Fake Postal Notification Service emails from FedEx download malicious notification.exe


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Postal Notification Service”.

This email is send from the spoofed address “”Fedex >” <voyeuristicxd@jackpowerspiritbind.us>” and has the following body:

Dear Customer,

Your parcel has arrived at December 12. Courier was unable to deliver the parcel to you.
To receive your parcel, print this label and go to the nearest office.

Screenshot of the email:

The embedded URL, in our sample hxxp://appimmobilier.com/notification.exe, will download the 58 kB large file notification.exe.

The trojan is known as Win32/TrojanDownloader.Wauchos.AF, UDS:DangerousObject.Multi.Generic or Win32.Trojan.Inject.Auto.

At the time of writing, 3 of the 56 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: de425462f1fb95c91edd01ded9337869053c4a09f11c9bec830c542fc5720be8

One thought on “Fake Postal Notification Service emails from FedEx download malicious notification.exe

  1. i received an email that my parcel arrived on the date 3rd january but the courier was unable to deliver the package to me. Just asking, is this email from you?. fedex_express@aol.com it is the senders email address.

Comments are closed.