Quick back story before we begin. This was sent as a piece of spam that would do an auto forward to a malware domain if you happen to be logged in to your webmail.
All code posted here should be assumed dangerous.
From the scan we determine that there is shell code present.
malicious: Alert detected /alert CVE-2006-0003 shellexecute with ./../b09a6ea.exe
file: 7e298a35d99051d1ab97561b4d226982a388aedc: 96628 bytes
file: b51009c990df01ea8f54d4f8eef3d83785a15547: 32590 bytes
19/ 43 (44.2%)
You can also upload the exe to ThreatExport to see if it trys to make any other connections.
-Enjoy and be safe