The second one is a fake Wells Fargo spam similar to this:
We have received this documents from your bank, please review attached documents.In this case the EXE-in-ZIP attachment (BankDocs.zip) has a VirusTotal detection rate of 14/47 and calls home    to kidgrandy.com on 126.96.36.199 (Singlehop, US).
Wells Fargo Advisors
817-067-3871 cell Lela.Orozco@wellsfargo.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member
FINRA/SIPC. 1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
documentation. Thank you.
Given the massive onslaught of EXE-in-ZIP spam, I would strongly recommend blocking ZIP files with executables in them at the perimeter.