"2012 and 2013 Tax Documents; Accountant's Letter" spam / tax 2012-2013.exe

This fake tax spam comes with a malicious attachment:

Date:      Wed, 13 Nov 2013 00:44:46 +0800 [11:44:46 EST]
From:      "support@salesforce.com" [support@salesforce.com]
Subject:      FW: 2012 and 2013 Tax Documents; Accountant's Letter

I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2012 and 2013, plus an accountant's letter.

This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission. 

Attached to the file is a ZIP file called dlf2365.zip which contains a malicious executable file tax 2012-2013.exe which has an icon to make it look like a PDF file.

VirusTotal detection rates are 17/47. Automated analysis tools [1] [2] show an attempted connection to nishantmultistate.com on 216.157.85.173 (Peer 1, US). This is the same server as used in this attack, and you can safely assume that the whole server is compromised. Blocking this IP is probably a good idea.