There’s a Zip file attached to the email: incoming malware. Inside the Zip file is a PIF file: dangerous executable: “Sha256” Headers: “Headers:,” “Cersers, Cheers, Steve Steve,” “Sanesecurity.com,” “Pifs:,” “Security.com”, “Cybersecurity.com” “PIFs: “Cyberspace.com”; “Cysterware.com: “Cysysware.zip” “Cysticstic.com/Cystic””]
Source: http://sanesecurity.blogspot.com/2015/03/duplikat-faktur-dwie-faktury-proformyzip.html