From firstname.lastname@example.orgThe attachment is named pmB3A6.doc and it comes in at least four different versions (VirusTotal results    ) and it contains a malicious macro like this [pastebin] which according to these Hybrid Analysis results     downloads a malicious binary from one of the three following locations:
Date Fri, 20 Nov 2015 18:49:06 +0700
Subject Reprint Document archive
Attached is a Print Manager form.
Format = Word Document Format File (DOC)
This executable has a detection rate of 4/52 and according to that VT report and this Malwr report there is network traffic to:
220.127.116.11 (Trinity College Hartford, US)
18.104.22.168 (Elvsoft SRL, Romania / Coreix, UK)
Interesting, if you look at the Hybrid Analysis report and others, the executable masquerades as mbar.exe / Malwarebytes Anti-Rootkit. The payload is most likely to be the Dridex banking trojan.