New Javascript malware: Invoice

MX Lab,, started to intercept a new malware distribution campaign by email with the subject “Invoice”.

This email is send from the spoofed addresses and has the following body:

Please find the invoice attached.
How about meeting on Friday?

Yours truly,
Celia Mack

Phone +1 (034) 518-10-59
Fax +1 (034) 518-10-15
Reply-Index: b4f80c6e9044369fb9e48407131505b7b26a779c8461

The attached file contains the file INV000 fd64.js. Note that the signature in the email and the filenames of the ZIP archive and the payload may change with each email.

The malware is detected by 6/53 AV engines at Virus Total. and more detailed information is available on Malwr.