HWPScan is a Hangul (HWP) document security diagnostic solution that uses structural analysis technology to check for malware and security vulnerabilities in Hangul (HWP) document files. It analyzes the internal structure and metadata of HWP documents to detect malware and vulnerabilities within them and performs security checks on key areas such as DocInfo. This allows it to proactively identify security threats in Hangul documents and support a secure document distribution environment.
Core Functions
Hangul file structure analysis
Check OLE file structure (Storage, Stream)
Check and extract Stream hex contents
Supports decompression of compressed OLE Streams
View images stored within documents
View JavaScript within documents
View strings within BinData storage substreams
Check tag information within documents
Vulnerability diagnosis of Hangul files (5.x, 3.x)
Exploit.HWP.Generic.XX (TagID error)
Exploit.HWP.Generic.SC (shellcode included)
Trojan.PS.Agent (malicious dropper attack using PS)
JS.Heuristic (new JavaScript included)
Exploit.HWP.Heuristic (shellcode added using compression)
