Date: Tue, 05 Aug 2014 17:18:39 +0700 [06:18:39 EDT]Attached is an archive ID_20146308660.zip which contains a folder invoice__details_June-July.xls which in turn contains a malicious executable invoice__details_June-July.xls.scr which has a VirusTotal detection rate of just 2/54. According to the CAMAS report, the malware then downloads a further component from one of the following locations:
From: Accounts Dept [firstname.lastname@example.org]
Subject: Invoice 20146308660 June 2014 - July 2014 dynamoo
This email contains an invoice file for June 2014 - July 2014. Please pay invoice in full in 3 business days and reply to us.
This second stage has a VirusTotal detection rate of 9/54. Automated analysis tools are inconclusive  .