The email is send from the spoofed address “American Airlines” and has the following body (single image email):
The ZIP file has the name AA_Electronic_Ticket.zip and contains the 60 kB large file AA_Electronic_Ticket.exe.
The trojan is known as Spyware/Win32.Zbot, Win32/TrojanDownloader.Zortob.B, Trojan.Generic.KDV.783582, W32/Kryptik.BWW.
At the time of writing, 13 of the 44 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: df95ea18dd12805419f71d33e7e8e2bd7a9c013b9799559ef288b609cc56e84f.