Fly the spammy, viral skys - courtesy of the Ximian Evolution spammer.

VT scans are here:

https://www.virustotal.com/en/file/49a62e3f26b1c3926856f23c4d36efb7b3b8d6e1b2c5
5035da25a863bd4ecb7e/analysis/1414708943/

Detection ratio: 12/53

https://www.virustotal.com/en/file/c0a06ef0a9103eb912fda2593f2cf9ea0da0eb7c9b31
fba2eb229db5d5dcf8b6/analysis/1414708934/

Detection ratio: 23/54

https://www.virustotal.com/en/file/49a62e3f26b1c3926856f23c4d36efb7b3b8d6e1b2c5
5035da25a863bd4ecb7e/analysis/1414708943/

Detection ratio:  22/54

Samples received:
Wed, 29 Oct 2014  2:08 PM EST
Wed, 29 Oct 2014  4:18 PM EST
Thu, 30 Oct 2014 10:25 AM EST

Analysis time: 2014-10-30 22:42:02 UTC (6:42 pm EST)

Two samples had been in circulation for 27/29 hours, once sample had
been in circulation for 7 hours.

Consistent at early detection:

AVware         Ad-Aware     BitDefender    Cyren 
ESET-NOD32     Emsisoft     F-Prot         F-Secure 
GData          McAfee       Sophos         VIPRE 

Consistent at secondary (later) detection:

AVG            AhnLab-V3    Avast          Avira 
DrWeb          Norman       SUPERAntiSpyware 
Symantec       TrendMicro-HouseCall        nProtect 
Kaspersky 

Garbage (did not detect anything):

AegisLab       Agnitum      Antiy-AVL      Baidu-International
Bkav           ByteHero     CAT-QuickHeal  CMC
ClamAV         Comodo       Fortinet       Ikarus
Jiangmin       K7AntiVirus  K7GW           Kingsoft
Malwarebytes   MicroWorld-eScan            Microsoft
NANO-Antivirus Qihoo-360    Rising         Tencent
TheHacker      TotalDefense VBA32          ViRobot
Zillya         Zoner        TrendMicro


Download your copy of these 3 files here:

http://www.filedropper.com/et-37513172

Being detected most often by the packer type, which is variously
identified as Cobra and Strictor.  

Spam details:

------------------
Return-Path: 
Received:   from lamourhair.com ([70.89.71.225])
Wed, 29 Oct 2014 14:08:30 -0400
From: "Delta Air" 
Subject: Your order #ID MUNGED is processed
X-Mailer:  XimianEvolution1.4.6

Return-Path:  
Received:  from artuindenfair.com ([65.30.177.228])
Wed, 29 Oct 2014 16:18:26 -0400
From: "Delta Air" 
Subject: Thank you for your order
X-Mailer:   XimianEvolution1.4.6

Return-Path:  
Received: from smokymtnair.com ([216.153.18.130])
Thu, 30 Oct 2014 10:25:55 -0400
From: "Delta Air Lines" 
Subject: The order #MUNGED is ready
X-Mailer:  XimianEvolution1.4.6
------------------

Notification,

E-TICKET / ET-15616197 
SEAT / 60E/ZONE 3 
DATE / TIME 5 NOVEMBER, 2014, 09:25 AM 
ARRIVING / Newport News 
FORM OF PAYMENT / XXXXXX 
TOTAL PRICE / 277.38 USD 
REF / LE.4825 ST / OK 
BAG / 6PC 

Your electronic ticket is attached to the letter as a scan document. 
You can print your ticket. 

Thank you for your attention. 
Delta Air Lines. 

------------------

Dear Client,

E-TICKET / ET-48357361 
SEAT / 48A/ZONE 3 
DATE / TIME 20 NOVEMBER, 2014, 08:55 PM 
ARRIVING / Riverside 
FORM OF PAYMENT / XXXXXX 
TOTAL PRICE / 271.92 USD 
REF / LE.0802 ST / OK 
BAG / 7PC 

Your bought ticket is attached. 
You can print your ticket. 

Thank you for your attention. 

----------------------

D E L T A
Flight Status
Flight 2799 on 03 November 2014
Your electronic ticket is attached to the letter as a scan document.
You can print your ticket. 

Status:  Scheduled

Departure City: Hampton Gate D4 4:23PM 
Arrival City: Clarksville Gate 0 5:43PM 

Flight Detail

Carrier: ExpressJet DBA Delta Connection
Equipment type: Canadair regional Jet 

Flight Distance: 375 miles 
Travel time: 1 hr 37 min 
First\Business Class Meals: None 
Amenities:  Economy Class
Meals: None Amenities:
--- NewsGate v1.0 gamma 2