Malware Kuluoz/Asprox/Dofoil - "Invalid address"

The link leads to malware download site to download, which contains Shipping_Label_US_Washington_20016.exe
The exe file is malicious (Kuluoz/Asprox/Dofoil downloader)

Here is the link to virustotal scan results

Date: Fri, 22 Nov 2013 16:07:25 +0100 (CET)
From: "One Day Shipping" <>
Subject: Invalid address



Our courier couldnt make the delivery of parcel to you at 20th November.
Print label and show it in the nearest post office.

 Get a Shipping Label NOW

CARGO | Copyright 2013 CARGO. All Rights Reserved.

Envelope From:
Content-Type: multipart/alternative;boundary="----------1385132845528F732DED708"
Date: Fri, 22 Nov 2013 16:07:25 +0100 (CET)
From: "One Day Shipping" <>
MIME-Version: 1.0
Message-ID: <>
Received: from
by ([]) with SMTP; Fri, 22 Nov 2013 10:07:34 EST
Received: from ([]) by with ESMTP; 22 Nov 2013 10:07:27 -0500
Received: from (localhost.localdomain []) (Authenticated sender: xb5469smtp) by ( with SMTP id EE4BF28F74930 for <>; Fri, 22 Nov 2013 16:07:25 +0100 (CET)
Received: (from by (mini_sendmail/1.3.6 29jun2005); Fri, 22 Nov 2013 16:07:25 CET (sender
Received-SPF: None ( no sender authenticity information available from domain of identity=mailfrom; client-ip=;; envelope-from=""; x-sender=""; x-conformance=spf_only
Received-SPF: None ( no sender authenticity information available from domain of identity=helo; client-ip=; receiver=
; envelope-from=""; x-sender=""; x-conformance=spf_only
Reply-To: "One Day Shipping" <>

X-Ipas-Result: AqGCAG9yj1JZa71lnGdsb2JhbAA/Gg6BYwQBTXyqOIp3iFwWDgEBAQEBCB08g0QdNDGINQk2oGugK48kgwqBEgOJCooxfINcAYJskGKBLUA7
X-Ironport-Anti-Spam-Result: AqGCAG9yj1JZa71lnGdsb2JhbAA/Gg6BYwQBTXyqOIp3iFwWDgEBAQEBCB08g0QdNDGINQk2oGugK48kgwqBEgOJCooxfINcAYJskGKBLUA7
X-Ironport-Av: E=Sophos;i="4.93,752,1378872000"; d="scan'208,217";a="329582488"
X-Mailer: EasyDMfree
X-Senderbase: 5.6

Decimal:    1500233061
ISP:    WebhostOne GmbH
Organization:    WebhostOne GmbH
Services:    Likely mail server
Country:    Germany

Antivirus     Result     Update
Ikarus     Virus.Win32.Vbinder     20131122
Kaspersky     UDS:DangerousObject.Multi.Generic     20131122
Baidu-International     Trojan.Win32.Kryptik.BPKY     20131122
Malwarebytes     Trojan.Inject.RRE     20131122
TrendMicro-HouseCall     TROJ_GEN.F47V1122     20131122
Symantec     Suspicious.Cloud.5     20131122
TrendMicro     PAK_Generic.001     20131122
Sophos     Mal/Generic-S     20131122
McAfee-GW-Edition     Heuristic.LooksLike.Win32.Suspicious.F     20131121
ESET-NOD32     a variant of Win32/Kryptik.BPKY     20131122 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.