[Information] Continuous appearances of malicious file with using HWP exploit

1. Introduction

With continuous appearances of malicious documents using HWP vulnerability, HWP users need to be careful on using that product.
In case of recently found malicious HWP document, it is disguised as a certain official document and induces user to be threaten.
So, we are trying to let you know the case of this malicious file and security patch of Hancom Inc's.

[Advisory of security update for HWP's Stack Buffer overflows vulnerability]


* Outline
 Stack Buffer overflow was found on 'HWP', one of Korean popular word processor.
 Attacker can terminate infected software with using vulnerability or execute malicious code.
 An earlier version user can be easily infected by malicious code and is recommended to update newest version.

* Systems
  Affected Softwares
  - HWP 2004.earlier than
  - HWP 2005.earlier than
  - HWP 2007 earlier than
  - HWP 2010 SE earlier than

* How to prevent
  For earlier version user
  - Visit official web site and download or use auto update
  - http://www.hancom.co.kr/downLoad.downPU.do?mcd=001
  - Auto update : Start → Programs → Hamcom → Hamcom auto update

* Hancom Inc.

2. Spreading path and symptoms of infection

This kind of malicious file especially from attachment of suspicious e-mail or certain web site can infect victim's system. Besides, since this document is masqueraded as an official document, general user can easily download and execute.

[File information]

- (Application Program)\Hwp70\Hwpeq9x.dll (57,344 bytes)
- (Windows\Systems)\mvcert.dll (32,768 bytes)

[Registry information]

3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-Exploit/W32.Hwp-Exploit.322296
 - Trojan-Exploit/W32.Hwp_Exploit.439312
 - Trojan/W32.Agent.193736
 - Trojan/W32.Agent.32768.BWC
 - Trojan/W32.Agent.57344.COQ
 - Trojan/W32.Agent.65536.CBK


  1. Thanks for this post. I also encourage you to look through this article to know how to tell if your phone is bugged.

  2. I guess that kind of weblink can be pretty dangerous. Thanks for the info. I appreciate it.

  3. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

  4. The Hangul Word Processor (HWP) is a word processing application which is ... Unfortunately, this ability is now being exploited in attacks involving

    1 player games online

  5. Find out who was born on any day in any month in history via our calendar of famous birthdays. Includes famous, historical, noteworthy and Celebrity birthdays.

  6. Wales publishers are offering optimized, Best Publication Services in UK to boost the researcher and research communities, by providing accelerated and efficient services to fasten the publishing process and to give more opportunities for research on different disciplines.Wales publication research conferences give the researchers an international platform to discuss their scientific research Open Access Publishing UK work and their edges.We are different from other conferences because the community's member organizes our conferences.

  7. Research Publisher in UK is Providing the Reliable Publishing Solution to the Researcher, Universities, Libraries, Authors Research Publisher in UK, Knight Noble Publisher Solutions

  8. Reach out your targeted audience through our Research Advertising in UK strategies KNP research advertising in UK helps many researchers to connect with scientist.

  9. Duke Lord Publishers provide best Research Publishing Services in UK. Our Research Publishing Services in UK enables your research to be judiciously publish.

  10. We offer an optimized Research Publishing Services in UK to fulfill the requirements, we provide the best Research publishing services in UK for the researcher to publish the work on global databases.

  11. We are the best academic publisher in UK, our academic publisher solutions give quick recognition in top tier journals, our best publishing solutions enable to authenticate the research publication.

  12. Wales Publications provide best publication research in UK, our publication research in UK primary focus is on publishing worth scientific research journals by providing a good quality publishing platform.