[Warning] HWP document file including malicious file

1. Introduction

Malicious file using vulnerability of HWP(but it looked like normal) has been found again, therefore, general users who use Hangul Word Process need to be careful on using.
Since this malicious file contains its contents, user can't be figured out whether is it malicious or not.
Besides, once infected, it can create additional malicious file on using vulnerability of certain application.

2. Spreading path and symptoms of infection

User can be infected on downloading and executing attachment of uncertain user, or link.
Furthermore, because the content of file seems like as normal, user can be far easily induced by this malicious file.

Recently found malicious name has its file name "(Tripping Point).hwp" and various variants are being expected.

Also, generated "hidaapi.dll" will perform after injected in normal process secretly. Additional analysis is on progress.

* Generated files
- (Window Systems folder)\System32\Msvcr.exe (55,636 bytes)
- (Window Systems folder)\hidaapi.dll (17,920 bytes / File name will be random)

* (Window Systems folder) is C:\WINDOWS\SYSTEM on Windows 95,98,ME, 2000, C:\WINNT\SYSTEM32 on Windows NT, and C:\WINDOWS\SYSTEM32 on Windows XP.

* Control flow of malicious file

3. How to prevent

Applying latest patch of its application and OS is the most important to avoid from this kind of malicious file.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan/W32.Hwp-Exploit.79360
- Trojan/W32.Agent.17920.QQ


  1. You should probably be careful of what you're downloading. It's a good idea to use an antivirus to scan the software you're about to download.

    Laptop Repair

  2. Many documents can be copied and stored on an electronic file but many legal documents have to be saved as a hard copy.
    Self Storage

  3. Thanks for this great post. This is really helpful for me. Also, see
    epsxe for ios

  4. In any case, good resume means a lot today. On https://resumecvwriter.com/blog/including-relevant-coursework-on-resume you can find useful advices about including relevant coursework on resume.

  5. Excellent! This one is breath taking, really superb summarization and perfect charm. So you’ve got a lovely little blog supporting your life style, you’re posting often, and you’ve found a wisdom of balance between being too domestic and too controversial for your topics. See here to buy essays cheap. I will look ahead to your upcoming blogs, I’ll seek to get the hang of it!

  6. I’m in Chicago for a while. Found someone to live in my house and take care of things while I braved the great white north for some book research.
    We Heart It
    Dealing With a Clingy Ex

  7. Pretty good post. I just stumbled upon your blog and wanted 릴게임에어리어 to say that I have really enjoyed reading your blog post. Its a great pleasure reading your post. I'd really like to help appreciate it with the efforts you get with writing this post. Thanks for sharing.

  8. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well.
    Here you can connect to get information regarding your query:

  9. Very well written post. I am sure that reading Relevant Coursework Writing Services It will be useful to anybody who uses it, as well as myself. Keep doing what you are doing – looking forward to more posts.

  10. The content of your article page click game, I find the content quite interesting and useful to me, thank you for sharing

  11. i am browsing this website dailly and get nice facts from here all the time

  12. Wales publishers are offering optimized, Best Publication Services in UK to boost the researcher and research communities, by providing accelerated and efficient services to fasten the publishing process and to give more opportunities for research on different disciplines.Wales publication research conferences give the researchers an international platform to discuss their scientific research Open Access Publishing UK work and their edges.We are different from other conferences because the community's member organizes our conferences.

  13. “I was very pleased to uncover this website. I need to to thank you for ones time for this fantastic read!! I definitely appreciated every bit of it and I have you saved to fav to look at new things in your blog.
    James @ best essay writing service.

  14. Account based Sales is a strategy that focuses all of your attention towards landing that one whale of a client/customer (account).