[Warning] HWP document file including malicious file

1. Introduction

Malicious file using vulnerability of HWP(but it looked like normal) has been found again, therefore, general users who use Hangul Word Process need to be careful on using.
Since this malicious file contains its contents, user can't be figured out whether is it malicious or not.
Besides, once infected, it can create additional malicious file on using vulnerability of certain application.

2. Spreading path and symptoms of infection

User can be infected on downloading and executing attachment of uncertain user, or link.
Furthermore, because the content of file seems like as normal, user can be far easily induced by this malicious file.

Recently found malicious name has its file name "(Tripping Point).hwp" and various variants are being expected.

Also, generated "hidaapi.dll" will perform after injected in normal process secretly. Additional analysis is on progress.

* Generated files
- (Window Systems folder)\System32\Msvcr.exe (55,636 bytes)
- (Window Systems folder)\hidaapi.dll (17,920 bytes / File name will be random)

* (Window Systems folder) is C:\WINDOWS\SYSTEM on Windows 95,98,ME, 2000, C:\WINNT\SYSTEM32 on Windows NT, and C:\WINDOWS\SYSTEM32 on Windows XP.

* Control flow of malicious file

3. How to prevent

Applying latest patch of its application and OS is the most important to avoid from this kind of malicious file.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan/W32.Hwp-Exploit.79360
- Trojan/W32.Agent.17920.QQ


  1. You should probably be careful of what you're downloading. It's a good idea to use an antivirus to scan the software you're about to download.

    Laptop Repair

  2. Many documents can be copied and stored on an electronic file but many legal documents have to be saved as a hard copy.
    Self Storage

  3. Thanks for this great post. This is really helpful for me. Also, see
    epsxe for ios

  4. In any case, good resume means a lot today. On https://resumecvwriter.com/blog/including-relevant-coursework-on-resume you can find useful advices about including relevant coursework on resume.

  5. Excellent! This one is breath taking, really superb summarization and perfect charm. So you’ve got a lovely little blog supporting your life style, you’re posting often, and you’ve found a wisdom of balance between being too domestic and too controversial for your topics. See here to buy essays cheap. I will look ahead to your upcoming blogs, I’ll seek to get the hang of it!

  6. I’m in Chicago for a while. Found someone to live in my house and take care of things while I braved the great white north for some book research.
    We Heart It
    Dealing With a Clingy Ex