The link in the text downloads a zip file with an xls inside. This contacts two URLs from which it downloads the dll and starts the malware infection.
Technical analysis by the Malware Hunter JAMESWT
New global QNodeService campaign via fake DHL invoices
QNodeService is hiding inside a fake DHL invoice, as part of a global cybercrime malspam campaign. The message contains a compressed attachment in jar format. This, when opened, works as a Java downloader to download the malware. QNodeService is a trojan capable of stealing credentials, loading other payloads into the computer and performing further operations. It mostly targets Windows systems, but may hit even more in the future.