From: Monique Chen [ChenMonique412@magicleafstudio.com]The attachment is named invoice_copy_78350434.zip and it contains a malicious script invoice_copy_BD2E45I62A129S.js which has a VirusTotal detection rate of 2/55. The script is obfuscated (see example) but according to these analyses   downloads a malicious executable from:
Date: 2 December 2015 at 19:22
Subject: Invoice from PASSION BEAUTY SUPPLY LTD
Dear Customer ,
Please review the attached copy of your Invoice (number: IN78350434) for an amount of $470.49.
Thank you for your business
This has a detection rate of 3/55. The hosts contacts are the same as for the earlier spam run and I recommend you block them.