Date: Thu, 10 Jul 2014 00:09:28 -0700 [03:09:28 EDT]It comes with an attachment TT PAYMENT COPY.ZIP containing the malicious executable TT PAYMENT COPY.exe which has a VirusTotal detection rate of 19/54. According to Malwr this appears to be a self-extractive archive file which then drops (inter alia) a file iyKwmsYRtDlN.com which has a very low detection rate of 1/52. It isn't clear what this file does according to the report.
From: "PGS Global Express Co, Ltd." [email@example.com]
Subject: Re TT PAYMENT COPY
Good day sir,here is the copy of the transfer slip ,kindly find the attach copy and please check with your bank to confirm the receipt of the payment and do the needful by dispatching the material as early as possible.
We hope you will do the needful and let us know the dispatch details.
------sent from my iphone5s-------
Thursday, 10 July 2014
"TT PAYMENT COPY" spam
before. It comes with a malicious attachment.