Date: Mon, 9 Dec 2013 20:32:19 +0800 [07:32:19 EST]Attached is an archive file called TNT UK Self Billing Invoice.zip (VirusTotal detection rate 6/49) which in turn contains a malicious executable TNT UK Self Billing Invoice.exe (detection rate 6/47) which has an icon that make it look like a PDF file.
From: Accounts Payable TNT [firstname.lastname@example.org]
Subject: TNT UK Limited Self Billing Invoice 5321378841
Download the attachment. Invoice will be automatically shown by double click.
   show an attempted connection to 2dlife.com on 188.8.131.52 (JoneSolutions.Com, Philippines). I can see only two domains on this server, the other one being 2dlife.fr so I would assume that both are compromised and blocking access to this IP address is the way to go.