The From address is invitations@hi5.com but this is spoofed. The body of the email looks quite genuine and coming from Hi5. If you receive such a message, namely a request to connect from a so called friend, there is normally no file of 244 kB attached to the email.

The trojan is known as Win32:Rootkit-gen (Avast), W32/Autorun-AQL (Sophos), GData (Backdoor.Bot.103388) or VirTool:Win32/Injector.gen!AH (Microsoft).

the trojan has the threat characteristics of ZBot – a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.

There are stealth-mode characteristics common to Rootkits and the option to communicate with SMTP engines to send out emails.

The trojan will create the files %System%\javaa.exe, %System%\jushred.exe and %System%\sdra64.exe on an infected system and the processes jushred.exe and javaa.exe will be running.

The hidden files %System%\lowsec\local.ds, %System%\lowsec\user.ds and %System%\lowsec\user.ds.lll and a hidden folder %System%\lowsec are created.

The system services ERSvc (Error Reporting Service) and wscsvc (Security Center) will be stopped and various registry edits will be performed.

The trojan can connect to remote resources on ports 43, 80, 1033 and 1035 and a connection with msnnews.webhop.org will be created.

The built-in SMTP engine will send emails for the distribution of the trojan towards other victims:

From: invitations@hi5.com
Subject: Jessica would like to be your friend on hi5!
Attachment: Invitation Card.zip

From: order-update@amazon.com
Subject: Shipping update for your Amazon.com order 254-78546325-658742
Attachment: Shipping documents.zip (334,919 bytes)

From: e-cards@hallmark.com
Subject: You have received A Hallmark E-Card!
Attachment: Postcard.zip (334,919 bytes)

VirusTotal permlink and MD5: 4df3cf28fae7b5b02b2d9f4e03b4dbbd.