New Javascript malware in email “Contract”

MX Lab,, started to intercept a new malware distribution campaign by email with the subject “Contract”.

This email is send from the different spoofed email address and has the following body – each time signed with a different name at the end:


Please sign the attached contract with our technical service company for 2016 � 2017.
We would appreciate your quick response.

King regards,
Eusebio Wooten

(Digital-Signature: 21077b69896386aa05cb891eac33dfde963470dec559f213274f)

The attached file contains the file contract_2016-2017_pdf ~62bbb6d9.js.

The malware is detected by 15/56 AV engines at Virus Total and the malware is analyzed by Malwr.