From: Sue MorckageThe number in the subject is random, and attached is a document with the same format name (in this example invoice_9232088.doc). So far I have seen two attachments both with VT detection rates of 4/54   [Malwr report] which contains one of two malicious macros   which then go and download a binary from one of the following locations:
Date: 7 November 2014 13:10
Subject: inovice 9232088 November
This email contains an invoice file attachment
This binary gets copied into %TEMP%\AKETVJIJPZE.exe and it has a VirusTotal detection rate of just 1/54, but so far automated analysis tools    are inconclusive as to what this does, however the payload is likely to be Cridex.