Fake email regarding delivery attempt by FedEx contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects similar to:

Reese Torres agent Fedex
Dylan Livingstone agent Fedex

This email is send from the spoofed address “Fedex <fedexservice@juno.com>” and has the following body:

Dear Customer,
We tried to deliver your item on February 22th, 2014, 08:15 AM.
The delivery attempt failed because the address was business closed or nobody could sign for it.
To pick up the package,please, print the receipt that is attached to this email and visit Fedex location indicated in the invoice.
If the package is not picked up within 48 hours, it will be returned to the shipper.
Label/Receipt Number: 44364578782324455
Expected Delivery Date: February 22th, 2014
Class: International Package Service
Service(s): Delivery Confirmation
Status: Notification sent

Thank you

Copyright© 2015 FEDEX. All Rights Reserved.
*** This is an automatically generated email, please do not reply ***

The attached file Package.zip contains the 78 kB large file 443645787823424455.scr.

The trojan is known as HEUR:Trojan.Win32.Generic or Win32.Trojan.Inject.Auto.

At the time of writing, 5 of the 57 AV engines did detect the trojan at Virus Total.

Use the Virus Total for more detailed information.
SHA256: 09162dab1d254ad9fc583f165f554d57cd0205e129099ff102291ac4090cb23b