From: Hector Malvido [firstname.lastname@example.org]Attached is a file filename-1.doc (3/57 detection by AV vendors) which may come in many different versions, but the samples I have all have this malicious macro [pastebin] which downloads another component from the following location:
Date: 20 April 2015 at 10:51
Subject: Pending payment
This invoice shows in my records that has not being pay can you review your records please
This is saved as %TEMP%\grant8i.exe and has a VirusTotal detection rate of 5/57. Automated analysis tools     show it phoning home to:
220.127.116.11 (StarNet SLR, Moldova)
The Malwr report shows that it drops a Dridex DLL with a 3/57 detection rate.