I haven’t seen this particular malware spam before – obviously it is not the real thing 🙂
Note the @nyc.gov email address.
The message path is interesting – the email *apparently* originated from nyc.gov (126.96.36.199) to be picked up by 188.8.131.52 (obbh.com – India Delhi Rcom-wireless-1x-mumbai).
Interestingly, 184.108.40.206 does, apparently, host nyc.gov as well as nycppf.org – the host resolves as prtl-drprd-web.nyc.gov.
So, are we looking at forged headers or a problem affecting nyc.gov? Note how the dates are screwy – according to the headers the mail was sent from 220.127.116.11 on 3 August but wasn’t passed on by 18.104.22.168 until the 17th of August?
The attachment is definitely bad – when unzipped the contents (a single file) has a PDF icon but is actually an EXE: