Date: Mon, 20 Jan 2014 14:23:08 +0000 [09:23:08 EST]
From: Bill Me Later [firstname.lastname@example.org]
Subject: Thank you for scheduling a payment to Bill Me Later
Log in here
Your Bill Me LaterÂ® statement is now available!
Thank you for making a payment online! We've received your
Bill Me Later® payment of $1603.57 and have applied it to your account.
For more details please check attached file
Your Bill Me Later Account Number Ending in: 0266
You Paid: $1603.57
Your Payment Date*: 01/20/2014
Your Payment Confirmation Number: 971892583971968191
Don't forget, Bill Me Later is the perfect way to shop when you want more time to pay for the stuff you need. Plus, you can always find great deals and discounts at over 1000 stores. Watch this short, fun video to learn more.
*NOTE: If your payment date is Saturday, or a holiday, it will take an additional day for the payment to appear on your account. However, you will be credited for the payment as of the payment date.
Log in at PayPal.com to make a payment
Do not reply to this email. Please send all messages through the email form on our website. We are unable to respond to account inquiries sent in reply to this email. Bill Me Later is located at 9690 Deereco Rd, Suite 110, Timonium, MD 21093 Copyright 2012 Bill Me Later Inc.
Bill Me Later accounts are issued by WebBank, Salt Lake City Utah
Attached is an archive file PP_03357442.zip which in turn contains a malicious executable PP_03357442.exe which has a VirusTotal detection rate of just 4/45. Automated analysis tools   show an attempted connection to jatit.org on 18.104.22.168 (Colo4, US) which appears to be a legitimate (but presumably compromised) site.