Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

MALWARE - Order Number 'Thank You For Using Our Services' Email


Email claims to be a notification about a recent transaction and includes an order number, price, and payment method. It advises you to open an attached file for details about the purchase.

Facebook phising
© panama555

Brief Analysis

The email is not a genuine transaction notification. The attached .zip file contains malware that can infect your computer. Order numbers and other details may vary in different versions. Do not open any attachments or click any links in this email.


Order no. 68474839976

Thank you for using our services!
Your order #68474839976 will be shipped on 31.08.2014.
Date: August 27, 2014. 11:58am
Price: £174.94
Payment method: Wire transfer
Transaction number: C9FBB22E241CA76D
Please find the detailed information on your purchase in the attached file
Best regards,
Sales Department
Yuki Benes

(Attachment name:

Detailed Analysis

Email Supposedly Provides Details About a Recent Transaction

This email, which is currently being distributed to many inboxes around the world, appears to be an order notification about a recent purchase. The email includes an order and transaction number and the price of the item supposedly purchased. It also lists the payment method used as well as purchase and shipping dates.

It claims that you can find detailed information about the purchase by opening an attached .zip file.

Email is Not an Order Notification - Attachment Contains Malware

However, the email is not a genuine order notification and the attachment does not contain details about a purchase.

If you open the .zip file, you will find that it contains two files, one named 'order.bat' and another named 'order.dat'.

A batch (.bat) file is a special type of text file that contains a series of commands that can be executed when you run the file. Batch files can be useful for automatically performing repetitive tasks on Windows based computers and for a variety of other legitimate uses.

In this case, however, the batch file is being used for malicious purposes. This .bat file may run commands that interact with the .dat file and install malware on your computer.

There are several versions of the malware email that feature different order numbers, purchase amounts, and purchase dates. The name of the supposed sender may also vary.

Fake Receipt and Order Notifications a Common Malware Tactic

Criminals often use bogus order notifications and purchase receipts as a means of distributing malware. The criminals bank on the fact that at least a few recipients will be panicked into opening attachments or clicking links in the mistaken belief that their credit card has been misused.

Be very cautious of any generic and unexpected email that claims you can view details about a supposed transaction by opening an attached file or clicking a link.

© unkreatives

Last updated: August 28, 2014
First published: August 28, 2014
By Brett M. Christensen
About Hoax-Slayer

Order no. 26187973020 malware
Amazon 'Order Details' Malware Email
Qantas 'E-Ticket Itinerary Receipt' Malware Email