You have a new fax!
You can find your fax document in the attachment.
Scan quality: 500 DPI
Filesize: 244 Kb
From: Kent Mcgowan
Scanned at: Wed, 28 Oct 2015 16:43:48 +0300
Processed in: 17 seconds
File name: scanned-00657347.doc
Thank you for using Interfax!
Double extensions are a common trick. Windows, by default, doesn't show you the extension of a known file type. So when Windows shows you the name of the file scanned-00657347.doc.js it hides the .js, so what you see it scanned-00657347.doc
The date/time of the file inside the zip is about one hour ago, so it's pretty fresh! And I was the first person to upload it to Virustotal. I claim First to Find!!! That's a geocaching joke.
18/55 products flagged it, 37 didn't. I unzipped the file, and scanned that. Now, only 15 products flagged it, 40 didn't. Clearly, from this and other instances, it makes a difference to the detection capability of a product, whether it is zipped or not. You'd think it might be slightly more difficult to detect when zipped (because the product has to unzip it first, although that's pretty easy). But the reverse seems to be true - I'm seeing better detection when the file is zipped!
The SHA for the unzipped file is