[Warning] Malicious file is spreading through HLP file's exploit.

1. Information

INCA Internet Security Response Center's Emergency Response Team has detected malicious file using HLP(Help file)'s exploit.
Unlike executable files(EXE, SCR) or document files(HWP, DOC, PPT, XLS, PDF), using HLP exploit is uncommon.
Spreading malicious file through e-mail has been widely used.
Especially, some clever distributors use Zero-Day Exploit or social engineering.

 With using Microsoft OS/Application, Flash Player, and JAVA exploits, malicious attackers are trying to invade certain famous web site. Especially, malicious file spreading trend is becoming sophisticated psychological warfare.

[Warning] Malicious file masqueraded as a picture of Kim Jong Il's sister

[Information] Continuous appearances of malicious file with using HWP exploit

2. HLP file exploit case

Following e-mail is reported that it was sent on December 29, 2011, and it induces user to open its attachment.

Attachment file "Call for Application at fundation.rar" contains a help file "Call for Applications at fundation.hlp".

Upon executed attachment file, it opens Windows help and contains aberrant characters and link (http://www.molihua.org).

This malicious file is coded to create and execute A.VBS from row 7 of Visual Basic Script with WScript.Shell command. Therefore, at the same time to see the help page, user's PC will be infected by malicious Script code.

Upon executed A.VBS, it will create setup.exe, which is performing as a root file, and will create folder "360" on Application data folder and install "Live360.exe". And then, A.VBS and setup.exe will be removed.

Live360.exe's icon is disguised as Word file of Microsoft. When it is executed, it will connect certain host in Shanghai (In China) and will be performed Command and Control(C&C) through winlogon.exe.

At the time we analyzed, malicious file was additionally infecting PASS.exe and tries to breach personal information including e-mail account saved as cache file.

Saved passwords were recorded on C:\Windows\System\xhyj.htm which collects Resource, Type, Account and Password and tries to breach external server.

3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.


  1. thank you for the update. I was just about to do my project when learnt about this. If it weren't for you I might have been in trouble. Again thanks

  2. It will be great idea to take a look here if you are going to write your theoretical framework. I know it from my own academic experience.

  3. When you have a reliable Nursing Papers for Sale company, you only expect to obtain high-quality Nursing Research Paper that have been written according to your instructions.

  4. Are you searching for the most reliable Already Written Essays? All the Custom Dissertation Writing should be original based on in-depth research and include appropriate citations based on current references on the Pre Written Essays.

  5. The biggest problem one may face with when doing such a project, which is very lengthy and demands a great deal of time, is a tight deadline. Thus, what should one do if there is a total lack of expertise and time? Here is the answer https://123helpme.org/articles/buy-capstone-project/.

  6. i really enjoyed your article because it is very informative and helpful.so thanks for this great article and keep posting.
    click here now to learn computer courses for beginners from our best and professional trainers at low prices.

  7. Wales publishers are offering optimized, Best Publication Services in UK to boost the researcher and research communities, by providing accelerated and efficient services to fasten the publishing process and to give more opportunities for research on different disciplines.Wales publication research conferences give the researchers an international platform to discuss their scientific research Open Access Publishing UK work and their edges.We are different from other conferences because the community's member organizes our conferences.