: WebCashmgmt [Alberto_Dotson@webcashmgmt.com]
Subject: Important Notice - Incoming Money Transfer
An Incoming Money Transfer has been received by your financial institution for spamcop.net. In order for the funds to be remitted on the correct account please complete the "A136 Incoming Money Transfer Form".
Fax a copy of the completed "A136 Incoming Money Transfer Form" to +1 800 722 5331.
To avoid delays or additional fees please be sure the Beneficiary Information including name, branch name, address, city, state, country, and Routing Number (ABA Number) or SWIFT BIC Code is correct. For international Wires be sure you include the International Routing Code (IRC) and International Bank Account Number (IBAN) for countries that require it.
Cash Management Verification
Phone : 733-495-7476
CONFIDENTIALITY NOTICE: This electronic mail transmission and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information belonging to the sender (Fiserv, Inc.) that is proprietary, privileged, confidential and/or protected from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distributions of this electronic message are violations of federal law. Please notify the sender, by email or telephone (800 722 6328), of any unintended recipients and delete the original message without making any copies.
This is a two stage pony/gate infection according to the Malwr report. Functionally it looks very similar to the payload used in this spam run.