Subject: Delivery Status Notification
From: "FedEx Priority Overnight"
Your parcel has arrived at December 12. Courier was unable to deliver the parcel to you.
To receive your parcel, print this label and go to the nearest office.
Get Shipment Label
If you "hover" the mouse of the "Get Shipment Label":
Hmmm... doesn't seem legit at all... and you're correct it's not.
What is interesting if you clicked on the link... the downloaded file is named to be Label-, followed
by your IP locations details...
Inside the above zip is: Label-Winsford-CW7.exe
All of which is designed to make the email seem legit, as they have your Location and Postcode !
A typical Get your Location details from your IP address/Browser can be found here: https://freegeoip.net/
I've run the file through Jotti and VirusTotal:
Hash: (94c5fb4c6c6fc1da555a909b63784e1) Jotti: [6/22]
Hash: (94c5fb4c6c6fc1da555a909b63784e1) VirusTotal: [10/56]
Generally, it seems to be: Win32/Kryptik.CTFL