Tax invoice of the European Comission’s Office contains trojan

MX Lab,, started to intercept a new trojan distribution campaign by email with the subject “invioce” and is sent from  the spoofed address “European Commissions’s Office<>” and has the following body:

Please open the attached file for your income tax invoice.From the European
Commission’s office .This message is for all the European Union citizens.
Note: European Union citizens Tax invoices are provided Once a year.
please refer to your tax Confirmation email. Attachment: Tax Invoice.
For Better Understanding.
Mr Jeff Black

The attached file is named invoice.exe and is approx. 170 kB large.

The trojan is known as a variant of Win32/Injector.PWG (NOD32), W32/Obfuscated.D!genr (Norman), Trojan.Win32.Generic.pak!cobra ( VIPRE).

At the time of writing, only 6 of the 42 AV engines did detect the trojan at Virus Total.

Virus Total permalink and SHA256: 327c5ee89bd87295870e1792ff4636af91631248859cb1b51c71211f2f0ba1b4.