What could zipped exe be attached to suspicious e-mail?
A friend in California forwarded a suspicious e-mail to me to check out:
"From: Notice to Appear
Sent: Saturday, December 28, 2013 11:12 AM
Subject: Notice to appear in court NY5002
Notice of appearance,
Hereby you are informed that you are due in the court of New York
on the 16 of January, 2014 at 11:00 am for the hearing of your case.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.
Clerk to the Court."
But the "Notice to Appear" in the from was support.3 at a major worldwide law firm with an office in NY (likely forged), and "Clerk to the Court" looks fishy (shouldn't that be "Clerk of the Court"). And it does not say which court or case they are referring to (no address, phone#, etc.). Unfortunately I cannot see full headers of the original message in the forwarded copy, so I cannot tell where it really might have originated from.
The attachment was a zip file containing a 173056 byte file called Court_Notice_NY_Meagher_and_Flom.exe which I extracted in Linux. The "file" command in Linux shows it as: PE32 executable (GUI) Intel 80386, for MS Windows, and looking at it with a hex/ascii editor shows near the beginning that it will not run in DOS mode. Scanning the file with MS Security Essentials or Malwarebytes in Windows does not reveal anything.
So I am just curious what this file could be or its purpose. Who in their right mind is going to run a suspicious exe file, other than a clueless Windows user who has not enabled file extensions to be shown? Certainly if this was something legitimate it should be some operating system independent file, like a pdf, not a Windows only file.
- Reginald GLv 67 years agoFavorite Answer
Looks very much like a virus - see
- Wide GlideLv 77 years ago
XXXXXXXXX.exe's are NOT allowed in ANY email. IF any infection is there, by opening or clicking, a user would be directed to the actual site delivering the payload.
Several things would have to be considered, Is the file in question Packed(To prevent Reverse Engineering) and is it Obfuscated(And how many times)
I would be more than happy to analyze it for you
- 7 years ago
Court's can't/don't send summonses by e-mail. It's all personal delivery or U.S. Postal Service.
- How do you think about the answers? You can sign in to vote the answer.
- 7 years ago
thats why most of the email providers have a option called scan the attachment for this purpose only so they dont let you easily effect your computer