I haven’t seen this particular malware spam before – obviously it is not the real thing 🙂
Note the @nyc.gov email address.
The message path is interesting – the email *apparently* originated from nyc.gov (220.127.116.11) to be picked up by 18.104.22.168 (obbh.com – India Delhi Rcom-wireless-1x-mumbai).
Interestingly, 22.214.171.124 does, apparently, host nyc.gov as well as nycppf.org – the host resolves as prtl-drprd-web.nyc.gov.
So, are we looking at forged headers or a problem affecting nyc.gov? Note how the dates are screwy – according to the headers the mail was sent from 126.96.36.199 on 3 August but wasn’t passed on by 188.8.131.52 until the 17th of August?
The attachment is definitely bad – when unzipped the contents (a single file) has a PDF icon but is actually an EXE: