Date: Mon, 4 Nov 2013 21:00:59 +0600 [10:00:59 EST]Attached is a file PaymentOverdue.zip which in turn contains a malicious executable Payroll_Report-PaymentOverdue.exe with a icon that makes it look like an Excel spreadsheet.
From: Payroll Reports [email@example.com]
Please find attached payroll reports for the past months. Remit the new payment by 11/10/2013 as outlines under our payment agreement.
This e-mail has been sent from an automated system. PLEASE DO NOT REPLY.
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
This malware has a VirusTotal detection rate of just 4/47, and automated analysis tools    shows an attempted connect to goyhenetche.com on 22.214.171.124 (Singlehop, US), a server that contains many legitimate domains but some more questionable ones too.