I received the following e-mail a few minutes ago;
The link it points to for the download;
.. leads to an IP in China. If we scan the file with VirusTotal, we see it's an IRC trojan.
Extracting the file, shows it claiming to be a .DLL by the name of fp721ext.dll. This DLL however, is actually a folder, and contains the files shown in the following screenshot;
As you can see, there are quite a few in there. mIRC itself, a legit IRC client, has been renamed mircrosoft.exe. The folder also contains a file called csc.cmd. Amongst other things, this adds an exception to the Windows firewall, to allow mircrosoft.exe to connect without warning you, to the attackers IRC channel;
regis.reg contains the following;
anyssya.jpg actually is a JPG file, and it's detection at VT is non-existent. However, since it's also loaded by the csc.cmd file, I'm betting it's a little more than it seems.
The infection, judging by the .ini files, seems to connect to 220.127.116.11 (client-8935207106.raknetsoft.ro).
I'll post further analysis once complete. In the meantime, the e-mail itself originated from 18.104.22.168 (Velcom (ADSL) NET-VELCOM-DSL-1) and had the following properties;