Monday, 12 January 2015

Summary Paid Against - Jason Bracegirdle JPS Projects Ltd {} document malware

Summary Paid Against - Jason Bracegirdle JPS Projects Ltd {} macro based malware being spammed out.

The Word document has a random attachment, however these emails aren't from JPS Projects Ltd  at all, they just being used to make the email look more genuine, ie. from a real company.

It's also worth remembering that the company itself  may not have any knowledge of this attachment as it won't have come from their servers and IT systems.

They may not be able to tell you if it's malware or even help clean up your system.
Message Header:
From: "Jason Bracegirdle JPS Projects Ltd" {}
Subject: Summary Paid Against
Date: Mon, 12 Jan 2015 20:47:34 +0900

Message Body:
Please find attached summary which was paid against


Jason Bracegirdle  Managing Director

M: 07912 883455
O: 02031 741416
F: 02030 700632

402 Chaddck Lane
M29 7JS
Unit 9,
Bunns Lane Works,
Bunns Lane,
Mill Hill,

This e-mail is confidential and is intended solely for the use of the
individual or entity to whom it is addressed. If you are not the intended
recipient and you have received this e-mail in error then any use,
dissemination, forwarding, printing or copying of this e-mail is strictly
prohibited. You should contact the sender by return e-mail and delete and
destroy all the information from your system. Any views or opinions
presented are solely those of the author and do not necessarily represent
those of JPS. This email does not form part of a legally binding agreement.
We have taken precautions to minimise the risk of transmitting software
viruses or trojans, but we advise that you carry out your own virus checks
on any attachments to this message. We cannot accept liability for any loss
or damage caused to your software, hardware or system.

More information about JPS can be found at our website at:
Copy of Weekly Summary 28 12 2014 w.e 28.12.14.doc

Md5 Hashes:

Malware Macro document information:

VirusTotal Report [1]
(hits 0/56 Virus Scanners)

VirusTotal Report [2]
(hits 0/56 Virus Scanners)

Malwr Report [1]

Decoded Macro [1]
Sanesecurity signatures are blocking this as: Sanesecurity.Malware.24679.DocHeur.


The current round of Word and Excel attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))


No comments: