New javascript malware: Attached picture

MX Lab,, started to intercept a new malware distribution campaign by email with the subjects like:

Attached Doc
Attached Document
Attached Image
Attached Picture

This email is send from the spoofed addresses in the format *****@domeinrecipient where ***** is replaced by canon, copier, epson, xerox,… to indicate that the message comes from a scanning device in the company. The email body itself remains empty.

The attached file *****, always in the format emailaddress recipient followed by various numbers, contains the file DMP5446927213.js or similar.

The malware is detected by 3/56 AV engines at Virus Total. Malwr analysis shows that malware will be downloaded from hxxp://

The malware is detected by 9/56 AV engines at Virus Total and the analysis is available on Malwr.