HwpScan is a solution that can check various HWP document files for vulnerabilities,
and based on the information analysis technology inside the HWP file format, it can analyze malware insertion and vulnerabilities in HWP files.
Verify OLE File Structure (Storage, Stream)
Check and extract hex content of Streams
Support for decompressing compressed OLE Streams
Ability to view saved images inside documents
View JavaScript inside the document
Viewer for strings present in BinData storage sub-streams
Viewing Tag information inside a document
Exploit.HWP.Generic.XX (TagID error)
Exploit.HWP.Generic.SC (contains shellcode)
Trojan.PS.Agent (malicious Dropper attack using PS)
JS.Heuristic (contains new JavaScript)
Exploit.HWP.Heuristic (adds shellcode using compression)
Exploit.RTF.Heurisitc (adds unknown RTF vulnerabilities)
Exploit.RTF.CVE-2010-3333
Exploit.RTF.CVE-2014-1761
VirusTotal.com integration for malware scanning.
Malwares.com integration for malware scanning.
Malware scanning for DocInfo.
※ Internet connection is required for 3rd party API integration.
Internal Stream vulnerability check for entire HWP documents.
Exploit.HWP.Generic.43 (Abnormal paragraph text).
JS.Heuristic (Form with hidden JavaScript).
Format containing EXE files (Discovery of major Windows APIs like _CreateFile).