header:
01: Return-Path: pawel.maciejewicz [at] hydromechanika.pl
02: Received: from ale232.rev.netart.pl ([85.128.161.232]) by mx-ha.web.de
03: (mxweb101) with ESMTP (Nemesis) ID: [ID filtered]
04: <xyx>; Thu, 26 Mar 2015 xx:xx:xx +0100
05: Received: from [127.0.0.1] (unknown [213.240.224.232])
06: by hydromechanika.nazwa.pl (Postfix) with ESMTP ID: [ID filtered]
07: Thu, 26 Mar 2015 xx:xx:xx +0100 (CET)
08: Message-ID: [ID filtered]
09: Date: Wed, 25 Mar 2015 xx:xx:xx -0700
10: From: "pawel.maciejewicz [at] hydromechanika.pl"
11: <pawel.maciejewicz [at] hydromechanika.pl>
12: Subject: info
13: To: 3verschiedene eMail-Adressen
14: Content-Type: multipart/mixed;
15: boundary="G7loWIuZ5G=_HDXLq5TIveqjf2f6Tmdpcg"
16: MIME-Version: 1.0
17: Reply-To: pawel.maciejewicz [at] hydromechanika.pl
18: X-Mailer: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2)
19: Gecko/20030208 Netscape/7.02
20: Envelope-To: <xyx>
Alle laufenden Arbeiten wurden rechtzeitig durchgeführt ,ich verstehe nicht warum Sie immer noch nicht bezahlt haben und mir 0417 euro schulden.Kostenplan im Anhang.
Anhang Word-Dokument wichtig_4637.doc – virustotal 23 / 50
ALYac W97M.Dropper.H
AVware LooksLike.Macro.Dropper.a (v)
Ad-Aware W97M.Dropper.H
Avast Other:Malware-gen [Trj]
Avira WM/Dropper.AJ
BitDefender W97M.Dropper.H
CAT-QuickHeal W97M.Dropper.CB
Cyren W97M/Dropexe.A
DrWeb W97M.MulDrop.38
ESET-NOD32 VBA/TrojanDropper.Agent.AJ
F-Prot W97M/Dropexe.A
Ikarus Trojan-Downloader.VBA.Agent
McAfee W97M/Downloader.afb
McAfee-GW-Edition W97M/Downloader.afb
MicroWorld-eScan W97M.Dropper.H
Microsoft TrojanDropper:W97M/Gamarue
NANO-Antivirus Trojan.Script.Agent.dowcyf
Symantec Trojan.Mdropper
Tencent Win32.Trojan.Dropper.Szuy
TrendMicro W2KM_DROPPR.UKM
TrendMicro-HouseCall W2KM_DROPPR.UKM
VIPRE LooksLike.Macro.Dropper.a (v)
nProtect W97M.Dropper.H
header:
01: Return-Path: harryhatta.hph [at] iil.co.id
02: Received: from mail.iil.co.ID: [ID filtered]
03: with ESMTP (Nemesis) ID: [ID filtered]
04: 26 Mar 2015 xx:xx:xx +0100
05: Received: from localhost (localhost [127.0.0.1])
06: by mail.iil.co.ID: [ID filtered]
07: Thu, 26 Mar 2015 xx:xx:xx +0700 (WIB)
08: X-Virus-Scanned: amavisd-new at iil.co.id
09: Received: from mail.iil.co.ID: [ID filtered]
10: by localhost (mail.iil.co.ID: [ID filtered]
11: with ESMTP ID: [ID filtered]
12: Received: from localhost (localhost [127.0.0.1])
13: by mail.iil.co.ID: [ID filtered]
14: Thu, 26 Mar 2015 xx:xx:xx +0700 (WIB)
15: Received: from [127.0.0.1] (rrcs-24-123-40-117.central.biz.rr.com
16: [24.123.40.117])
17: by mail.iil.co.ID: [ID filtered]
18: Thu, 26 Mar 2015 xx:xx:xx +0700 (WIB)
19: Message-ID: [ID filtered]
20: Date: Wed, 25 Mar 2015 xx:xx:xx -0700
21: From: "harryhatta.hph [at] iil.co.id" <harryhatta.hph [at] iil.co.id>
22: Subject: important
23: To: 3 verschiedene eMail-Adressen
24: Content-Type: multipart/mixed;
25: boundary="OunAVVVer1dri9kLlpQ=_bZgKnNRp06j9F"
26: MIME-Version: 1.0
27: Reply-To: harryhatta.hph [at] iil.co.id
28: X-Mailer: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5)
29: Gecko/20031013 Thunderbird/0.3
30: Envelope-To: <xyx>
Sehr geehrter Kunde,
Ihre fällige Rechnung #36211 finden Sie im Anhang.
Bitte begleichen Sie diese Rechnung bis spätestens 01.04.2015.
Wir danken Ihnen für die Zusammenarbeit und hoffen dass Sie mit unseren Service zufrieden sind.
Hochachtungsvoll
Anhang Word-Dokument Informationen_4781.doc - 22 / 57
ALYac W97M.Dropper.H
AVware LooksLike.Macro.Dropper.a (v)
Ad-Aware W97M.Dropper.H
BitDefender W97M.Dropper.H
CAT-QuickHeal W97M.Dropper.CB
Cyren W97M/Dropexe.A
DrWeb W97M.MulDrop.38
ESET-NOD32 VBA/TrojanDropper.Agent.AJ
Emsisoft W97M.Dropper.H (B)
F-Prot W97M/Dropexe.A
F-Secure W97M.Dropper.H
GData W97M.Dropper.H
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky Trojan-Downloader.MSWord.Agent.hc
McAfee W97M/Downloader.afb
McAfee-GW-Edition W97M/Downloader.afb
MicroWorld-eScan W97M.Dropper.H
Microsoft TrojanDropper:W97M/Gamarue
NANO-Antivirus Trojan.Script.Agent.dowcyf
Sophos Troj/DocDl-JC
VIPRE LooksLike.Macro.Dropper.a (v)
nProtect W97M.Dropper.H
Makros in beiden 44 seitigen Word-Dokumenten deaktiviert ...
Lesezeichen