This time I've received a nicer e-mail, a woman sending me her CV!! with a picture of her included too!! :) In fact, she has included in the image some words too, a bit strange...
Again the same actors: Oficla and ZeuS. This time not Feodo downloading. Inside the zip file we can find the Oficla sample, with a medium detection rate. It connects with the domain showtimeru.ru (now it's down) to ask for URLs to download more malware:
The server response contained the same URL (active yet) as the DHL campaign, downloading the same version of ZeuS, different MD5.
Beware with women!! they are not trustful!! ;)