Trojan-Spy.Win32.Goldun.a tries to steal bank related info. The first run had the following message body: “Hi! Hello! Clients Database.csv database in Microsoft Excel” The second run is a true fraud mail which pretends to be from E-Gold, which is a banking site, and has a.zip archive attached to it. This.zip archive contains setup.exe which is the same malware. The. archive contained an exploit to run Trojan-.win32.a, which also resided in the.chm file.”]
Source: https://securelist.com/different-spam-runs-for-same-malware/29929/

