From: Allen, Claire [Claire.Allen@snapon.com]I have only seen one copy of this with an attachment SKETTDCCSMF14122514571.doc which contains this malicious macro [pastebin], which downloads a further component from:
Date: 24 February 2015 at 14:41
Subject: Copy invoices Snap on Tools Ltd
Attached are the copy invoices that you requested.
Your message is ready to be sent with the following file or link attachments:
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
This executable has a detection rate of 5/57. Various automated analyses     show attempted communications to the following IPs:
126.96.36.199 (OOO Sysmedia, Russia)
188.8.131.52 (GoDaddy, US)
184.108.40.206 (23Media GmbH, Germany)
220.127.116.11 (Digital Ocean, UK)
18.104.22.168 (Goteborgs Universitet, Sweden)
22.214.171.124 (Deniz Toprak / B2 Net Solutions Inc., US)
126.96.36.199 (OVH, Czech Republic)
188.8.131.52 (Tata Indicom, India)
184.108.40.206 (O.M.C. Computers & Communications, Israel)
220.127.116.11 (23Media GmbH, Germany)
According to this Malwr report it drops another version of the downloader called edg1.exe [VT 4/57] and a malicious Dridex DLL [VT 2/57].