From: PGS Services Limited [email@example.com]
Date: 1 December 2015 at 12:06
Subject: Request for payment (PGS/73329)
We are contacting you because there is an invoice on your account that is overdue for payment and although we have contacted you already our system is still showing that the invoice remains unpaid.
RST Support Services Limited
Rotary Watches Ltd
2 Fouberts Place
Full details are attached to this email in DOC format.
Customer services team
PGS Services | Expert Property Care
Direct dial: 0203 819 7054
Visit our website: www.pgs-services.co.uk
10 quick questions - tell us what you think!
Attached is a file 3-6555-73329-1435806061-3.doc which comes in at least three different versions (VirusTotal results   ) and these Malwr reports    indicate that it downloads a malicious binary from the following locations:
This binary has a detection rate of 2/55. According to this Malwr report and this Hybrid Analysis report, it phones home to some familiar and very bad IPs:
220.127.116.11 (Cizgi Telekomunikasyon Anonim Sirketi, Turkey)
18.104.22.168 (Elvsoft SRL, Romania / Coreix, UK)
22.214.171.124 (Ho Chi Minh City Post and Telecom Company, Vietnam)
126.96.36.199 (Trinity College Hatford, US)
The payload is probably the Dridex banking trojan.