Office (OOXML) / Hangul / .HWPX malware analysis — malicious · 985ed784d7187394

MALICIOUS

Office (OOXML) / Hangul / .HWPX

1.87 MB First seen: 2026-06-21

MD5: dad825999486ec40eea0014c2fc31556 SHA-1: 80333c7a893a5c64470f3e5ccb5ff25f2bd37093 SHA-256: 985ed784d718739451f0ee2ab3de5e372b76c34e110fde2e47ba895599b2e1ab

140 Risk Score

Heuristics 3

Hangul HWPX embedded OLE exploit — CVE-2015-6585 critical CVE likely CVE_2015_6585

HWPX BinData embeds a malformed prefixed OLE/CFB chart object with shellcode-style executable-memory API markers, matching the CVE-2015-6585 exploit carrier.
ClamAV: Legacy.Trojan.Agent-1388650 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Legacy.Trojan.Agent-1388650
Embedded OLE object medium OOXML_OLE_OBJECT

HWPX package contains an embedded OLE object in BinData.

Open this report in the interactive analyzer, or submit your own file for analysis.