The link leads to malware download site to download Shipping_Label_US_Washington_20016.zip, which contains Shipping_Label_US_Washington_20016.exe
The exe file is malicious (Kuluoz/Asprox/Dofoil downloader)
http://hydrogeit-verlag.de/main.php?go=CHHuKL+oZufc6u5wT/BTLoyHfLdLZ+5u38VxbyT81ME=
Here is the link to virustotal scan results
https://www.virustotal.com/en/file/10911b4ce659503e802779ec1acbd208feacc2ffa4ada604bbafd89f21fbd101/analysis/1385148082/
Date: | Fri, 22 Nov 2013 16:07:25 +0100 (CET) |
From: | "One Day Shipping" <us_259@punktum-magazin.de> |
To: | |
Subject: | Invalid address |
CARGO .COM
Notification
Our courier couldnt make the delivery of parcel to you at 20th November.
Print label and show it in the nearest post office.
Get a Shipping Label NOW
CARGO | Copyright 2013 CARGO. All Rights Reserved.
Envelope From: xb5469@xb5.serverdomain.org
Content-Type: multipart/alternative;boundary="----------1385132845528F732DED708"
Date: Fri, 22 Nov 2013 16:07:25 +0100 (CET)
From: "One Day Shipping" <us_259@punktum-magazin.de>
MIME-Version: 1.0
Message-ID: <20131122150725.EE4BF28F74930@mail.xb5.serverdomain.org>
Received: from
by na3sys009amx199.postini.com ([74.125.148.10]) with SMTP; Fri, 22 Nov 2013 10:07:34 EST
Received: from mail.xb5.serverdomain.org ([89.107.189.101]) by iron3-mx.tops.gwu.edu with ESMTP; 22 Nov 2013 10:07:27 -0500
Received: from xb5.serverdomain.org (localhost.localdomain [127.0.0.1]) (Authenticated sender: xb5469smtp) by mail.xb5.serverdomain.org (mail.xb5.serverdomain.org) with SMTP id EE4BF28F74930 for <bcomer@gwu.edu>; Fri, 22 Nov 2013 16:07:25 +0100 (CET)
Received: (from xb5469@xb5.serverdomain.org) by xb5.serverdomain.org (mini_sendmail/1.3.6 29jun2005); Fri, 22 Nov 2013 16:07:25 CET (sender xb5469@xb5.serverdomain.org)
Received-SPF: None (iron3-mx.tops.gwu.edu: no sender authenticity information available from domain of xb5469@xb5.serverdomain.org) identity=mailfrom; client-ip=89.107.189.101; receiver=iron3-mx.tops.gwu.edu; envelope-from="xb5469@xb5.serverdomain.org"; x-sender="xb5469@xb5.serverdomain.org"; x-conformance=spf_only
Received-SPF: None (iron3-mx.tops.gwu.edu: no sender authenticity information available from domain of postmaster@mail.xb5.serverdomain.org) identity=helo; client-ip=89.107.189.101; receiver=
; envelope-from="xb5469@xb5.serverdomain.org"; x-sender="postmaster@mail.xb5.serverdomain.org"; x-conformance=spf_only
Reply-To: "One Day Shipping" <us_259@punktum-magazin.de>
X-Ipas-Result: AqGCAG9yj1JZa71lnGdsb2JhbAA/Gg6BYwQBTXyqOIp3iFwWDgEBAQEBCB08g0QdNDGINQk2oGugK48kgwqBEgOJCooxfINcAYJskGKBLUA7
X-Ironport-Anti-Spam-Result: AqGCAG9yj1JZa71lnGdsb2JhbAA/Gg6BYwQBTXyqOIp3iFwWDgEBAQEBCB08g0QdNDGINQk2oGugK48kgwqBEgOJCooxfINcAYJskGKBLUA7
X-Ironport-Av: E=Sophos;i="4.93,752,1378872000"; d="scan'208,217";a="329582488"
X-Mailer: EasyDMfree
X-Senderbase: 5.6
IP: 89.107.189.101
Decimal: 1500233061
Hostname: mail.xb5.serverdomain.org
ISP: WebhostOne GmbH
Organization: WebhostOne GmbH
Services: Likely mail server
Country: Germany
---
https://www.virustotal.com/en/file/10911b4ce659503e802779ec1acbd208feacc2ffa4ada604bbafd89f21fbd101/analysis/1385148082/
Antivirus Result Update
Ikarus Virus.Win32.Vbinder 20131122
Kaspersky UDS:DangerousObject.Multi.Generic 20131122
Baidu-International Trojan.Win32.Kryptik.BPKY 20131122
Malwarebytes Trojan.Inject.RRE 20131122
TrendMicro-HouseCall TROJ_GEN.F47V1122 20131122
Symantec Suspicious.Cloud.5 20131122
TrendMicro PAK_Generic.001 20131122
Sophos Mal/Generic-S 20131122
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.F 20131121
ESET-NOD32 a variant of Win32/Kryptik.BPKY 20131122
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.