Yet another Oficla email campaign (CV)

This time I've received a nicer e-mail, a woman sending me her CV!! with a picture of her included too!! :) In fact, she has included in the image some words too, a bit strange...

Again the same actors: Oficla and ZeuS. This time not Feodo downloading. Inside the zip file we can find the Oficla sample, with a medium detection rate. It connects with the domain (now it's down) to ask for URLs to download more malware:

The server response contained the same URL (active yet) as the DHL campaign, downloading the same version of ZeuS, different MD5.

Beware with women!! they are not trustful!! ;)