AhnLab analyzed a malicious HWP document disguised as an election notice and candidate application for the Korean Society for National Informatics chair. The document placed an embedded EPS object on the first page; after execution, a VBS startup entry invoked PowerShell with Base64-encoded data to download and run an external file. The report identifies the suspected filename, MD5 and SHA-256 sample hashes, startup-path artifacts, and AhnLab detections including VBS/Downloader, BinImage/Agent, and HWP/Dropper, giving defenders concrete HWP/EPS exploit and downloader indicators.