Attached zip file email “2015 PMQ agreement” contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “2015 PMQ agreement”.

This email is send from the spoofed address “linda@pmq.com” and has the following body:

HI

I have Not received your signed contract for the 2015 ad campaign. If you would please sign and return.

Thank you
Linda

Watch our 2015 PMQ Media Kit here: http://www.pmq.com/2015-PMQ-Media-Kit/
PMQ Pizza Magazine
Linda Green / Co-Publisher
(662)234-5481 ext 121 / linda.pmq@gmail.com
cell (662)801-5495
PMQ Pizza Magazine Office: 662-234-5481 x121 / Fax: 662-234-0665
605 Edison Street, Oxford, MS 38655
http://www.pmq.com

Don’t forget to renew your subscription to the magazine at http://www.pmq.com/Subscribe-PMQ/

The attached file American_Wholesale.zip contains the 12 kB large file American_Wholesale.exe.

The trojan is known as Trojan/Win32.Upatre, Upatre-FAAR!D8D4189A5364, Trojan.Agent/Gen-Downloader or Win32.Trojan.Downloader-pdf.Auto.

At the time of writing, 8 of the 57 AV engines did detect the trojan at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: ae71d65a32303f1f129292420532be2c907d04a05c1aef9a429ecf487b578681