Jump to content

Exploit.HWP.BodyText.ParaText.Gen

NOD

By NOD
in Malware Finding and Cleaning

 Share

Recommended Posts

NOD

NOD 2

Posted
Posted (edited)

Is ESET detecting malware below?

https://www.virustotal.com/ko/file/145b4c8192695940541307772ef9315ae99e33a52381378cae608f4341373720/analysis/

https://www.virustotal.com/ko/file/57470e4980b001f049d6bdeef1eedb42060ac1d627bdeefd4ba61c4e1404a020/analysis/

https://www.virustotal.com/ko/file/f3ec8db8b1f52eba733478fbd28debde40650b004b5881f31d6deb3dce6eeada/analysis/

https://www.threatminer.org/av.php?q=Exploit.HWP.BodyText.ParaText.Gen

 

This is the malware of this format.

hxxp://www.hancom.com/global/product/productWindowsMain.do?gnb0=3&gnb1=4

Edited by NOD
Link to comment
Share on other sites
NOD

NOD 2

Posted
  • Author
Posted (edited)

Exploit.HWP.Agent

https://www.virustotal.com/ko/file/7d163e36f47ec56c9fe08d758a0770f1778fa30af68f39aac80441a3f037761e/analysis/

https://www.virustotal.com/ko/file/9b7766b0f7e4b61da87d7283cf65aa2614c2a468024dee980a28ee52ad87cdab/analysis/

 

This malware was found in December 2014, and recently re-scanned, but not detected.

https://www.virustotal.com/ko/file/226b3e4f4f3c48ab33e4759da1c025fc79d61aad04c4f761c0c2107bd51ff703/analysis/

 

https://www.threatminer.org/av.php?q=Exploit.HWP.Agent

Edited by NOD
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted

I wouldn't be concerned about this malware unless you reside in South Korea. It's a targeted attack by North Korea against South Korean interests. Also MW Word, etc. only supports the 1997 ver. of HWP attachments. Any newer vers. of HWP are not supported:

Note: Microsoft Office, OpenOffice, and LibreOffice can open HWP files only if they were created with Hangul '97 - newer versions of the .HWP file cannot be opened with these applications.

Ref.: https://www.lifewire.com/hwp-file-2621713

Link to comment
Share on other sites
NOD

NOD 2

Posted
  • Author
Posted (edited)
1 hour ago, itman said:

I wouldn't be concerned about this malware unless you reside in South Korea. It's a targeted attack by North Korea against South Korean interests. Also MW Word, etc. only supports the 1997 ver. of HWP attachments. Any newer vers. of HWP are not supported:

Note: Microsoft Office, OpenOffice, and LibreOffice can open HWP files only if they were created with Hangul '97 - newer versions of the .HWP file cannot be opened with these applications.

Ref.: https://www.lifewire.com/hwp-file-2621713

I agree.
This malicious code is a malicious code to attack Korea. However, ESET is a global group. ESET is doing business in Korea. If so, HWP malware should be analyzed and detected.

And Korea is using Hangul products in addition to MS Office. So HWP file protection is required. If you do not protect it, Koreans will not use ESET products. I want ESET to be the most famous antivirus product in Korea. So this is to write this article.

Edited by NOD
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...