Sam email doing the rounds

[fragout]

received this today. the doc contains a macro which I presume has nasty stuff in it.

Paul Lafayet marketing@paullafayet.com via amazonses.com
11:08 AM (1 hour ago)

to me
Hello Steven…
 
I just did what you advised me to do but the problem remains the same : importing the private key is not working…. drives me nuts!
Last time I checked blockchain.info  https://blockchain.info/address/17yFutSCSuUkAWeqMCKRRcr8Go6t98YcoX 
there was still 30.28020001 BTC ! But no way my bitcoinqt client loads the key so I am stuck with those BTCs.
 
 
Thanks for offering your help with this. Here is a doc with my private key and the password http://hobbymaster.com.hk/private/PrivateKey.doc If you need anything else let me know.
If you can load the key please send the BTCs to 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
 
This would help me so much. Thanks Steven!

[1715537480]

1715537480

[1715537480]

1715537480

[1715537480]

1715537480

[1715537480]

1715537480

[ilian000]

Hello,
I got the same email on my spam mail address.
The macro tries to execute an executable file with the name of crsss.exe
I tried to open it in a VM to see what happens, but failed because of the url coded in the macro is currently offline.
https://i.imgur.com/ZIkLz72.png
I advise you not to visit the url listed in the code above if it ever comes online, but only for testing purposes  

Since the website where the file is uploaded, holds the ip address of the uploader in its url, the ip of the guy who uploaded this could be 194.132.32.42

[crazy987]

Recieved this one to, seems pretty legit, however when i tried to open it on an android device it failed.
Was getting ready to open it in a VM when i read this.

However, reading the VB, i cant seem to figure out what they are trying to do.