
The email which arrives in your mailbox. Poorly written and not massively convincing.

The attachment (.zip).

The item within the zip which looks like a Microsoft Word file.

If you look within the zip file it mentions application but no .exe ending.

Now the .exe ending is visible with “Hide extensions for known file types” off.

A real Microsoft Word file next to the fake one. The fake one uses a very old icon format.

Well known Malwarebytes detecting it.

Webroot detecting it.