Fake fax message from mass.fax@faxik.co.uk contains trojan

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Fax #5678228 (number will change with each email)”.

This email is send from the spoofed address “”Fax.s” <mass.fax@faxik.co.uk>” and has the following body:

Fax message
Sent date: Tue, 21 Apr 2015 19:20:25 +0000

The attached file Fax#58899135.zip contains the 88 kB large file Fax.exe.

The trojan is known as Adware.Win32.iBryte.DFXQ, Packed.Win32.FakeAV-Crypter.6!O, PE:Malware.Obscure!1.9C59 or Trojan.Win32.Qudamah.Gen.24.

At the time of writing, 7 of the 56 AV engines did detect the trojan at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: abed978e2662fc9b5ea95eed10236bb4e57057cbc67318299de3566e70ce5125

One thought on “Fake fax message from mass.fax@faxik.co.uk contains trojan

Comments are closed.