I haven’t seen this particular malware spam before – obviously it is not the real thing 🙂
Note the @nyc.gov email address.
The message path is interesting – the email *apparently* originated from nyc.gov (188.8.131.52) to be picked up by 184.108.40.206 (obbh.com – India Delhi Rcom-wireless-1x-mumbai).
Interestingly, 220.127.116.11 does, apparently, host nyc.gov as well as nycppf.org – the host resolves as prtl-drprd-web.nyc.gov.
So, are we looking at forged headers or a problem affecting nyc.gov? Note how the dates are screwy – according to the headers the mail was sent from 18.104.22.168 on 3 August but wasn’t passed on by 22.214.171.124 until the 17th of August?
The attachment is definitely bad – when unzipped the contents (a single file) has a PDF icon but is actually an EXE: