AV industry still pathetic at detecting Javascript (.js) locky email attachments

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Just got a spam from (somewhere in Africa looks like).  
Return path was my own email address (so on first glance it looked like
I sent myself an email).

Subject was simply "Document1".  No message body.  Attachment was

Unzips to a 6kb .js file with a random-looking file-name (or perhaps
it's coded?).

Virus total scan result:


Detection rate:  9/56

Here's who got it right:

AVG        JS/Downloader.Agent
Arcabit    HEUR.JS.Trojan.b
Cyren      JS/Nemucod.AC!Eldorado
F-Prot     JS/Nemucod.AC!Eldorado
Fortinet   JS/Nemucod.JW!tr.dldr
GData      Script.Trojan-Downloader.Agent.OB@gen
McAfee     JS/Nemucod.dx
NANO-Anti  Trojan.Script.Crypoload.eazafx
Tencent    Js.Trojan.Raas.Auto

Everyone else (including malwarebytes and kaspersky) get a big FAIL.

malwr analysis is here:


downloads malware from here:


winjoytechnologies.com is currently

I'm also seeing references to  (IP owned by OHV france)

VT scan of the above .exe file is pathetic:


detection rate 2/57:

Qihoo-360     QVM07.1.Malware.Gen
Rising        PE:Malware.XPACK-HIE/Heur!1.9C48 [F]

malwr scan is here:


Scan isin't finished - I don't know what it will show.

Site Timeline