Since this malicious file contains its contents, user can't be figured out whether is it malicious or not.
Besides, once infected, it can create additional malicious file on using vulnerability of certain application.
2. Spreading path and symptoms of infection
User can be infected on downloading and executing attachment of uncertain user, or link.
Furthermore, because the content of file seems like as normal, user can be far easily induced by this malicious file.
Recently found malicious name has its file name "(Tripping Point).hwp" and various variants are being expected.
Also, generated "hidaapi.dll" will perform after injected in normal process secretly. Additional analysis is on progress.
* Control flow of malicious file
3. How to prevent
Applying latest patch of its application and OS is the most important to avoid from this kind of malicious file.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.