Malicious Office (OOXML) / Hangul / .HWPX — malware analysis report

Static analysis result for SHA-256 794b5e8e98e3f0c4…

MALICIOUS

Office (OOXML) / Hangul / .HWPX

2.82 MB First seen: 2026-06-21
MD5: 1c67fb74d778c3ce15ac4890276f892f SHA-1: 5e4bc19534bcd461086e690abe5681b1fef617ea SHA-256: 794b5e8e98e3f0c436515d37212621486f23b57a2c945c189594c5bf88821228
140 Risk Score

Heuristics 3

  • Hangul HWPX embedded OLE exploit — CVE-2015-6585 critical CVE likely CVE_2015_6585
    HWPX BinData embeds a malformed prefixed OLE/CFB chart object with shellcode-style executable-memory API markers, matching the CVE-2015-6585 exploit carrier.
  • ClamAV: Legacy.Trojan.Agent-1388650 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-1388650
  • Embedded OLE object medium OOXML_OLE_OBJECT
    HWPX package contains an embedded OLE object in BinData.