From: John Donald [firstname.lastname@example.org]There is no body text, but there is an attachment Document1.doc which is not currently detected by AV vendors, in turn it contains this malicious macro [pastebin] which downloads another component from the following location:
Date: 4 March 2015 at 09:09
Note that there may be other different versions of this document with different download locations, but it should be an identical binary that is downloaded. This file is saved as %TEMP%\GHjkdjfgjkGKJ.exe and has a VirusTotal detection rate of 2/57.
Automated analysis tools   show attempted network traffic to the following IPs:
126.96.36.199 (MWTV, Latvia)
188.8.131.52 (Net3, US)
184.108.40.206 (OneGbits, Lithunia)
220.127.116.11 (Gameservers.com / Choopa LLC, Netherlands)
According to the Malwr report it also drops another version of itself with a detection rate of just 1/57 plus a DLL with a detection rate of 7/56.