Untitled

#!/usr/bin/env python
if 64 - 64: i11iIiiIii
if 65 - 65: O0 / iIii1I11I1II1 % OoooooooOO - i1IIi
if 73 - 73: II111iiii
if 22 - 22: I1IiiI * Oo0Ooo / OoO0O00 . OoOoOO00 . o0oOOo0O0Ooo / I1ii11iIi11i
if 48 - 48: oO0o / OOooOOo / I11i / Ii1I
if 48 - 48: iII111i % IiII + I1Ii111 / ooOoO0o * Ii1I
if 46 - 46: ooOoO0o * I11i - OoooooooOO
if 30 - 30: o0oOOo0O0Ooo - O0 % o0oOOo0O0Ooo - OoooooooOO * O0 * OoooooooOO
if 60 - 60: iIii1I11I1II1 / i1IIi * oO0o - I1ii11iIi11i + o0oOOo0O0Ooo
if 94 - 94: i1IIi % Oo0Ooo
if 68 - 68: Ii1I / O0
if 46 - 46: O0 * II111iiii / IiII * Oo0Ooo * iII111i . I11i
if 62 - 62: i11iIiiIii - II111iiii % I1Ii111 - iIii1I11I1II1 . I1ii11iIi11i . II111iiii
if 61 - 61: oO0o / OoOoOO00 / iII111i * OoO0O00 . II111iiii
if 1 - 1: II111iiii - I1ii11iIi11i % i11iIiiIii + IiII . I1Ii111
if 55 - 55: iIii1I11I1II1 - I1IiiI . Ii1I * IiII * i1IIi / iIii1I11I1II1
if 79 - 79: oO0o + I1Ii111 . ooOoO0o * IiII % I11i . I1IiiI
if 94 - 94: iII111i * Ii1I / IiII . i1IIi * iII111i
if 47 - 47: i1IIi % i11iIiiIii
if 20 - 20: ooOoO0o * II111iiii
if 65 - 65: o0oOOo0O0Ooo * iIii1I11I1II1 * ooOoO0o
if 18 - 18: iIii1I11I1II1 / I11i + oO0o / Oo0Ooo - II111iiii - I11i
if 1 - 1: I11i - OOooOOo % O0 + I1IiiI - iII111i / I11i
if 31 - 31: OoO0O00 + II111iiii
if 13 - 13: OOooOOo * oO0o * I1IiiI
if 55 - 55: II111iiii
if 43 - 43: OoOoOO00 - i1IIi + I1Ii111 + Ii1I
if 17 - 17: o0oOOo0O0Ooo
if 64 - 64: Ii1I % i1IIi % OoooooooOO
if 3 - 3: iII111i + O0
if 42 - 42: OOooOOo / i1IIi + i11iIiiIii - Ii1I
if 78 - 78: OoO0O00
if 18 - 18: O0 - iII111i / iII111i + ooOoO0o % ooOoO0o - IiII
if 62 - 62: iII111i - IiII - OoOoOO00 % i1IIi / oO0o
if 77 - 77: II111iiii - II111iiii . I1IiiI / o0oOOo0O0Ooo
if 14 - 14: I11i % O0
if 41 - 41: i1IIi + I1Ii111 + OOooOOo - IiII
if 77 - 77: Oo0Ooo . IiII % ooOoO0o
if 42 - 42: oO0o - i1IIi / i11iIiiIii + OOooOOo + OoO0O00
if 17 - 17: oO0o . Oo0Ooo . I1ii11iIi11i
if 3 - 3: OoOoOO00 . Oo0Ooo . I1IiiI / Ii1I
if 38 - 38: II111iiii % i11iIiiIii . ooOoO0o - OOooOOo + Ii1I
if 66 - 66: OoooooooOO * OoooooooOO . OOooOOo . i1IIi - OOooOOo
if 77 - 77: I11i - iIii1I11I1II1
if 82 - 82: i11iIiiIii . OOooOOo / Oo0Ooo * O0 % oO0o % iIii1I11I1II1
if 78 - 78: iIii1I11I1II1 - Ii1I * OoO0O00 + o0oOOo0O0Ooo + iII111i + iII111i
if 11 - 11: iII111i - OoO0O00 % ooOoO0o % iII111i / OoOoOO00 - OoO0O00
if 74 - 74: iII111i * O0
if 89 - 89: oO0o + Oo0Ooo
if 3 - 3: i1IIi / I1IiiI % I11i * i11iIiiIii / O0 * I11i
if 49 - 49: oO0o % Ii1I + i1IIi . I1IiiI % I1ii11iIi11i
if 48 - 48: I11i + I11i / II111iiii / iIii1I11I1II1
if 20 - 20: o0oOOo0O0Ooo
if 77 - 77: OoOoOO00 / I11i
if 98 - 98: iIii1I11I1II1 / i1IIi / i11iIiiIii / o0oOOo0O0Ooo
if 28 - 28: OOooOOo - IiII . IiII + OoOoOO00 - OoooooooOO + O0
if 95 - 95: OoO0O00 % oO0o . O0
if 15 - 15: ooOoO0o / Ii1I . Ii1I - i1IIi
if 53 - 53: IiII + I1IiiI * oO0o
if 61 - 61: i1IIi * OOooOOo / OoooooooOO . i11iIiiIii . OoOoOO00
if 60 - 60: I11i / I11i
if 46 - 46: Ii1I * OOooOOo - OoO0O00 * oO0o - I1Ii111
if 83 - 83: OoooooooOO
if 31 - 31: II111iiii - OOooOOo . I1Ii111 % OoOoOO00 - O0
if 4 - 4: II111iiii / ooOoO0o . iII111i
if 58 - 58: OOooOOo * i11iIiiIii / OoOoOO00 % I1Ii111 - I1ii11iIi11i / oO0o
if 50 - 50: I1IiiI
if 34 - 34: I1IiiI * II111iiii % iII111i * OoOoOO00 - I1IiiI
if 33 - 33: o0oOOo0O0Ooo + OOooOOo * OoO0O00 - Oo0Ooo / oO0o % Ii1I
if 21 - 21: OoO0O00 * iIii1I11I1II1 % oO0o * i1IIi
if 16 - 16: O0 - I1Ii111 * iIii1I11I1II1 + iII111i
if 50 - 50: II111iiii - ooOoO0o * I1ii11iIi11i / I1Ii111 + o0oOOo0O0Ooo
if 88 - 88: Ii1I / I1Ii111 + iII111i - II111iiii / ooOoO0o - OoOoOO00
if 15 - 15: I1ii11iIi11i + OoOoOO00 - OoooooooOO / OOooOOo
if 58 - 58: i11iIiiIii % I11i
if 71 - 71: OOooOOo + ooOoO0o % i11iIiiIii + I1ii11iIi11i - IiII
if 88 - 88: OoOoOO00 - OoO0O00 % OOooOOo
if 16 - 16: I1IiiI * oO0o % IiII
if 86 - 86: I1IiiI + Ii1I % i11iIiiIii * oO0o . ooOoO0o * I11i
if 44 - 44: oO0o
if 88 - 88: I1Ii111 % Ii1I . II111iiii
if 38 - 38: o0oOOo0O0Ooo
if 57 - 57: O0 / oO0o * I1Ii111 / OoOoOO00 . II111iiii
if 26 - 26: iII111i
if 91 - 91: OoO0O00 . I1ii11iIi11i + OoO0O00 - iII111i / OoooooooOO
if 39 - 39: I1ii11iIi11i / ooOoO0o - II111iiii
if 98 - 98: I1ii11iIi11i / I11i % oO0o . OoOoOO00
if 91 - 91: oO0o % Oo0Ooo
if 64 - 64: I11i % iII111i - I1Ii111 - oO0o
if 31 - 31: I11i - II111iiii . I11i
if 18 - 18: o0oOOo0O0Ooo
if 98 - 98: iII111i * iII111i / iII111i + I11i
if 34 - 34: ooOoO0o
if 15 - 15: I11i * ooOoO0o * Oo0Ooo % i11iIiiIii % OoOoOO00 - OOooOOo
if 68 - 68: I1Ii111 % i1IIi . IiII . I1ii11iIi11i
if 92 - 92: iII111i . I1Ii111
if 31 - 31: I1Ii111 . OoOoOO00 / O0
if 89 - 89: OoOoOO00
if 68 - 68: OoO0O00 * OoooooooOO % O0 + OoO0O00 + ooOoO0o
if 4 - 4: ooOoO0o + O0 * OOooOOo
if 55 - 55: Oo0Ooo + iIii1I11I1II1 / OoOoOO00 * oO0o - i11iIiiIii - Ii1I
if 25 - 25: I1ii11iIi11i
if 7 - 7: i1IIi / I1IiiI * I1Ii111 . IiII . iIii1I11I1II1
if 13 - 13: OOooOOo / i11iIiiIii
if 2 - 2: I1IiiI / O0 / o0oOOo0O0Ooo % OoOoOO00 % Ii1I
if 52 - 52: o0oOOo0O0Ooo
if 95 - 95: Ii1I
if 87 - 87: ooOoO0o + OoOoOO00 . OOooOOo + OoOoOO00
if 91 - 91: O0
if 61 - 61: II111iiii
if 64 - 64: ooOoO0o / OoOoOO00 - O0 - I11i
if 86 - 86: I11i % OoOoOO00 / I1IiiI / OoOoOO00
if 42 - 42: OoO0O00
if 67 - 67: I1Ii111 . iII111i . O0
if 10 - 10: I1ii11iIi11i % I1ii11iIi11i - iIii1I11I1II1 / OOooOOo + Ii1I
if 87 - 87: oO0o * I1ii11iIi11i + OOooOOo / iIii1I11I1II1 / iII111i
if 37 - 37: iII111i - ooOoO0o * oO0o % i11iIiiIii - I1Ii111
if 83 - 83: I11i / I1IiiI
if 34 - 34: IiII
if 57 - 57: oO0o . I11i . i1IIi
if 42 - 42: I11i + I1ii11iIi11i % O0
if 6 - 6: oO0o
if 68 - 68: OoOoOO00 - OoO0O00
if 28 - 28: OoO0O00 . OOooOOo / OOooOOo + Oo0Ooo . I1ii11iIi11i
if 1 - 1: iIii1I11I1II1 / II111iiii
if 33 - 33: I11i
if 18 - 18: o0oOOo0O0Ooo % iII111i * O0
if 87 - 87: i11iIiiIii
if 93 - 93: I1ii11iIi11i - OoO0O00 % i11iIiiIii . iII111i / iII111i - I1Ii111
if 9 - 9: I1ii11iIi11i / Oo0Ooo - I1IiiI / OoooooooOO / iIii1I11I1II1 - o0oOOo0O0Ooo
if 91 - 91: iII111i % i1IIi % iIii1I11I1II1
if 20 - 20: OOooOOo % Ii1I / Ii1I + Ii1I
if 45 - 45: oO0o - IiII - OoooooooOO - OoO0O00 . II111iiii / O0
if 51 - 51: O0 + iII111i
if 8 - 8: oO0o * OoOoOO00 - Ii1I - OoO0O00 * OOooOOo % I1IiiI
if 48 - 48: O0
if 11 - 11: I11i + OoooooooOO - OoO0O00 / o0oOOo0O0Ooo + Oo0Ooo . II111iiii
if 41 - 41: Ii1I - O0 - O0
if 68 - 68: OOooOOo % I1Ii111
if 88 - 88: iIii1I11I1II1 - ooOoO0o + OOooOOo
if 40 - 40: I1IiiI * Ii1I + OOooOOo % iII111i
if 74 - 74: oO0o - Oo0Ooo + OoooooooOO + I1Ii111 / OoOoOO00
if 23 - 23: O0
if 85 - 85: Ii1I
if 84 - 84: I1IiiI . iIii1I11I1II1 % OoooooooOO + Ii1I % OoooooooOO % OoO0O00
if 42 - 42: OoO0O00 / I11i / o0oOOo0O0Ooo + iII111i / OoOoOO00
if 84 - 84: ooOoO0o * II111iiii + Oo0Ooo
if 53 - 53: iII111i % II111iiii . IiII - iIii1I11I1II1 - IiII * II111iiii
if 77 - 77: iIii1I11I1II1 * OoO0O00
if 95 - 95: I1IiiI + i11iIiiIii
if 6 - 6: ooOoO0o / i11iIiiIii + iII111i * oO0o
if 80 - 80: II111iiii
if 83 - 83: I11i . i11iIiiIii + II111iiii . o0oOOo0O0Ooo * I11i
if 53 - 53: II111iiii
if 31 - 31: OoO0O00
__version__ = '0.41'
if 80 - 80: I1Ii111 . i11iIiiIii - o0oOOo0O0Ooo
if 25 - 25: OoO0O00
if 62 - 62: OOooOOo + O0
if 98 - 98: o0oOOo0O0Ooo
if 51 - 51: Oo0Ooo - oO0o + II111iiii * Ii1I . I11i + oO0o
if 78 - 78: i11iIiiIii / iII111i - Ii1I / OOooOOo + oO0o
if 82 - 82: Ii1I
if 46 - 46: OoooooooOO . i11iIiiIii
if 94 - 94: o0oOOo0O0Ooo * Ii1I / Oo0Ooo / Ii1I
if 87 - 87: Oo0Ooo . IiII
if 75 - 75: ooOoO0o + OoOoOO00 + o0oOOo0O0Ooo * I11i % oO0o . iII111i
if 55 - 55: OOooOOo . I1IiiI
if 61 - 61: Oo0Ooo % IiII . Oo0Ooo
if 100 - 100: I1Ii111 * O0
if 64 - 64: OOooOOo % iIii1I11I1II1 * oO0o
if 79 - 79: O0
if 78 - 78: I1ii11iIi11i + OOooOOo - I1Ii111
if 38 - 38: o0oOOo0O0Ooo - oO0o + iIii1I11I1II1 / OoOoOO00 % Oo0Ooo
if 57 - 57: OoO0O00 / ooOoO0o
if 29 - 29: iIii1I11I1II1 + OoOoOO00 * OoO0O00 * OOooOOo . I1IiiI * I1IiiI
if 7 - 7: IiII * I1Ii111 % Ii1I - o0oOOo0O0Ooo
if 13 - 13: Ii1I . i11iIiiIii
if 56 - 56: I1ii11iIi11i % O0 - I1IiiI
if 100 - 100: Ii1I - O0 % oO0o * OOooOOo + I1IiiI
if 88 - 88: OoooooooOO - OoO0O00 * O0 * OoooooooOO . OoooooooOO
if 33 - 33: I1Ii111 + iII111i * oO0o / iIii1I11I1II1 - I1IiiI
if 54 - 54: I1Ii111 / OOooOOo . oO0o % iII111i
if 57 - 57: i11iIiiIii . I1ii11iIi11i - Ii1I - oO0o + OoOoOO00
if 63 - 63: OoOoOO00 * iII111i
if 69 - 69: O0 . OoO0O00
if 49 - 49: I1IiiI - I11i
if 74 - 74: iIii1I11I1II1 * I1ii11iIi11i + OoOoOO00 / i1IIi / II111iiii . Oo0Ooo
if 62 - 62: OoooooooOO * I1IiiI
if 58 - 58: OoOoOO00 % o0oOOo0O0Ooo
if 50 - 50: I1Ii111 . o0oOOo0O0Ooo
import sys , logging
import struct
import cStringIO
import math
import zipfile
import re
import optparse
import os . path
import binascii
import base64
import traceback
import zlib
import email
import string
if 97 - 97: O0 + OoOoOO00
if 89 - 89: o0oOOo0O0Ooo + OoO0O00 * I11i * Ii1I
try :
 if 37 - 37: OoooooooOO - O0 - o0oOOo0O0Ooo
 import lxml . etree as ET
except ImportError :
 try :
  if 77 - 77: OOooOOo * iIii1I11I1II1
  import xml . etree . cElementTree as ET
 except ImportError :
  try :
   if 98 - 98: I1IiiI % Ii1I * OoooooooOO
   import elementtree . cElementTree as ET
  except ImportError :
   raise ImportError , "lxml or ElementTree are not installed, " + "see http://codespeak.net/lxml " + "or http://effbot.org/zone/element-index.htm"
   if 51 - 51: iIii1I11I1II1 . OoOoOO00 / oO0o + o0oOOo0O0Ooo
   if 33 - 33: ooOoO0o . II111iiii % iII111i + o0oOOo0O0Ooo
   if 71 - 71: Oo0Ooo % OOooOOo
import thirdparty . olefile as olefile
from thirdparty . prettytable import prettytable
from thirdparty . xglob import xglob
from thirdparty . pyparsing . pyparsing import *
if 98 - 98: I11i % i11iIiiIii % ooOoO0o + Ii1I
if 78 - 78: I1ii11iIi11i % oO0o / iII111i - iIii1I11I1II1
if 69 - 69: I1Ii111
if 11 - 11: I1IiiI
if 16 - 16: Ii1I + IiII * O0 % i1IIi . I1IiiI
if 67 - 67: OoooooooOO / I1IiiI * Ii1I + I11i
OooOo0ooo = 'https://bitbucket.org/decalage/oletools/issues'
o00oo0 = 'Please report this issue on %s' % OooOo0ooo
if 38 - 38: ooOoO0o % II111iiii % I11i / OoO0O00 + OoOoOO00 / i1IIi
if 54 - 54: iIii1I11I1II1 % I1ii11iIi11i - OOooOOo / oO0o - OoO0O00 . I11i
II = 'OLE'
o0Oo0oO0oOO00 = 'OpenXML'
oo00OO0000oO = 'Word2003_XML'
I1II1 = 'MHTML'
if 86 - 86: iIii1I11I1II1 / OoOoOO00 . II111iiii
if 19 - 19: I1ii11iIi11i % OoooooooOO % IiII * o0oOOo0O0Ooo % O0
ooo = {
 II : 'OLE:' ,
 o0Oo0oO0oOO00 : 'OpX:' ,
 oo00OO0000oO : 'XML:' ,
 I1II1 : 'MHT:' ,
 }
if 27 - 27: ooOoO0o % I1IiiI
if 73 - 73: OOooOOo
if 70 - 70: iIii1I11I1II1
i11ii1iI = 'ActiveMime'
if 22 - 22: OoooooooOO
OOOOOo = "bas"
IiI1iIiIIIii = "cls"
oOoO = "frm"
if 81 - 81: OoOoOO00 - OoOoOO00 . iII111i
if 73 - 73: I11i % i11iIiiIii - I1IiiI
Ii1iI111II1I1 = '{http://schemas.microsoft.com/office/word/2003/wordml}'
if 91 - 91: OOooOOo % OOooOOo - I1IiiI
I1iiii1I = Ii1iI111II1I1 + 'binData'
OOo0 = Ii1iI111II1I1 + 'name'
if 73 - 73: iII111i
if 42 - 42: i11iIiiIii * iIii1I11I1II1 / I1ii11iIi11i . i11iIiiIii % I11i
i1iI = {

'Runs when the Word document is opened' :
 ( 'AutoExec' , 'AutoOpen' , 'Document_Open' , 'DocumentOpen' ) ,
 'Runs when the Word document is closed' :
 ( 'AutoExit' , 'AutoClose' , 'Document_Close' , 'DocumentBeforeClose' ) ,
 'Runs when the Word document is modified' :
 ( 'DocumentChange' , ) ,
 'Runs when a new Word document is created' :
 ( 'AutoNew' , 'Document_New' , 'NewDocument' ) ,


'Runs when the Excel Workbook is opened' :
 ( 'Auto_Open' , 'Workbook_Open' ) ,
 'Runs when the Excel Workbook is closed' :
 ( 'Auto_Close' , 'Workbook_Close' ) ,


}
if 29 - 29: I1IiiI % OOooOOo - I1IiiI / OOooOOo . i1IIi
if 31 - 31: I1Ii111
if 88 - 88: OoO0O00 - ooOoO0o + OOooOOo * I1IiiI % iIii1I11I1II1 + Oo0Ooo
oo000O0OoooO = {

'May read system environment variables' :
 ( 'Environ' , ) ,
 'May open a file' :
 ( 'Open' , ) ,
 'May write to a file (if combined with Open)' :

( 'Write' , 'Put' , 'Output' , 'Print #' ) ,
 'May read or write a binary file (if combined with Open)' :

( 'Binary' , ) ,
 'May copy a file' :
 ( 'FileCopy' , 'CopyFile' ) ,

# O0 * OoooooooOO % OOooOOo / IiII - Ii1I / I11i
'May delete a file' :
 ( 'Kill' , ) ,
 'May create a text file' :
 ( 'CreateTextFile' , 'ADODB.Stream' , 'WriteText' , 'SaveToFile' ) ,

# IiII + ooOoO0o / I1Ii111 . ooOoO0o
'May run an executable file or a system command' :
 ( 'Shell' , 'vbNormal' , 'vbNormalFocus' , 'vbHide' , 'vbMinimizedFocus' , 'vbMaximizedFocus' , 'vbNormalNoFocus' ,
 'vbMinimizedNoFocus' , 'WScript.Shell' , 'Run' ) ,

# ooOoO0o
'May run PowerShell commands' :

# oO0o / I1Ii111 / I1ii11iIi11i
# o0oOOo0O0Ooo + II111iiii + OoOoOO00 - ooOoO0o . OoOoOO00
( 'PowerShell' , 'noexit' , 'ExecutionPolicy' , 'noprofile' ) ,
 'May hide the application' :
 ( 'Application.Visible' , 'ShowWindow' , 'SW_HIDE' ) ,
 'May create a directory' :
 ( 'MkDir' , ) ,
 'May save the current workbook' :
 ( 'ActiveWorkbook.SaveAs' , ) ,
 'May change which directory contains files to open at startup' :

( 'Application.AltStartupPath' , ) ,
 'May create an OLE object' :
 ( 'CreateObject' , ) ,
 'May run an application (if combined with CreateObject)' :
 ( 'Shell.Application' , ) ,
 'May enumerate application windows (if combined with Shell.Application object)' :
 ( 'Windows' , 'FindWindow' ) ,
 'May run code from a DLL' :

( 'Lib' , ) ,
 'May inject code into another process' :
 ( 'CreateThread' , 'VirtualAlloc' ,
) ,
 'May download files from the Internet' :

( 'URLDownloadToFileA' , 'Msxml2.XMLHTTP' , 'Microsoft.XMLHTTP' ,
 'MSXML2.ServerXMLHTTP' ,
'User-Agent' ,
) ,
 'May download files from the Internet using PowerShell' :

( 'New-Object System.Net.WebClient' , 'DownloadFile' ) ,
 'May control another application by simulating user keystrokes' :
 ( 'SendKeys' , 'AppActivate' ) ,

'May attempt to obfuscate malicious function calls' :
 ( 'CallByName' , ) ,

'May attempt to obfuscate specific strings' :

( 'Chr' , 'ChrB' , 'ChrW' , 'StrReverse' , 'Xor' ) ,

'May read or write registry keys' :

( 'RegOpenKeyExA' , 'RegOpenKeyEx' , 'RegCloseKey' ) ,
 'May read registry keys' :

( 'RegQueryValueExA' , 'RegQueryValueEx' ,
 'RegRead' ,
) ,
 'May detect virtualization' :

( r'SYSTEM\ControlSet001\Services\Disk\Enum' , 'VIRTUAL' , 'VMWARE' , 'VBOX' ) ,
 'May detect Anubis Sandbox' :

# Oo0Ooo * I1ii11iIi11i + iIii1I11I1II1 / I1Ii111 / OoO0O00 - OoooooooOO
# iII111i + OoOoOO00
( 'GetVolumeInformationA' , 'GetVolumeInformation' ,
'1824245000' , r'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId' ,
 '76487-337-8429955-22614' , 'andy' , 'sample' , r'C:\exec\exec.exe' , 'popupkiller'
 ) ,
 'May detect Sandboxie' :

# II111iiii % ooOoO0o % OoOoOO00 - OoooooooOO
( 'SbieDll.dll' , 'SandboxieControlWndClass' ) ,
 'May detect Sunbelt Sandbox' :

( r'C:\file.exe' , ) ,
 'May detect Norman Sandbox' :

( 'currentuser' , ) ,
 'May detect CW Sandbox' :

( 'Schmidti' , ) ,
 'May detect WinJail Sandbox' :

( 'Afx:400000:0' , ) ,
 }
if 80 - 80: OoOoOO00 % I1Ii111
if 55 - 55: i11iIiiIii . I1Ii111 * Ii1I % OoO0O00
if 85 - 85: i11iIiiIii % o0oOOo0O0Ooo
if 38 - 38: oO0o % OoOoOO00 + I1ii11iIi11i . i11iIiiIii
if 53 - 53: i11iIiiIii * iII111i
if 68 - 68: iIii1I11I1II1 * iIii1I11I1II1 . o0oOOo0O0Ooo / II111iiii % Oo0Ooo
i1i11I11 = r'\b(?:http|ftp)s?'
if 10 - 10: O0 - OoooooooOO . OoOoOO00
I1iIii11 = r'(?:xn--[a-zA-Z0-9]{4,20}|[a-zA-Z]{2,20})'
i1 = r'(?:[a-zA-Z0-9\-\.]+\.' + I1iIii11 + ')'
if 90 - 90: I1Ii111 . ooOoO0o / Ii1I - I11i
if 40 - 40: OoooooooOO
I1i1i1 = r'(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'
OoO0O00O0oo0O = r'(?:' + I1i1i1 + r'\.){3}' + I1i1i1
if 36 - 36: OOooOOo + O0 - Ii1I - O0 % I11i . oO0o
oooiiI = r'(?:' + OoO0O00O0oo0O + '|' + i1 + ')'
oO = r'(?:\:[0-9]{1,5})?'
IIiIi = oooiiI + oO
OOoOooOoOOOoo = r'(?:/[a-zA-Z0-9\-\._\?\,\'/\\\+&%\$#\=~]*)?'
Iiii1iI1i = i1i11I11 + r'\://' + IIiIi + OOoOooOoOOOoo
I1ii1ii11i1I = re . compile ( Iiii1iI1i )
if 58 - 58: iII111i + Oo0Ooo
if 12 - 12: o0oOOo0O0Ooo - I1ii11iIi11i % OoOoOO00 * I11i
if 44 - 44: iII111i % Ii1I
if 41 - 41: i1IIi - I11i - Ii1I
III11I1 = (
 ( 'URL' , re . compile ( Iiii1iI1i ) ) ,
 ( 'IPv4 address' , re . compile ( OoO0O00O0oo0O ) ) ,

( 'E-mail address' , re . compile ( r'(?i)\b[A-Z0-9._%+-]+@' + oooiiI + '\b' ) ) ,

# o0oOOo0O0Ooo * O0 - Ii1I
( "Executable file name" , re . compile (
 r"(?i)\b\w+\.(EXE|PIF|GADGET|MSI|MSP|MSC|VBS|VBE|VB|JSE|JS|WSF|WSC|WSH|WS|BAT|CMD|DLL|SCR|HTA|CPL|CLASS|JAR|PS1XML|PS1|PS2XML|PS2|PSC1|PSC2|SCF|LNK|INF|REG)\b" ) ) ,

# oO0o + ooOoO0o . Oo0Ooo % Ii1I
# i11iIiiIii + o0oOOo0O0Ooo / I1ii11iIi11i - OoO0O00 - Ii1I + I1ii11iIi11i
# i11iIiiIii + OoO0O00 . iIii1I11I1II1 * I1Ii111
)
if 15 - 15: i1IIi + OoOoOO00
if 48 - 48: I1IiiI % iII111i / iIii1I11I1II1
Oo0oooO0oO = re . compile ( r'(?:[0-9A-Fa-f]{2}){4,}' )
if 19 - 19: i11iIiiIii + OoooooooOO - Oo0Ooo - I11i
if 21 - 21: O0 % IiII . I1IiiI / II111iiii + IiII
if 53 - 53: oO0o - I1IiiI - oO0o * iII111i
if 71 - 71: O0 - iIii1I11I1II1
if 12 - 12: OOooOOo / o0oOOo0O0Ooo
iiI1I1 = r'(?:[A-Za-z0-9+/]{4}){1,}(?:[A-Za-z0-9+/]{2}[AEIMQUYcgkosw048]=|[A-Za-z0-9+/][AQgw]==)?'
ooO = re . compile ( '"' + iiI1I1 + '"' )
if 6 - 6: iIii1I11I1II1 . ooOoO0o % o0oOOo0O0Ooo
I1Iii1 = set ( [ 'thisdocument' , 'thisworkbook' , 'test' , 'temp' , 'http' , 'open' , 'exit' ] )
if 30 - 30: OoooooooOO - OoOoOO00
if 75 - 75: iIii1I11I1II1 - Ii1I . Oo0Ooo % i11iIiiIii % I11i
if 55 - 55: iII111i . II111iiii % OoO0O00 * iII111i + ooOoO0o + Ii1I
II1Iiiiii = re . compile ( r'"[0-9A-Za-z]{20,}"' )
if 36 - 36: I1IiiI - I11i
i11i11111i1i = re . compile ( r'[G-Zg-z]' )
if 72 - 72: OOooOOo % I1ii11iIi11i + OoO0O00 / oO0o + IiII
if 10 - 10: I1Ii111 / ooOoO0o + i11iIiiIii / Ii1I
if 74 - 74: OOooOOo + O0 + i1IIi - i1IIi + II111iiii
if 83 - 83: I1ii11iIi11i - I1IiiI + OOooOOo
if 5 - 5: Ii1I
if 46 - 46: IiII
if 45 - 45: ooOoO0o
if 21 - 21: oO0o . I1Ii111 . OOooOOo / Oo0Ooo / I1Ii111
if 17 - 17: OOooOOo / OOooOOo / I11i
if 1 - 1: i1IIi . i11iIiiIii % OOooOOo
if 82 - 82: iIii1I11I1II1 + Oo0Ooo . iIii1I11I1II1 % IiII / Ii1I . Ii1I
if 14 - 14: o0oOOo0O0Ooo . OOooOOo . I11i + OoooooooOO - OOooOOo + IiII
if 9 - 9: Ii1I
oooooOOO000Oo = alphanums + '_'
if 52 - 52: II111iiii % IiII . OoOoOO00 * iIii1I11I1II1
class I111i1II ( str ) :
 pass
 if 69 - 69: Ii1I * O0 . i11iIiiIii / Ii1I . o0oOOo0O0Ooo
 if 63 - 63: I11i + o0oOOo0O0Ooo . II111iiii - I1IiiI
 if 52 - 52: o0oOOo0O0Ooo % Oo0Ooo
 if 64 - 64: O0 % I11i % O0 * OoO0O00 . oO0o + I1IiiI
 if 75 - 75: I11i . OoooooooOO % o0oOOo0O0Ooo * I11i % OoooooooOO
 if 13 - 13: IiII / i11iIiiIii % II111iiii % I11i . I1ii11iIi11i
 if 8 - 8: OoOoOO00 + Oo0Ooo - II111iiii
 if 11 - 11: i1IIi % i11iIiiIii - i1IIi * OoOoOO00
 if 39 - 39: I1Ii111
 if 86 - 86: I11i * I1IiiI + I11i + II111iiii
 if 8 - 8: I1Ii111 - iII111i / ooOoO0o
 if 96 - 96: OoOoOO00
 if 29 - 29: I1ii11iIi11i / i1IIi . I1IiiI - OoOoOO00 - OoOoOO00 - Ii1I
 if 20 - 20: i1IIi % OoO0O00 . I1IiiI / IiII * i11iIiiIii * OOooOOo
 if 85 - 85: o0oOOo0O0Ooo . OoOoOO00 / ooOoO0o . O0 % I1Ii111
 if 90 - 90: Oo0Ooo % O0 * iIii1I11I1II1 . iII111i
 if 8 - 8: ooOoO0o + II111iiii / iII111i / I11i
 if 74 - 74: O0 / i1IIi
 if 78 - 78: OoooooooOO . OoO0O00 + ooOoO0o - i1IIi
 if 31 - 31: OoooooooOO . OOooOOo
 if 83 - 83: iII111i . O0 / Oo0Ooo / OOooOOo - II111iiii
 if 100 - 100: OoO0O00
 if 46 - 46: OoOoOO00 / iIii1I11I1II1 % iII111i . iIii1I11I1II1 * iII111i
 if 38 - 38: I1ii11iIi11i - iII111i / O0 . I1Ii111
 if 45 - 45: I1Ii111
 if 83 - 83: OoOoOO00 . OoooooooOO
 if 58 - 58: i11iIiiIii + OoooooooOO % OoooooooOO / IiII / i11iIiiIii
oOOoo = Combine ( WordStart ( oooooOOO000Oo ) + Word ( nums )
 + Suppress ( Optional ( Word ( '%&^' , exact = 1 ) ) ) )
oOOoo . setParseAction ( lambda iII1111III1I : int ( iII1111III1I [ 0 ] ) )
if 39 - 39: i1IIi / IiII
oO000oOo00o0o = Combine ( Suppress ( Literal ( '&' ) + Optional ( ( CaselessLiteral ( 'o' ) ) ) ) + Word ( srange ( '[0-7]' ) )
 + Suppress ( Optional ( Word ( '%&^' , exact = 1 ) ) ) )
oO000oOo00o0o . setParseAction ( lambda iII1111III1I : int ( iII1111III1I [ 0 ] , base = 8 ) )
if 85 - 85: iII111i + OoooooooOO * iII111i - I1Ii111 % i11iIiiIii
OOo00OoO = Combine ( Suppress ( CaselessLiteral ( '&h' ) ) + Word ( srange ( '[0-9a-fA-F]' ) )
 + Suppress ( Optional ( Word ( '%&^' , exact = 1 ) ) ) )
OOo00OoO . setParseAction ( lambda iII1111III1I : int ( iII1111III1I [ 0 ] , base = 16 ) )
if 10 - 10: o0oOOo0O0Ooo / i11iIiiIii
o00 = oOOoo | oO000oOo00o0o | OOo00OoO
if 85 - 85: I1ii11iIi11i . I1Ii111
if 78 - 78: ooOoO0o * I1Ii111 + iIii1I11I1II1 + iIii1I11I1II1 / I1Ii111 . Ii1I
if 97 - 97: ooOoO0o / I1Ii111 % i1IIi % I1ii11iIi11i
if 18 - 18: iIii1I11I1II1 % I11i
if 95 - 95: ooOoO0o + i11iIiiIii * I1Ii111 - i1IIi * I1Ii111 - iIii1I11I1II1
if 75 - 75: OoooooooOO * IiII
if 9 - 9: IiII - II111iiii + O0 / iIii1I11I1II1 / i11iIiiIii
if 39 - 39: IiII * Oo0Ooo + iIii1I11I1II1 - IiII + OOooOOo
if 69 - 69: O0
o0ooO = QuotedString ( '"' , escQuote = '""' )
o0ooO . setParseAction ( lambda iII1111III1I : str ( iII1111III1I [ 0 ] ) )
if 74 - 74: O0 * oO0o - i11iIiiIii + I1Ii111
if 17 - 17: iIii1I11I1II1 . OoooooooOO / I11i % II111iiii % i1IIi / i11iIiiIii
if 58 - 58: Oo0Ooo . II111iiii + oO0o - i11iIiiIii / II111iiii / O0
if 85 - 85: OoOoOO00 + OOooOOo
if 10 - 10: IiII / OoO0O00 + OoOoOO00 / i1IIi
if 27 - 27: Ii1I
if 67 - 67: I1IiiI
if 55 - 55: I1ii11iIi11i - iII111i * o0oOOo0O0Ooo + OoOoOO00 * OoOoOO00 * O0
O000Oo0o = Forward ( )
OoO0O0O0o00 = Forward ( )
if 7 - 7: I1IiiI + OoOoOO00 / IiII
if 79 - 79: OoO0O00 - iIii1I11I1II1 + Ii1I - I1Ii111
if 93 - 93: II111iiii . I1IiiI - Oo0Ooo + OoOoOO00
if 61 - 61: II111iiii
Ii1ii111i1 = Suppress (
 Combine ( WordStart ( oooooOOO000Oo ) + CaselessLiteral ( 'Chr' )
 + Optional ( CaselessLiteral ( 'B' ) | CaselessLiteral ( 'W' ) ) + Optional ( '$' ) )
 + '(' ) + OoO0O0O0o00 + Suppress ( ')' )
Ii1ii111i1 . setParseAction ( lambda iII1111III1I : I111i1II ( chr ( iII1111III1I [ 0 ] ) ) )
if 31 - 31: OOooOOo + O0
if 87 - 87: ooOoO0o
if 45 - 45: OoO0O00 / OoooooooOO - iII111i / Ii1I % IiII
if 83 - 83: I1IiiI . iIii1I11I1II1 - IiII * i11iIiiIii
if 20 - 20: i1IIi * I1Ii111 + II111iiii % o0oOOo0O0Ooo % oO0o
if 13 - 13: Oo0Ooo
oOOo000oOoO0 = Suppress ( CaselessKeyword ( 'Asc' ) + '(' ) + O000Oo0o + Suppress ( ')' )
oOOo000oOoO0 . setParseAction ( lambda iII1111III1I : ord ( iII1111III1I [ 0 ] ) )
if 86 - 86: II111iiii % i11iIiiIii + Ii1I % i11iIiiIii
if 92 - 92: i11iIiiIii - iII111i / ooOoO0o / oO0o
if 43 - 43: II111iiii + OOooOOo + iII111i
if 40 - 40: o0oOOo0O0Ooo
if 67 - 67: oO0o + II111iiii - O0 . oO0o * II111iiii * I11i
if 90 - 90: Ii1I . IiII
OO00O0oOO = Suppress ( CaselessKeyword ( 'Val' ) + '(' ) + O000Oo0o + Suppress ( ')' )
OO00O0oOO . setParseAction ( lambda iII1111III1I : int ( iII1111III1I [ 0 ] . strip ( ) ) )
if 4 - 4: OoooooooOO - i1IIi % Ii1I - OOooOOo * o0oOOo0O0Ooo
if 85 - 85: OoooooooOO * iIii1I11I1II1 . iII111i / OoooooooOO % I1IiiI % O0
if 36 - 36: Ii1I / II111iiii / IiII / IiII + I1ii11iIi11i
if 95 - 95: IiII
if 51 - 51: II111iiii + IiII . i1IIi . I1ii11iIi11i + OoOoOO00 * I1IiiI
OOoOoo0 = Suppress ( CaselessKeyword ( 'StrReverse' ) + '(' ) + O000Oo0o + Suppress ( ')' )
OOoOoo0 . setParseAction ( lambda iII1111III1I : I111i1II ( str ( iII1111III1I [ 0 ] ) [ : : - 1 ] ) )
if 17 - 17: Ii1I + oO0o . OoO0O00 - Oo0Ooo * i11iIiiIii
if 20 - 20: I1IiiI . OoooooooOO % OOooOOo
if 63 - 63: I1IiiI % iIii1I11I1II1
if 39 - 39: iII111i / II111iiii / I1ii11iIi11i % I1IiiI
if 89 - 89: I1Ii111 + OoooooooOO + I1Ii111 * i1IIi + iIii1I11I1II1 % I11i
oOo0oO = Suppress ( CaselessKeyword ( 'Environ' ) + '(' ) + O000Oo0o + Suppress ( ')' )
oOo0oO . setParseAction ( lambda iII1111III1I : I111i1II ( '%%%s%%' % iII1111III1I [ 0 ] ) )
if 5 - 5: OOooOOo - OOooOOo . Oo0Ooo + OoOoOO00 - OOooOOo . oO0o
if 31 - 31: II111iiii - iIii1I11I1II1 - iIii1I11I1II1 % I11i
if 12 - 12: iIii1I11I1II1
if 20 - 20: o0oOOo0O0Ooo / i1IIi
if 71 - 71: OoOoOO00 . i1IIi
if 94 - 94: OOooOOo . I1Ii111
if 84 - 84: O0 . I11i - II111iiii . ooOoO0o / II111iiii
if 47 - 47: OoooooooOO
if 4 - 4: I1IiiI % I11i
I1 = Word ( initChars = alphas , bodyChars = alphanums + '_' )
if 67 - 67: OoO0O00 + oO0o
if 88 - 88: iII111i
if 19 - 19: II111iiii * IiII + Ii1I
if 65 - 65: OOooOOo . I1Ii111 . OoO0O00 . iII111i - OOooOOo
if 19 - 19: i11iIiiIii + iII111i % ooOoO0o
if 14 - 14: OoO0O00 . II111iiii . I11i / Ii1I % I1ii11iIi11i - ooOoO0o
if 67 - 67: I11i - OOooOOo . i1IIi
I1I1iI = Suppress ( '"' ) + Combine ( Word ( hexnums , exact = 2 ) * ( 2 , None ) ) + Suppress ( '"' )
I1I1iI . setParseAction ( lambda iII1111III1I : str ( iII1111III1I [ 0 ] ) )
if 16 - 16: IiII * OoOoOO00 . ooOoO0o / i1IIi . OoO0O00 - i1IIi
I1IiIIi = Suppress ( I1 ) + Suppress ( '(' ) + I1I1iI ( 'hex_string' ) + Suppress ( ')' )
if 42 - 42: O0 . oO0o - o0oOOo0O0Ooo / i1IIi
I1IiIIi . setParseAction ( lambda iII1111III1I : I111i1II ( binascii . a2b_hex ( iII1111III1I . hex_string ) ) )
if 68 - 68: O0 + OoOoOO00 / oO0o - OOooOOo + iIii1I11I1II1 % Ii1I
if 23 - 23: ooOoO0o % o0oOOo0O0Ooo / I11i
if 5 - 5: iIii1I11I1II1
if 72 - 72: oO0o . I1Ii111 / OoOoOO00 + I11i % iIii1I11I1II1
if 42 - 42: I1ii11iIi11i * OoOoOO00 % ooOoO0o - OoOoOO00 . i11iIiiIii - I1Ii111
if 84 - 84: I1Ii111 - I1ii11iIi11i / I11i
if 13 - 13: IiII - Oo0Ooo - ooOoO0o
if 92 - 92: ooOoO0o / OoOoOO00 * OoO0O00 . I11i % II111iiii
O0OoOoO00O = Suppress ( '"' ) + Regex ( iiI1I1 ) + Suppress ( '"' )
O0OoOoO00O . setParseAction ( lambda iII1111III1I : str ( iII1111III1I [ 0 ] ) )
if 96 - 96: I1IiiI % Oo0Ooo . I1ii11iIi11i + OOooOOo
Ii11Iii1i1ii = Suppress ( I1 ) + Suppress ( '(' ) + O0OoOoO00O ( 'base64_string' ) + Suppress ( ')' )
if 26 - 26: II111iiii % i11iIiiIii % iIii1I11I1II1 % I11i * I11i * I1ii11iIi11i
Ii11Iii1i1ii . setParseAction ( lambda iII1111III1I : I111i1II ( binascii . a2b_base64 ( iII1111III1I . base64_string ) ) )
if 24 - 24: II111iiii % I1Ii111 - ooOoO0o + I1IiiI * I1ii11iIi11i
if 2 - 2: Ii1I - IiII
if 83 - 83: oO0o % o0oOOo0O0Ooo % Ii1I - II111iiii * OOooOOo / OoooooooOO
if 18 - 18: OoO0O00 + iIii1I11I1II1 - II111iiii - I1IiiI
def oooOOOO0oooo ( tokens ) :
 if 51 - 51: O0 - i1IIi / I1IiiI
 if 37 - 37: o0oOOo0O0Ooo % ooOoO0o
 O0II11i11II = tokens [ 0 ] [ : : 2 ]
 if 29 - 29: Oo0Ooo % OoO0O00 % IiII . o0oOOo0O0Ooo / OoooooooOO * ooOoO0o
 if 54 - 54: O0
 if 68 - 68: OoO0O00 * o0oOOo0O0Ooo . ooOoO0o % oO0o % I1Ii111
 return I111i1II ( '' . join ( O0II11i11II ) )
 if 75 - 75: OoOoOO00
 if 34 - 34: O0
OooOOOo0 = ( Ii1ii111i1 | OOoOoo0 | oOo0oO | o0ooO | I1IiIIi | Ii11Iii1i1ii )
if 54 - 54: Ii1I - I11i - I1Ii111 . iIii1I11I1II1
O000Oo0o <<= infixNotation ( OooOOOo0 ,
 [
 ( "+" , 2 , opAssoc . LEFT , oooOOOO0oooo ) ,
 ( "&" , 2 , opAssoc . LEFT , oooOOOO0oooo ) ,
 ] )
if 79 - 79: Ii1I . OoO0O00
if 40 - 40: o0oOOo0O0Ooo + Oo0Ooo . o0oOOo0O0Ooo % ooOoO0o
if 15 - 15: Ii1I * Oo0Ooo % I1ii11iIi11i * iIii1I11I1II1 - i11iIiiIii
if 60 - 60: I1IiiI * I1Ii111 % OoO0O00 + oO0o
def o0oo ( tokens ) :
 if 80 - 80: I1Ii111 * OoOoOO00 * II111iiii - O0 . OoOoOO00 % I1IiiI
 if 13 - 13: oO0o . I1IiiI * oO0o + I1IiiI
 OoOooo = tokens [ 0 ] [ : : 2 ]
 if 74 - 74: iIii1I11I1II1 * IiII % OoOoOO00
 if 36 - 36: OoooooooOO - oO0o
 if 85 - 85: o0oOOo0O0Ooo . IiII / O0 . o0oOOo0O0Ooo . I1ii11iIi11i . OoO0O00
 return sum ( OoOooo )
 if 60 - 60: o0oOOo0O0Ooo - OoOoOO00 * Oo0Ooo % Ii1I / II111iiii % OoOoOO00
 if 52 - 52: OOooOOo - iII111i * oO0o
Ii1I11I = ( oOOo000oOoO0 | OO00O0oOO | o00 )
if 36 - 36: O0 + Oo0Ooo
OoO0O0O0o00 <<= infixNotation ( Ii1I11I ,
 [
 ( "+" , 2 , opAssoc . LEFT , o0oo ) ,
 ] )
if 5 - 5: Oo0Ooo * OoOoOO00
if 46 - 46: ooOoO0o
if 33 - 33: iII111i - II111iiii * OoooooooOO - Oo0Ooo - OOooOOo
if 84 - 84: I1Ii111 + Oo0Ooo - OoOoOO00 * OoOoOO00
if 61 - 61: OoooooooOO . oO0o . OoooooooOO / Oo0Ooo
if 72 - 72: i1IIi
def OOoo0oo ( data ) :
 return data . startswith ( i11ii1iI )
 if 58 - 58: oO0o
 if 4 - 4: II111iiii . ooOoO0o / I1ii11iIi11i - i11iIiiIii
 if 72 - 72: O0 / ooOoO0o + OoooooooOO * iII111i
 if 61 - 61: OoooooooOO % II111iiii - I1IiiI % I1ii11iIi11i + i1IIi
 if 39 - 39: i1IIi
 if 86 - 86: iIii1I11I1II1 + OoOoOO00 . i11iIiiIii - Ii1I
 if 51 - 51: OoOoOO00
 if 14 - 14: IiII % oO0o % Oo0Ooo - i11iIiiIii
 if 53 - 53: Ii1I % Oo0Ooo
 if 59 - 59: OOooOOo % iIii1I11I1II1 . i1IIi + II111iiii * IiII
 if 41 - 41: Ii1I % I1ii11iIi11i
i1iIiIi1I = re . compile ( r'x' )
if 37 - 37: Ii1I % OoO0O00
if 79 - 79: I1ii11iIi11i + I1IiiI / I1IiiI
def OO0O0ooOOO00 ( data ) :
 if 17 - 17: O0 . I1Ii111 . O0 + O0 / Oo0Ooo . ooOoO0o
 assert OOoo0oo ( data )
 if 62 - 62: I1ii11iIi11i % iII111i * OoO0O00 - i1IIi
 if 66 - 66: i11iIiiIii / o0oOOo0O0Ooo - OoooooooOO / i1IIi . i11iIiiIii
 if 16 - 16: Oo0Ooo % I1ii11iIi11i + I11i - O0 . iII111i / I1Ii111
 if 35 - 35: oO0o / I1Ii111 / II111iiii - iIii1I11I1II1 + II111iiii . I1Ii111
 if 81 - 81: iII111i * OOooOOo - I1ii11iIi11i * Ii1I % OoOoOO00 * OoOoOO00
 if 59 - 59: iIii1I11I1II1
 if 7 - 7: OOooOOo * I1IiiI / o0oOOo0O0Ooo * i11iIiiIii
 if 84 - 84: OOooOOo . iII111i
 if 8 - 8: Oo0Ooo + II111iiii * OOooOOo * OoOoOO00 * I11i / IiII
 if 21 - 21: oO0o / OoooooooOO
 if 11 - 11: OOooOOo % Ii1I - i11iIiiIii - oO0o + ooOoO0o + IiII
 if 87 - 87: I1Ii111 * i1IIi / I1ii11iIi11i
 if 6 - 6: o0oOOo0O0Ooo + Oo0Ooo - OoooooooOO % OOooOOo * OoOoOO00
 try :
  oOoOIIII = struct . unpack_from ( '<H' , data , offset = 0x1E ) [ 0 ] + 46
  logging . debug ( 'Parsing MSO file: data offset = 0x%X' % oOoOIIII )
 except :
  logging . exception ( 'Unable to parse MSO/ActiveMime file header' )
  raise RuntimeError ( 'Unable to parse MSO/ActiveMime file header' )
  if 50 - 50: Oo0Ooo % IiII
  if 28 - 28: I1ii11iIi11i . i1IIi
  if 10 - 10: OoO0O00 / Oo0Ooo
  if 15 - 15: iII111i . OoOoOO00 / iII111i * I11i - I1IiiI % I1ii11iIi11i
 for oo0OOOOOO0 in ( oOoOIIII , 0x32 , 0x22A ) :
  try :
   logging . debug ( 'Attempting zlib decompression from MSO file offset 0x%X' % oo0OOOOOO0 )
   i11 = zlib . decompress ( data [ oo0OOOOOO0 : ] )
   return i11
  except :
   logging . exception ( 'zlib decompression failed' )
   if 20 - 20: OoooooooOO - Oo0Ooo % OoOoOO00 % I11i
   if 89 - 89: oO0o / OoooooooOO . iII111i
 logging . debug ( 'Looking for potential zlib-compressed blocks in MSO file' )
 for I1iiiiii in i1iIiIi1I . finditer ( data ) :
  oo0OOOOOO0 = I1iiiiii . start ( )
  try :
   logging . debug ( 'Attempting zlib decompression from MSO file offset 0x%X' % oo0OOOOOO0 )
   i11 = zlib . decompress ( data [ oo0OOOOOO0 : ] )
   return i11
  except :
   logging . exception ( 'zlib decompression failed' )
 raise RuntimeError ( 'Unable to decompress data from a MSO/ActiveMime file' )
 if 65 - 65: IiII + Oo0Ooo
 if 59 - 59: OoooooooOO + I11i . I1Ii111 - O0 % iIii1I11I1II1 / O0
 if 88 - 88: Oo0Ooo . O0 % OoooooooOO / OOooOOo
 if 89 - 89: II111iiii / oO0o
 if 14 - 14: OOooOOo . I1IiiI * ooOoO0o + II111iiii - ooOoO0o + OOooOOo
IIIIIiII1 = set ( string . printable )
if 45 - 45: I1IiiI / iII111i . iII111i
def i1oO ( s ) :
 if 30 - 30: Oo0Ooo . OoO0O00
 if 57 - 57: I11i . Oo0Ooo + II111iiii
 return set ( s ) . issubset ( IIIIIiII1 )
 if 43 - 43: I1Ii111 % iII111i
 if 69 - 69: iII111i % OoO0O00
 if 86 - 86: oO0o / oO0o
 if 28 - 28: i11iIiiIii / o0oOOo0O0Ooo . iIii1I11I1II1 / II111iiii
 if 72 - 72: OoooooooOO / I1IiiI + Ii1I / OoOoOO00 * Ii1I
 if 34 - 34: O0 * O0 % OoooooooOO + iII111i * iIii1I11I1II1 % Ii1I
 if 25 - 25: I11i + OoOoOO00 . o0oOOo0O0Ooo % OoOoOO00 * OOooOOo
 if 32 - 32: i11iIiiIii - I1Ii111
 if 53 - 53: OoooooooOO - IiII
def oOo ( decompressed_current , decompressed_chunk_start ) :
 i1i = decompressed_current - decompressed_chunk_start
 if 5 - 5: I1ii11iIi11i + O0 + O0 . I1Ii111 - ooOoO0o
 if 63 - 63: oO0o
 if 71 - 71: i1IIi . Ii1I * iII111i % OoooooooOO + OOooOOo
 if 36 - 36: IiII
 if 49 - 49: OOooOOo / OoooooooOO / I1IiiI
 if 74 - 74: I1Ii111 % I1ii11iIi11i
 if 7 - 7: II111iiii
 iI = int ( math . ceil ( math . log ( i1i , 2 ) ) )
 iI = max ( [ iI , 4 ] )
 i1oOOOOOOOoO = 0xFFFF >> iI
 I1IIiI = ~ i1oOOOOOOOoO
 O0oOOo0o = ( 0xFFFF >> iI ) + 3
 return i1oOOOOOOOoO , I1IIiI , iI , O0oOOo0o
 if 50 - 50: iII111i . I1ii11iIi11i . OoO0O00 * I11i + II111iiii % i11iIiiIii
 if 8 - 8: ooOoO0o * O0
def OOoO ( compressed_container ) :
 if 18 - 18: iIii1I11I1II1 + Oo0Ooo - OOooOOo + OoooooooOO * OoooooooOO
 if 41 - 41: ooOoO0o . Oo0Ooo + I1IiiI
 if 100 - 100: Ii1I + OoO0O00
 if 73 - 73: i1IIi - I1Ii111 % ooOoO0o / OoO0O00
 if 40 - 40: I1ii11iIi11i * ooOoO0o - I1IiiI / IiII / i11iIiiIii
 if 83 - 83: I1ii11iIi11i / I1Ii111 - i11iIiiIii . iIii1I11I1II1 + Oo0Ooo
 if 59 - 59: O0 % Oo0Ooo
 if 92 - 92: Ii1I % iII111i / I1ii11iIi11i % I1ii11iIi11i * I1IiiI
 if 74 - 74: O0 . I1IiiI % OoO0O00 % IiII
 if 87 - 87: oO0o - i11iIiiIii
 if 78 - 78: i11iIiiIii / iIii1I11I1II1 - o0oOOo0O0Ooo
 if 23 - 23: I11i
 if 40 - 40: o0oOOo0O0Ooo - II111iiii / Oo0Ooo
 if 14 - 14: I1ii11iIi11i
 if 5 - 5: o0oOOo0O0Ooo . iIii1I11I1II1 % iIii1I11I1II1
 if 56 - 56: OoooooooOO - I11i - i1IIi
 if 8 - 8: I1Ii111 / OOooOOo . I1IiiI + I1ii11iIi11i / i11iIiiIii
 if 31 - 31: ooOoO0o - iIii1I11I1II1 + iII111i . Oo0Ooo / IiII % iIii1I11I1II1
 if 6 - 6: IiII * i11iIiiIii % iIii1I11I1II1 % i11iIiiIii + o0oOOo0O0Ooo / i1IIi
 if 53 - 53: I11i + iIii1I11I1II1
 if 70 - 70: I1ii11iIi11i
 if 67 - 67: OoooooooOO
 if 29 - 29: O0 - i11iIiiIii - II111iiii + OOooOOo * IiII
 if 2 - 2: i1IIi - ooOoO0o + I1IiiI . o0oOOo0O0Ooo * o0oOOo0O0Ooo / OoOoOO00
 if 93 - 93: i1IIi
 if 53 - 53: OoooooooOO + Oo0Ooo + oO0o
 I1I111iI = ''
 iIiI1IIiii11 = 0
 if 33 - 33: iIii1I11I1II1 / iII111i - I1IiiI * I11i
 o0o00oO0oo000 = ord ( compressed_container [ iIiI1IIiii11 ] )
 if o0o00oO0oo000 != 0x01 :
  raise ValueError ( 'invalid signature byte {0:02X}' . format ( o0o00oO0oo000 ) )
  if 89 - 89: OoO0O00 + IiII * I1Ii111
 iIiI1IIiii11 += 1
 if 28 - 28: OoooooooOO . oO0o % I1ii11iIi11i / i1IIi / OOooOOo
 if 36 - 36: o0oOOo0O0Ooo + I11i - IiII + iIii1I11I1II1 + OoooooooOO
 if 4 - 4: II111iiii . I11i + Ii1I * I1Ii111 . ooOoO0o
 while iIiI1IIiii11 < len ( compressed_container ) :
  if 87 - 87: OoOoOO00 / OoO0O00 / i11iIiiIii
  oO0OO = iIiI1IIiii11
  if 88 - 88: OoOoOO00 - i11iIiiIii % o0oOOo0O0Ooo * I11i + I1ii11iIi11i
  Oo = struct . unpack ( "<H" , compressed_container [ oO0OO : oO0OO + 2 ] ) [ 0 ]
  if 40 - 40: OoOoOO00 % OoO0O00
  if 62 - 62: o0oOOo0O0Ooo
  I1i111i = ( Oo & 0x0FFF ) + 3
  if 42 - 42: I1ii11iIi11i / i1IIi % OoOoOO00
  I11iiIIII1I1 = ( Oo >> 12 ) & 0x07
  if I11iiIIII1I1 != 0b011 :
   raise ValueError ( 'Invalid CompressedChunkSignature in VBA compressed stream' )
   if 38 - 38: I1Ii111 % OOooOOo - OoooooooOO
  oOo0OOoooO = ( Oo >> 15 ) & 0x01
  logging . debug ( "chunk size = {0}, compressed flag = {1}" . format ( I1i111i , oOo0OOoooO ) )
  if 26 - 26: o0oOOo0O0Ooo * IiII . i1IIi
  if 59 - 59: O0 + i1IIi - o0oOOo0O0Ooo
  if 62 - 62: i11iIiiIii % OOooOOo . IiII . OOooOOo
  if 84 - 84: i11iIiiIii * OoO0O00
  if 18 - 18: OOooOOo - Ii1I - OoOoOO00 / I1Ii111 - O0
  if 30 - 30: O0 + I1ii11iIi11i + II111iiii
  if oOo0OOoooO == 1 and I1i111i > 4098 :
   raise ValueError ( 'CompressedChunkSize > 4098 but CompressedChunkFlag == 1' )
  if oOo0OOoooO == 0 and I1i111i != 4098 :
   raise ValueError ( 'CompressedChunkSize != 4098 but CompressedChunkFlag == 0' )
   if 14 - 14: o0oOOo0O0Ooo / OOooOOo - iIii1I11I1II1 - oO0o % ooOoO0o
   if 49 - 49: ooOoO0o * oO0o / o0oOOo0O0Ooo / Oo0Ooo * iIii1I11I1II1
   if 57 - 57: OoOoOO00 - oO0o / ooOoO0o % i11iIiiIii
  if oO0OO + I1i111i > len ( compressed_container ) :
   logging . warning ( 'Chunk size is larger than remaining compressed data' )
  I11 = min ( [ len ( compressed_container ) , oO0OO + I1i111i ] )
  if 100 - 100: I1ii11iIi11i + i11iIiiIii - i1IIi
  iIiI1IIiii11 = oO0OO + 2
  if 29 - 29: o0oOOo0O0Ooo / i11iIiiIii / I1IiiI % oO0o % i11iIiiIii
  if oOo0OOoooO == 0 :
   if 18 - 18: OOooOOo + I1Ii111
   if 80 - 80: oO0o + o0oOOo0O0Ooo * Ii1I + OoO0O00
   if 75 - 75: I11i / o0oOOo0O0Ooo / OOooOOo / IiII % ooOoO0o + II111iiii
   I1I111iI += compressed_container [ iIiI1IIiii11 : iIiI1IIiii11 + 4096 ]
   iIiI1IIiii11 += 4096
  else :
   if 4 - 4: iII111i - Oo0Ooo - IiII - I11i % i11iIiiIii / OoO0O00
   if 50 - 50: ooOoO0o + i1IIi
   i11IiIIi11I = len ( I1I111iI )
   while iIiI1IIiii11 < I11 :
    if 78 - 78: IiII
    if 83 - 83: iIii1I11I1II1 % OoOoOO00 % o0oOOo0O0Ooo % I1Ii111 . I1ii11iIi11i % O0
    if 47 - 47: o0oOOo0O0Ooo
    if 66 - 66: I1IiiI - IiII
    iiIii = ord ( compressed_container [ iIiI1IIiii11 ] )
    iIiI1IIiii11 += 1
    for iIiIii1ii in xrange ( 0 , 8 ) :
     if 8 - 8: OoO0O00 + OoOoOO00 . iIii1I11I1II1 % O0
     if iIiI1IIiii11 >= I11 :
      break
      if 43 - 43: I1ii11iIi11i - iII111i
      if 70 - 70: iII111i / OOooOOo % ooOoO0o - Ii1I
     i1II11Iii1I = ( iiIii >> iIiIii1ii ) & 1
     if 92 - 92: OOooOOo % IiII % OoOoOO00
     if i1II11Iii1I == 0 :
      if 4 - 4: OoOoOO00 + Ii1I / oO0o
      I1I111iI += compressed_container [ iIiI1IIiii11 ]
      iIiI1IIiii11 += 1
     else :
      if 13 - 13: iII111i
      o0OOOOO0O = struct . unpack ( "<H" , compressed_container [ iIiI1IIiii11 : iIiI1IIiii11 + 2 ] ) [ 0 ]
      if 35 - 35: Ii1I - Ii1I + i1IIi - O0 - I1Ii111
      if 58 - 58: OoOoOO00 - iII111i - OoooooooOO
      i1oOOOOOOOoO , I1IIiI , iI , O0oOOo0o = oOo (
 len ( I1I111iI ) , i11IiIIi11I )
      o00ii111Iiii = ( o0OOOOO0O & i1oOOOOOOOoO ) + 3
      oo0oO0o0 = o0OOOOO0O & I1IIiI
      Iii1Ii = 16 - iI
      oOoOIIII = ( oo0oO0o0 >> Iii1Ii ) + 1
      if 30 - 30: O0 - iII111i % Oo0Ooo
      O0Oo = len ( I1I111iI ) - oOoOIIII
      for iIIiI11i in xrange ( O0Oo , O0Oo + o00ii111Iiii ) :
       I1I111iI += I1I111iI [ iIIiI11i ]
      iIiI1IIiii11 += 2
 return I1I111iI
 if 100 - 100: O0 . I11i . OoO0O00 + O0 * oO0o
 if 42 - 42: oO0o % OoooooooOO + o0oOOo0O0Ooo
def ooOO0o ( ole , vba_root , project_path , dir_path ) :
 if 51 - 51: Oo0Ooo - I1ii11iIi11i * I11i
 ii1111Ii1i = ole . openstream ( project_path )
 if 48 - 48: O0 * Ii1I - O0 / Ii1I + OoOoOO00
 if 52 - 52: OoO0O00 % Ii1I * II111iiii
 if 4 - 4: I11i % O0 - OoooooooOO + ooOoO0o . oO0o % II111iiii
 if 9 - 9: II111iiii * II111iiii . i11iIiiIii * iIii1I11I1II1
 if 18 - 18: OoO0O00 . II111iiii % OoOoOO00 % Ii1I
 if 87 - 87: iIii1I11I1II1 . OoooooooOO * OoOoOO00
 if 100 - 100: OoO0O00 / i1IIi - I1IiiI % Ii1I - iIii1I11I1II1
 if 17 - 17: I11i / o0oOOo0O0Ooo % Oo0Ooo
 if 71 - 71: IiII . I1Ii111 . OoO0O00
 if 68 - 68: i11iIiiIii % oO0o * OoO0O00 * IiII * II111iiii + O0
 if 66 - 66: I11i % I1ii11iIi11i % OoooooooOO
 if 34 - 34: o0oOOo0O0Ooo / iII111i % O0 . OoO0O00 . i1IIi
 if 29 - 29: O0 . I1Ii111
 if 66 - 66: oO0o * iIii1I11I1II1 % iIii1I11I1II1 * IiII - ooOoO0o - IiII
 if 70 - 70: I1Ii111 + oO0o
 if 93 - 93: I1Ii111 + Ii1I
 if 33 - 33: O0
 if 78 - 78: O0 / II111iiii * OoO0O00
 if 50 - 50: OoooooooOO - iIii1I11I1II1 + i1IIi % I1Ii111 - iIii1I11I1II1 % O0
 if 58 - 58: IiII + iIii1I11I1II1
 if 65 - 65: II111iiii - I1Ii111 % o0oOOo0O0Ooo - OoOoOO00 * iII111i + Ii1I
 if 79 - 79: ooOoO0o . OoOoOO00 % I1Ii111 - Oo0Ooo
 if 69 - 69: ooOoO0o - o0oOOo0O0Ooo . ooOoO0o
 if 9 - 9: oO0o % i11iIiiIii / Oo0Ooo
 if 20 - 20: oO0o * O0 + I11i - OoooooooOO . I11i
 if 60 - 60: o0oOOo0O0Ooo . o0oOOo0O0Ooo / iII111i
 if 45 - 45: O0 . i11iIiiIii % iII111i . OoOoOO00 % IiII % iIii1I11I1II1
 if 58 - 58: iIii1I11I1II1 . OoOoOO00 - i11iIiiIii * iIii1I11I1II1 % i11iIiiIii / I1IiiI
 if 80 - 80: I1ii11iIi11i / iIii1I11I1II1 % OoOoOO00
 oO000o0Oo00 = { }
 if 77 - 77: iIii1I11I1II1 + OoO0O00 . I1ii11iIi11i % OoO0O00
 for o0O in ii1111Ii1i :
  o0O = o0O . strip ( )
  if '=' in o0O :
   if 78 - 78: OoOoOO00
   iI1 , I1iIII1IiiI = o0O . split ( '=' , 1 )
   if 96 - 96: I1IiiI % i1IIi . o0oOOo0O0Ooo . O0
   if 37 - 37: i1IIi - OOooOOo % OoooooooOO / OOooOOo % ooOoO0o
   if 48 - 48: i11iIiiIii % oO0o
   if 29 - 29: iII111i + i11iIiiIii % I11i
   I1iIII1IiiI = I1iIII1IiiI . lower ( )
   if iI1 == 'Document' :
    if 93 - 93: OoOoOO00 % iIii1I11I1II1
    I1iIII1IiiI = I1iIII1IiiI . split ( '/' , 1 ) [ 0 ]
    oO000o0Oo00 [ I1iIII1IiiI ] = IiI1iIiIIIii
   elif iI1 == 'Module' :
    oO000o0Oo00 [ I1iIII1IiiI ] = OOOOOo
   elif iI1 == 'Class' :
    oO000o0Oo00 [ I1iIII1IiiI ] = IiI1iIiIIIii
   elif iI1 == 'BaseClass' :
    oO000o0Oo00 [ I1iIII1IiiI ] = oOoO
    if 90 - 90: I1IiiI - OOooOOo / Ii1I / O0 / I11i
    if 87 - 87: OoOoOO00 / IiII + iIii1I11I1II1
 oo0O0o = ole . openstream ( dir_path ) . read ( )
 if 13 - 13: iIii1I11I1II1 . OoOoOO00 * I1IiiI / oO0o * Ii1I
 def O00o ( name , expected , value ) :
  if expected != value :
   logging . error ( "invalid value for {0} expected {1:04X} got {2:04X}" . format ( name , expected , value ) )
   if 86 - 86: I1ii11iIi11i * II111iiii * I11i
 oO0Oo = cStringIO . StringIO ( OOoO ( oo0O0o ) )
 if 58 - 58: ooOoO0o
 if 5 - 5: i11iIiiIii % OoOoOO00 - Ii1I
 oOo0 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTSYSKIND_Id' , 0x0001 , oOo0 )
 oOoOo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTSYSKIND_Size' , 0x0004 , oOoOo )
 OoO00O0OOO = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if OoO00O0OOO == 0x00 :
  logging . debug ( "16-bit Windows" )
 elif OoO00O0OOO == 0x01 :
  logging . debug ( "32-bit Windows" )
 elif OoO00O0OOO == 0x02 :
  logging . debug ( "Macintosh" )
 elif OoO00O0OOO == 0x03 :
  logging . debug ( "64-bit Windows" )
 else :
  logging . error ( "invalid PROJECTSYSKIND_SysKind {0:04X}" . format ( OoO00O0OOO ) )
  if 87 - 87: IiII
  if 34 - 34: OoO0O00
 I11i11i1 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTLCID_Id' , 0x0002 , I11i11i1 )
 OOO = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTLCID_Size' , 0x0004 , OOO )
 ii1i1iiI = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTLCID_Lcid' , 0x409 , ii1i1iiI )
 if 94 - 94: i1IIi * i1IIi % II111iiii + OOooOOo
 if 28 - 28: I1IiiI
 I11o0000o0Oo = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTLCIDINVOKE_Id' , 0x0014 , I11o0000o0Oo )
 ooo0O0OOo0OoO = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTLCIDINVOKE_Size' , 0x0004 , ooo0O0OOo0OoO )
 Ii1i1 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTLCIDINVOKE_LcidInvoke' , 0x409 , Ii1i1 )
 if 65 - 65: oO0o + I1ii11iIi11i / OOooOOo
 if 85 - 85: iIii1I11I1II1 / OoooooooOO % II111iiii
 IiIIi11i111 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTCODEPAGE_Id' , 0x0003 , IiIIi11i111 )
 oooo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTCODEPAGE_Size' , 0x0002 , oooo )
 iiiIIIii = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 if 93 - 93: iIii1I11I1II1 + I1IiiI + i11iIiiIii
 if 74 - 74: I11i / II111iiii + ooOoO0o * iIii1I11I1II1 - I1Ii111 - OoO0O00
 OoOoO0OooOOo = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTNAME_Id' , 0x0004 , OoOoO0OooOOo )
 oOIIi = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if oOIIi < 1 or oOIIi > 128 :
  logging . error ( "PROJECTNAME_SizeOfProjectName value not in range: {0}" . format ( oOIIi ) )
 I1Ii1IIiI11i1 = oO0Oo . read ( oOIIi )
 if 45 - 45: II111iiii % ooOoO0o % IiII + I1ii11iIi11i . i1IIi . OoOoOO00
 if 87 - 87: ooOoO0o . O0 % I1Ii111 + I1ii11iIi11i + Ii1I % iIii1I11I1II1
 ii11iIIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTDOCSTRING_Id' , 0x0005 , ii11iIIi )
 i1II1II1iii1i = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if oOIIi > 2000 :
  logging . error (
 "PROJECTDOCSTRING_SizeOfDocString value not in range: {0}" . format ( i1II1II1iii1i ) )
 O0OO0oOO = oO0Oo . read ( i1II1II1iii1i )
 oo = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTDOCSTRING_Reserved' , 0x0040 , oo )
 ooOoO0O0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if ooOoO0O0 % 2 != 0 :
  logging . error ( "PROJECTDOCSTRING_SizeOfDocStringUnicode is not even" )
 iI111i11iI1 = oO0Oo . read ( ooOoO0O0 )
 if 2 - 2: OoOoOO00 + I1Ii111 + OoooooooOO . i1IIi
 if 19 - 19: iII111i - o0oOOo0O0Ooo - Ii1I - OoOoOO00 . iII111i . I1Ii111
 i11I1I = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTHELPFILEPATH_Id' , 0x0006 , i11I1I )
 oo0ooooo00o = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if oo0ooooo00o > 260 :
  logging . error (
 "PROJECTHELPFILEPATH_SizeOfHelpFile1 value not in range: {0}" . format ( oo0ooooo00o ) )
 OoOo = oO0Oo . read ( oo0ooooo00o )
 i111i1iIi1 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTHELPFILEPATH_Reserved' , 0x003D , i111i1iIi1 )
 OoO0oO = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if OoO0oO != oo0ooooo00o :
  logging . error ( "PROJECTHELPFILEPATH_SizeOfHelpFile1 does not equal PROJECTHELPFILEPATH_SizeOfHelpFile2" )
 Ii = oO0Oo . read ( OoO0oO )
 if Ii != OoOo :
  logging . error ( "PROJECTHELPFILEPATH_HelpFile1 does not equal PROJECTHELPFILEPATH_HelpFile2" )
  if 20 - 20: o0oOOo0O0Ooo * ooOoO0o
  if 10 - 10: I11i - Oo0Ooo
 ooOOooo0ooo00 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTHELPCONTEXT_Id' , 0x0007 , ooOOooo0ooo00 )
 oooOo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTHELPCONTEXT_Size' , 0x0004 , oooOo )
 oo0oo0O0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if 18 - 18: iIii1I11I1II1 + OOooOOo + iIii1I11I1II1 . I1ii11iIi11i + I1Ii111 . ooOoO0o
 if 7 - 7: I1ii11iIi11i + iIii1I11I1II1 * I11i * I11i / II111iiii - Ii1I
 oOOOo0o = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTLIBFLAGS_Id' , 0x0008 , oOOOo0o )
 iiiii11I1 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTLIBFLAGS_Size' , 0x0004 , iiiii11I1 )
 Ii1 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTLIBFLAGS_ProjectLibFlags' , 0x0000 , Ii1 )
 if 77 - 77: OOooOOo / II111iiii + IiII + ooOoO0o - i11iIiiIii
 if 44 - 44: I1IiiI + OoOoOO00 + I1ii11iIi11i . I1IiiI * OoOoOO00 % iIii1I11I1II1
 o0OO0OOO0O = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTVERSION_Id' , 0x0009 , o0OO0OOO0O )
 Iii1I = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTVERSION_Reserved' , 0x0004 , Iii1I )
 oOoOOOOoOO0o = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 ii = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 if 47 - 47: I1Ii111 - OOooOOo / ooOoO0o - Oo0Ooo + iII111i - iIii1I11I1II1
 if 68 - 68: Ii1I - oO0o + Oo0Ooo
 i11Iii1Ii1i1 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTCONSTANTS_Id' , 0x000C , i11Iii1Ii1i1 )
 i1iIi1IIiIII1 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if i1iIi1IIiIII1 > 1015 :
  logging . error (
 "PROJECTCONSTANTS_SizeOfConstants value not in range: {0}" . format ( i1iIi1IIiIII1 ) )
 i1Ii11I1II = oO0Oo . read ( i1iIi1IIiIII1 )
 oOOOoo0o = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTCONSTANTS_Reserved' , 0x003C , oOOOoo0o )
 iiiI1IiIIii = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 if iiiI1IiIIii % 2 != 0 :
  logging . error ( "PROJECTCONSTANTS_SizeOfConstantsUnicode is not even" )
 IIIIiii = oO0Oo . read ( iiiI1IiIIii )
 if 26 - 26: OoooooooOO - ooOoO0o * i11iIiiIii + O0 * oO0o
 if 87 - 87: Oo0Ooo + O0 - I11i * iIii1I11I1II1 . I1Ii111 % o0oOOo0O0Ooo
 Oo0oo0oOO0oOo = None
 while True :
  Oo0oo0oOO0oOo = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  logging . debug ( "reference type = {0:04X}" . format ( Oo0oo0oOO0oOo ) )
  if Oo0oo0oOO0oOo == 0x000F :
   break
   if 18 - 18: II111iiii + OoOoOO00 - I1Ii111 + OoO0O00 / ooOoO0o % IiII
  if Oo0oo0oOO0oOo == 0x0016 :
   if 94 - 94: iII111i % ooOoO0o . oO0o
   O00oOo0O0o00O = Oo0oo0oOO0oOo
   ooo0oo00O00Oo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   OOO000000OOO0 = oO0Oo . read ( ooo0oo00O00Oo )
   ooOoOOoooO000 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   O00o ( 'REFERENCE_Reserved' , 0x003E , ooOoOOoooO000 )
   OoO0o000oOo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   Oo00OO00o0oO = oO0Oo . read ( OoO0o000oOo )
   continue
   if 43 - 43: Oo0Ooo . I1Ii111
  if Oo0oo0oOO0oOo == 0x0033 :
   if 12 - 12: I1Ii111 + OOooOOo + I11i . IiII / Ii1I
   i1I = Oo0oo0oOO0oOo
   oOOoooO0O0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   ii1 = oO0Oo . read ( oOOoooO0O0 )
   continue
   if 69 - 69: I11i % O0 / I1IiiI . I1Ii111 / ooOoO0o
  if Oo0oo0oOO0oOo == 0x002F :
   if 94 - 94: I11i - II111iiii . I1IiiI - Oo0Ooo + I1ii11iIi11i * I1ii11iIi11i
   I1iiIiiii1111 = Oo0oo0oOO0oOo
   I1ii1i11i = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   Oooooo0O00o = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   II11ii1 = oO0Oo . read ( Oooooo0O00o )
   ii1II1II = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'REFERENCECONTROL_Reserved1' , 0x0000 , ii1II1II )
   i11i11II11i = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   O00o ( 'REFERENCECONTROL_Reserved2' , 0x0000 , i11i11II11i )
   if 9 - 9: OoOoOO00 - I1ii11iIi11i * ooOoO0o . ooOoO0o - I1IiiI
   OOooOooo0OOo0 = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   if OOooOooo0OOo0 == 0x0016 :
    oo0o0OoOO0o0 = Oo0oo0oOO0oOo
    III1III11II = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
    iIi1iI = oO0Oo . read (
 III1III11II )
    OO0Oo = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
    O00o ( 'REFERENCECONTROL_NameRecordExtended_Reserved' , 0x003E ,
 OO0Oo )
    IIiiiiiIiIIi = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
    iiIiiIi1 = oO0Oo . read (
 IIiiiiiIiIIi )
    I1Ii11i = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   else :
    I1Ii11i = OOooOooo0OOo0
    if 19 - 19: IiII - o0oOOo0O0Ooo . iIii1I11I1II1 . OoOoOO00 / OOooOOo
   O00o ( 'REFERENCECONTROL_Reserved3' , 0x0030 , I1Ii11i )
   OOO0O00Oo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   ii1oOOO0ooOO = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   i11IiI1iiI11 = oO0Oo . read ( ii1oOOO0ooOO )
   OOoOOOO00 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   IIii1III = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   ooooOoo0OO = oO0Oo . read ( 16 )
   Oo0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   continue
   if 96 - 96: I11i % Ii1I % oO0o * I11i / OOooOOo
  if Oo0oo0oOO0oOo == 0x000D :
   if 13 - 13: iIii1I11I1II1 - OoO0O00
   ooo0 = Oo0oo0oOO0oOo
   i1iiIIiiiII = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   Ii1I1 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   OO0ooO0 = oO0Oo . read ( Ii1I1 )
   OoOooOO0oOOo0O = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'REFERENCEREGISTERED_Reserved1' , 0x0000 , OoOooOO0oOOo0O )
   I1II = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   O00o ( 'REFERENCEREGISTERED_Reserved2' , 0x0000 , I1II )
   continue
   if 9 - 9: Oo0Ooo % OoooooooOO - Ii1I
  if Oo0oo0oOO0oOo == 0x000E :
   if 43 - 43: OoO0O00 % OoO0O00
   IIiii11ii1i = Oo0oo0oOO0oOo
   II1iI1IIi = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   Ii11iiI1 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   oO0O = oO0Oo . read ( Ii11iiI1 )
   OOoooO00o0o = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   I1ii1Ii1 = oO0Oo . read ( OOoooO00o0o )
   OoO = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   oOiI111I1III = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   continue
   if 36 - 36: I11i % OOooOOo
  logging . error ( 'invalid or unknown check Id {0:04X}' . format ( Oo0oo0oOO0oOo ) )
  sys . exit ( 0 )
  if 72 - 72: I1IiiI / iII111i - O0 + I11i
 o0 = Oo0oo0oOO0oOo
 O00o ( 'PROJECTMODULES_Id' , 0x000F , o0 )
 iIIIIi = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTMODULES_Size' , 0x0002 , iIIIIi )
 i1I11ii = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 o0ooO00O0O = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 O00o ( 'PROJECTMODULES_ProjectCookieRecord_Id' , 0x0013 , o0ooO00O0O )
 iiiI1iI1 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
 O00o ( 'PROJECTMODULES_ProjectCookieRecord_Size' , 0x0002 , iiiI1iI1 )
 I1oOoO0OOO00O = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
 if 73 - 73: o0oOOo0O0Ooo % OoO0O00 + IiII + I1IiiI
 logging . debug ( "parsing {0} modules" . format ( i1I11ii ) )
 for OoOO00 in xrange ( 0 , i1I11ii ) :
  O0O00OoOoOOo = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  O00o ( 'MODULENAME_Id' , 0x0019 , O0O00OoOoOOo )
  o0o0oo0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
  II1IIi1iII1i = oO0Oo . read ( o0o0oo0 )
  if 26 - 26: O0
  iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x0047 :
   ooiiI1ii = iiiIi
   O0OooOO = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   i1i1 = oO0Oo . read ( O0OooOO )
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x001A :
   o0oOoOo0 = iiiIi
   III1IiI1i1i = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   o0OOOOOo0 = oO0Oo . read ( III1IiI1i1i )
   oooOoO = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   O00o ( 'MODULESTREAMNAME_Reserved' , 0x0032 , oooOoO )
   O0Oo0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   iIIIi1IiI11I1 = oO0Oo . read ( O0Oo0 )
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x001C :
   O0Ooo000 = iiiIi
   O00o ( 'MODULEDOCSTRING_Id' , 0x001C , O0Ooo000 )
   IIi11iI1Iii = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   IiIi1i = oO0Oo . read ( IIi11iI1Iii )
   i11ii = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   O00o ( 'MODULEDOCSTRING_Reserved' , 0x0048 , i11ii )
   oOOOOO0Ooooo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   o0o000Oo = oO0Oo . read ( oOOOOO0Ooooo )
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x0031 :
   oO0o0O0o0OO00 = iiiIi
   O00o ( 'MODULEOFFSET_Id' , 0x0031 , oO0o0O0o0OO00 )
   iIiiiIi = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'MODULEOFFSET_Size' , 0x0004 , iIiiiIi )
   OooooOo = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x001E :
   IIIiiiIiI = iiiIi
   O00o ( 'MODULEHELPCONTEXT_Id' , 0x001E , IIIiiiIiI )
   OO0OOoooo0o = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'MODULEHELPCONTEXT_Size' , 0x0004 , OO0OOoooo0o )
   IiIi1Ii = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x002C :
   iiIIiI11II1 = iiiIi
   O00o ( 'MODULECOOKIE_Id' , 0x002C , iiIIiI11II1 )
   oooOooOoO0Oo0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'MODULECOOKIE_Size' , 0x0002 , oooOooOoO0Oo0 )
   i11i11i = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x0021 or iiiIi == 0x0022 :
   iiI1iI = iiiIi
   Ooo00O0 = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x0025 :
   OoO0OOoO0 = iiiIi
   O00o ( 'MODULEREADONLY_Id' , 0x0025 , OoO0OOoO0 )
   iiI11i = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'MODULEREADONLY_Reserved' , 0x0000 , iiI11i )
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x0028 :
   o0Oo = iiiIi
   O00o ( 'MODULEPRIVATE_Id' , 0x0028 , o0Oo )
   iiI1i = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'MODULEPRIVATE_Reserved' , 0x0000 , iiI1i )
   iiiIi = struct . unpack ( "<H" , oO0Oo . read ( 2 ) ) [ 0 ]
  if iiiIi == 0x002B :
   i11I = struct . unpack ( "<L" , oO0Oo . read ( 4 ) ) [ 0 ]
   O00o ( 'MODULE_Reserved' , 0x0000 , i11I )
   iiiIi = None
  if iiiIi != None :
   logging . warning ( 'unknown or invalid module section id {0:04X}' . format ( iiiIi ) )
   if 56 - 56: iII111i . I1Ii111
  logging . debug ( 'Project CodePage = %d' % iiiIIIii )
  I1i1ii = 'cp%d' % iiiIIIii
  logging . debug ( "ModuleName = {0}" . format ( II1IIi1iII1i ) )
  logging . debug ( "StreamName = {0}" . format ( repr ( o0OOOOOo0 ) ) )
  O0000oo00oOOO = o0OOOOOo0 . decode ( I1i1ii )
  logging . debug ( "StreamName.decode('%s') = %s" % ( I1i1ii , repr ( O0000oo00oOOO ) ) )
  logging . debug ( "StreamNameUnicode = {0}" . format ( repr ( iIIIi1IiI11I1 ) ) )
  logging . debug ( "TextOffset = {0}" . format ( OooooOo ) )
  if 98 - 98: oO0o . OoooooooOO
  Oo000 = vba_root + u'VBA/' + O0000oo00oOOO
  if 97 - 97: O0 / OOooOOo + o0oOOo0O0Ooo . oO0o % OoOoOO00 - OoOoOO00
  logging . debug ( 'opening VBA code stream %s' % repr ( Oo000 ) )
  i1IiI1Iiii = ole . openstream ( Oo000 ) . read ( )
  logging . debug ( "length of code_data = {0}" . format ( len ( i1IiI1Iiii ) ) )
  logging . debug ( "offset of code_data = {0}" . format ( OooooOo ) )
  i1IiI1Iiii = i1IiI1Iiii [ OooooOo : ]
  if len ( i1IiI1Iiii ) > 0 :
   i1IiI1Iiii = OOoO ( i1IiI1Iiii )
   if 87 - 87: IiII / I1Ii111 - Oo0Ooo
   oOO = oO000o0Oo00 . get ( II1IIi1iII1i . lower ( ) , 'bin' )
   oOOO0oOoo = '{0}.{1}' . format ( II1IIi1iII1i , oOO )
   if 65 - 65: iII111i . oO0o - Ii1I
   yield ( Oo000 , oOOO0oOoo , i1IiI1Iiii )
   if 93 - 93: O0
   if 4 - 4: I1IiiI / I1IiiI
   if 82 - 82: I11i / ooOoO0o * I11i % i11iIiiIii * II111iiii
   if 83 - 83: OoO0O00 + OOooOOo - o0oOOo0O0Ooo + iIii1I11I1II1 % Oo0Ooo
   if 23 - 23: o0oOOo0O0Ooo + Ii1I % OoOoOO00 % I1IiiI % OoooooooOO
   logging . debug ( 'extracted file {0}' . format ( oOOO0oOoo ) )
  else :
   logging . warning ( "module stream {0} has code data length 0" . format ( o0OOOOOo0 ) )
 return
 if 78 - 78: OoO0O00 / Oo0Ooo - iIii1I11I1II1 - i11iIiiIii * iII111i
 if 84 - 84: OOooOOo + Ii1I + o0oOOo0O0Ooo
def i1i1iIII11i ( vba_code ) :
 if 40 - 40: iIii1I11I1II1 / OoOoOO00 - O0 * iIii1I11I1II1
 vba_code = vba_code . replace ( ' _\r\n' , ' ' )
 if 56 - 56: OOooOOo
 if 49 - 49: ooOoO0o . II111iiii
 if 24 - 24: O0 . OoooooooOO - OoO0O00 * OoooooooOO
 if 12 - 12: O0 + IiII * i1IIi . OoO0O00
 if 71 - 71: I1Ii111 - o0oOOo0O0Ooo - OOooOOo
 if 28 - 28: iIii1I11I1II1
 if 7 - 7: o0oOOo0O0Ooo % IiII * OoOoOO00
 vba_code = vba_code . replace ( ' _\r' , ' ' )
 vba_code = vba_code . replace ( ' _\n' , ' ' )
 return vba_code
 if 58 - 58: IiII / I11i + II111iiii % iII111i - OoooooooOO
 if 25 - 25: OoOoOO00 % OoooooooOO * Oo0Ooo - i1IIi * II111iiii * oO0o
def I1iI1I1ii1 ( vba_code ) :
 iIIi1 = vba_code . splitlines ( )
 if 75 - 75: IiII % i11iIiiIii + iIii1I11I1II1
 if 92 - 92: OoOoOO00 % O0
 if 55 - 55: iIii1I11I1II1 * iII111i
 if 85 - 85: iIii1I11I1II1 . II111iiii
 if 54 - 54: Ii1I . OoooooooOO % Oo0Ooo
 if 22 - 22: OOooOOo
 if 22 - 22: iII111i * I11i - Oo0Ooo * O0 / i11iIiiIii
 if 78 - 78: Oo0Ooo * O0 / ooOoO0o + OoooooooOO + OOooOOo
 if 23 - 23: iII111i % OoooooooOO / iIii1I11I1II1 + I1ii11iIi11i / i1IIi / o0oOOo0O0Ooo
 if 94 - 94: i1IIi
 if 36 - 36: I1IiiI + Oo0Ooo
 oo0OOOOOO0 = 0
 for o0O in iIIi1 :
  if o0O . startswith ( "Attribute VB_" ) and not ':' in o0O :
   oo0OOOOOO0 += 1
  else :
   break
   if 46 - 46: iII111i
 ooIiI11i1I11111 = '\n' . join ( iIIi1 [ oo0OOOOOO0 : ] )
 return ooIiI11i1I11111
 if 34 - 34: I1IiiI * OoOoOO00 * oO0o + I1ii11iIi11i
 if 39 - 39: I1ii11iIi11i / i1IIi * IiII - I1IiiI
def OoOoooo0O ( vba_code , obfuscation = None ) :
 if 95 - 95: II111iiii / Ii1I - ooOoO0o - II111iiii - i11iIiiIii
 if 85 - 85: o0oOOo0O0Ooo / I1Ii111
 if 67 - 67: I11i % oO0o
 ii1iiIi = [ ]
 if 21 - 21: I1ii11iIi11i
 if 84 - 84: O0 / I1IiiI % i1IIi % i1IIi / OoO0O00 / oO0o
 if 28 - 28: ooOoO0o . OoooooooOO + o0oOOo0O0Ooo + Ii1I % iII111i
 if 80 - 80: Oo0Ooo
 if 86 - 86: I1ii11iIi11i * I11i . OoOoOO00 / Oo0Ooo + oO0o
 if 8 - 8: OoOoOO00
 if 16 - 16: o0oOOo0O0Ooo . I11i
 if 50 - 50: ooOoO0o * OoOoOO00 + I1ii11iIi11i - i11iIiiIii + Oo0Ooo * I1ii11iIi11i
 if 20 - 20: I1Ii111 / o0oOOo0O0Ooo % OoOoOO00
 O00oo0O00 = ''
 if obfuscation :
  O00oo0O00 = ' (obfuscation: %s)' % obfuscation
 for o0oO00o , OOO0OoO0oo0OO in i1iI . items ( ) :
  for i1iI1Ii11Ii1 in OOO0OoO0oo0OO :
   if 82 - 82: O0
   if 70 - 70: I11i - Oo0Ooo / OoooooooOO % OoooooooOO
   if re . search ( r'(?i)\b' + i1iI1Ii11Ii1 + r'\b' , vba_code ) :
    if 95 - 95: OoooooooOO % OoooooooOO . Ii1I
    ii1iiIi . append ( ( i1iI1Ii11Ii1 , o0oO00o + O00oo0O00 ) )
 return ii1iiIi
 if 26 - 26: oO0o + IiII - II111iiii . II111iiii + I1ii11iIi11i + OoOoOO00
 if 68 - 68: O0
def o0oOoO00 ( vba_code , obfuscation = None ) :
 if 94 - 94: OoO0O00 + IiII + ooOoO0o
 if 82 - 82: Oo0Ooo - Oo0Ooo . iIii1I11I1II1 / OOooOOo + IiII % iIii1I11I1II1
 ii1iiIi = [ ]
 if 61 - 61: OOooOOo / Oo0Ooo % OOooOOo - OoO0O00 + ooOoO0o / ooOoO0o
 if 82 - 82: Oo0Ooo
 if 5 - 5: OoO0O00 / OoO0O00 - O0 - I1Ii111 + I1Ii111
 if 99 - 99: I11i * OoooooooOO / o0oOOo0O0Ooo . IiII - iIii1I11I1II1 - Ii1I
 if 31 - 31: IiII - OoO0O00 / OOooOOo . i1IIi / Ii1I
 if 66 - 66: OoO0O00
 if 72 - 72: I1Ii111
 if 91 - 91: II111iiii / IiII + iIii1I11I1II1 . I11i - O0
 O00oo0O00 = ''
 if obfuscation :
  O00oo0O00 = ' (obfuscation: %s)' % obfuscation
 for o0oO00o , OOO0OoO0oo0OO in oo000O0OoooO . items ( ) :
  for i1iI1Ii11Ii1 in OOO0OoO0oo0OO :
   if 70 - 70: Ii1I * oO0o - I11i + Oo0Ooo % I1ii11iIi11i - IiII
   if re . search ( r'(?i)\b' + i1iI1Ii11Ii1 + r'\b' , vba_code ) :
    if 81 - 81: O0 . O0
    ii1iiIi . append ( ( i1iI1Ii11Ii1 , o0oO00o + O00oo0O00 ) )
 return ii1iiIi
 if 75 - 75: iIii1I11I1II1 % IiII + I1ii11iIi11i * O0 . iII111i - ooOoO0o
 if 32 - 32: Ii1I % oO0o - i1IIi
def Ii11III ( vba_code , obfuscation = None ) :
 ii1iiIi = [ ]
 if 15 - 15: I11i % I1IiiI - iIii1I11I1II1 * ooOoO0o
 if 71 - 71: OoOoOO00 % Oo0Ooo % ooOoO0o
 if 34 - 34: I11i / I11i % IiII . OoOoOO00 / Oo0Ooo
 if 99 - 99: ooOoO0o * I1IiiI - ooOoO0o % Ii1I
 if 40 - 40: OOooOOo / IiII / iIii1I11I1II1 + Ii1I
 if 59 - 59: I11i * OoooooooOO + OOooOOo . iIii1I11I1II1 / i1IIi
 if 75 - 75: I11i . OOooOOo - iIii1I11I1II1 * OoO0O00 * iII111i
 ooo0OO0OOooO0 = set ( )
 O00oo0O00 = ''
 if obfuscation :
  O00oo0O00 = ' (obfuscation: %s)' % obfuscation
 for O00O00 , oOooO0OoO in III11I1 :
  for I1iiiiii in oOooO0OoO . finditer ( vba_code ) :
   I1iIII1IiiI = I1iiiiii . group ( )
   if I1iIII1IiiI not in ooo0OO0OOooO0 :
    ii1iiIi . append ( ( O00O00 + O00oo0O00 , I1iIII1IiiI ) )
    ooo0OO0OOooO0 . add ( I1iIII1IiiI )
 return ii1iiIi
 if 58 - 58: Ii1I % OoooooooOO
 if 49 - 49: I1ii11iIi11i + O0 . Ii1I * OoooooooOO
def oO0OOO00 ( vba_code ) :
 ii1iiIi = [ ]
 if 13 - 13: IiII * I1ii11iIi11i / I1ii11iIi11i / iIii1I11I1II1 % iIii1I11I1II1
 if 21 - 21: I1ii11iIi11i
 if 86 - 86: ooOoO0o
 if 51 - 51: OoO0O00 - i11iIiiIii * I1IiiI
 if 95 - 95: OOooOOo % I1ii11iIi11i + o0oOOo0O0Ooo % ooOoO0o
 if 36 - 36: O0 / i1IIi % II111iiii / iII111i
 ooo0OO0OOooO0 = set ( )
 for I1iiiiii in Oo0oooO0oO . finditer ( vba_code ) :
  I1iIII1IiiI = I1iiiiii . group ( )
  if I1iIII1IiiI not in ooo0OO0OOooO0 :
   OOoOi1IiiI = binascii . unhexlify ( I1iIII1IiiI )
   ii1iiIi . append ( ( I1iIII1IiiI , OOoOi1IiiI ) )
   ooo0OO0OOooO0 . add ( I1iIII1IiiI )
 return ii1iiIi
 if 70 - 70: I11i . OOooOOo * Oo0Ooo / OOooOOo
 if 83 - 83: OoooooooOO + OoO0O00 * oO0o . O0
def iiIIIi1i ( vba_code ) :
 if 1 - 1: Oo0Ooo * I1Ii111 . OoooooooOO
 ii1iiIi = [ ]
 if 73 - 73: OoOoOO00 % o0oOOo0O0Ooo
 if 71 - 71: oO0o - OoooooooOO * Oo0Ooo * I11i + o0oOOo0O0Ooo * I1ii11iIi11i
 if 85 - 85: i11iIiiIii . OoooooooOO - iIii1I11I1II1
 if 38 - 38: I11i . I11i * oO0o / OoooooooOO % ooOoO0o
 if 80 - 80: OoO0O00 / IiII * I1IiiI % IiII
 if 95 - 95: O0 / I11i . I1Ii111
 ooo0OO0OOooO0 = set ( )
 for I1iiiiii in ooO . finditer ( vba_code ) :
  if 17 - 17: I11i
  I1iIII1IiiI = I1iiiiii . group ( ) . strip ( '"' )
  if 56 - 56: ooOoO0o * o0oOOo0O0Ooo + I11i
  if not i11i11111i1i . search ( I1iIII1IiiI ) :
   continue
   if 48 - 48: IiII * OoO0O00 % I1Ii111 - I11i
  if I1iIII1IiiI not in ooo0OO0OOooO0 and I1iIII1IiiI . lower ( ) not in I1Iii1 :
   try :
    OOoOi1IiiI = base64 . b64decode ( I1iIII1IiiI )
    ii1iiIi . append ( ( I1iIII1IiiI , OOoOi1IiiI ) )
    ooo0OO0OOooO0 . add ( I1iIII1IiiI )
   except :
    if 72 - 72: i1IIi % ooOoO0o % IiII % oO0o - oO0o
    pass
 return ii1iiIi
 if 97 - 97: o0oOOo0O0Ooo * O0 / o0oOOo0O0Ooo * OoO0O00 * Oo0Ooo
 if 38 - 38: I1Ii111
def Iiiii1Iii1I ( vba_code ) :
 from thirdparty . DridexUrlDecoder . DridexUrlDecoder import DridexUrlDecode
 if 83 - 83: OoOoOO00
 if 62 - 62: oO0o + Oo0Ooo / i11iIiiIii
 if 90 - 90: iIii1I11I1II1 + OoOoOO00
 if 9 - 9: iIii1I11I1II1 . OoooooooOO + i1IIi - Oo0Ooo
 if 30 - 30: iII111i / OoO0O00 . iII111i
 if 17 - 17: Oo0Ooo + OoooooooOO * OoooooooOO
 if 5 - 5: I1Ii111 % OoooooooOO . OoOoOO00
 ii1iiIi = [ ]
 ooo0OO0OOooO0 = set ( )
 for I1iiiiii in II1Iiiiii . finditer ( vba_code ) :
  I1iIII1IiiI = I1iiiiii . group ( ) [ 1 : - 1 ]
  if 67 - 67: I1ii11iIi11i + Ii1I
  if not i11i11111i1i . search ( I1iIII1IiiI ) :
   continue
  if I1iIII1IiiI not in ooo0OO0OOooO0 :
   try :
    OOoOi1IiiI = DridexUrlDecode ( I1iIII1IiiI )
    ii1iiIi . append ( ( I1iIII1IiiI , OOoOi1IiiI ) )
    ooo0OO0OOooO0 . add ( I1iIII1IiiI )
   except :
    if 72 - 72: IiII % o0oOOo0O0Ooo
    pass
 return ii1iiIi
 if 93 - 93: iIii1I11I1II1 + i11iIiiIii . o0oOOo0O0Ooo . i1IIi % I1IiiI % ooOoO0o
 if 74 - 74: OoOoOO00 / i1IIi % OoooooooOO
def o00o0o000Oo ( vba_code ) :
 if 100 - 100: i1IIi - i11iIiiIii . I1Ii111 * OoO0O00
 ii1iiIi = [ ]
 if 62 - 62: O0
 if 41 - 41: i1IIi - I1IiiI
 if 48 - 48: I1IiiI - II111iiii / OoO0O00 + I1IiiI
 if 5 - 5: O0
 if 75 - 75: I1Ii111 + iIii1I11I1II1
 if 19 - 19: I1IiiI + i11iIiiIii . IiII - I11i / Ii1I + o0oOOo0O0Ooo
 if 38 - 38: Oo0Ooo / iIii1I11I1II1 * iIii1I11I1II1 % I1ii11iIi11i
 ooo0OO0OOooO0 = set ( )
 if 92 - 92: I11i / O0 * I1IiiI - I11i
 if 99 - 99: i11iIiiIii % OoooooooOO
 if 56 - 56: IiII * I1Ii111
 vba_code = vba_code . expandtabs ( )
 for O00oO0O , oo0OOOOOO0 , IiiI111I11 in O000Oo0o . scanString ( vba_code ) :
  oO0Ooooo000 = vba_code [ oo0OOOOOO0 : IiiI111I11 ]
  OOoOi1IiiI = O00oO0O [ 0 ]
  if isinstance ( OOoOi1IiiI , I111i1II ) :
   if 46 - 46: I1IiiI - I11i / OoooooooOO - i1IIi . i11iIiiIii
   if 15 - 15: II111iiii * oO0o % iII111i / i11iIiiIii - oO0o + Oo0Ooo
   if 9 - 9: I11i - oO0o + O0 / iII111i % i1IIi
   if 97 - 97: o0oOOo0O0Ooo * ooOoO0o
   if 78 - 78: I11i . OOooOOo + oO0o * iII111i - i1IIi
   if 27 - 27: Ii1I % i1IIi . Oo0Ooo % I1Ii111
   if 10 - 10: IiII / OoooooooOO
   if 50 - 50: i11iIiiIii - OoooooooOO . oO0o + O0 . i1IIi
   if oO0Ooooo000 not in ooo0OO0OOooO0 and OOoOi1IiiI != oO0Ooooo000 :
    ii1iiIi . append ( ( oO0Ooooo000 , OOoOi1IiiI ) )
    ooo0OO0OOooO0 . add ( oO0Ooooo000 )
    if 91 - 91: o0oOOo0O0Ooo . iII111i % Oo0Ooo - iII111i . oO0o % i11iIiiIii
    if 25 - 25: iIii1I11I1II1
 return ii1iiIi
 if 63 - 63: ooOoO0o
 if 96 - 96: I11i
class IIII ( object ) :
 if 17 - 17: O0 . OOooOOo
 if 63 - 63: iII111i
 if 11 - 11: iII111i - iIii1I11I1II1
 if 92 - 92: OoO0O00
 if 15 - 15: IiII / IiII + iIii1I11I1II1 % OoooooooOO
 def __init__ ( self , vba_code ) :
  if 12 - 12: ooOoO0o
  self . code = i1i1iIII11i ( vba_code )
  if 36 - 36: I1Ii111 . IiII * OoooooooOO - o0oOOo0O0Ooo
  if 60 - 60: OOooOOo . iII111i / iIii1I11I1II1 + OOooOOo * I1Ii111
  if 82 - 82: i11iIiiIii . iIii1I11I1II1 * I1IiiI - I11i + Ii1I
  if 48 - 48: I1ii11iIi11i
  if 96 - 96: ooOoO0o . OoooooooOO
  self . code_hex = ''
  self . code_hex_rev = ''
  self . code_rev_hex = ''
  self . code_base64 = ''
  self . code_dridex = ''
  self . code_vba = ''
  self . strReverse = None
  if 39 - 39: OOooOOo + OoO0O00
  self . results = None
  self . autoexec_keywords = None
  self . suspicious_keywords = None
  self . iocs = None
  self . hex_strings = None
  self . base64_strings = None
  self . dridex_strings = None
  self . vba_strings = None
  if 80 - 80: OOooOOo % OoO0O00 / OoOoOO00
  if 54 - 54: Oo0Ooo % OoO0O00 - OOooOOo - I11i
 def scan ( self , include_decoded_strings = False ) :
  if 71 - 71: ooOoO0o . i11iIiiIii
  self . hex_strings = oO0OOO00 ( self . code )
  if 56 - 56: O0 * iII111i + iII111i * iIii1I11I1II1 / ooOoO0o * I1Ii111
  if 25 - 25: iIii1I11I1II1 . I11i * i11iIiiIii + Oo0Ooo * I11i
  if 67 - 67: iII111i
  if 88 - 88: Oo0Ooo
  if 8 - 8: I1ii11iIi11i
  if 82 - 82: OoooooooOO
  if 75 - 75: II111iiii % I1IiiI + OOooOOo % OoooooooOO / IiII
  if 4 - 4: i11iIiiIii - OOooOOo % I1ii11iIi11i * I1Ii111 % o0oOOo0O0Ooo
  if 71 - 71: ooOoO0o . ooOoO0o - iIii1I11I1II1
  if 22 - 22: OoooooooOO / I1ii11iIi11i % iII111i * OoOoOO00
  self . strReverse = False
  if 'strreverse' in self . code . lower ( ) : self . strReverse = True
  if 32 - 32: OoooooooOO % oO0o % iIii1I11I1II1 / O0
  for oO0Ooooo000 , OOoOi1IiiI in self . hex_strings :
   self . code_hex += '\n' + OOoOi1IiiI
   if 61 - 61: II111iiii . O0 - Ii1I - I1ii11iIi11i / i11iIiiIii - II111iiii
   if self . strReverse :
    if 98 - 98: Ii1I - I1IiiI . i11iIiiIii * Oo0Ooo
    self . code_hex_rev += '\n' + OOoOi1IiiI [ : : - 1 ]
    if 29 - 29: Ii1I / ooOoO0o % I11i
    self . code_rev_hex += '\n' + binascii . unhexlify ( oO0Ooooo000 [ : : - 1 ] )
    if 10 - 10: iIii1I11I1II1 % OoooooooOO % I1ii11iIi11i
    if 39 - 39: II111iiii * OoOoOO00 . O0 * I11i
    if 89 - 89: Ii1I - ooOoO0o . I11i - I1Ii111 - I1IiiI
  self . base64_strings = iiIIIi1i ( self . code )
  for oO0Ooooo000 , OOoOi1IiiI in self . base64_strings :
   self . code_base64 += '\n' + OOoOi1IiiI
   if 79 - 79: IiII + IiII + Ii1I
  self . dridex_strings = Iiiii1Iii1I ( self . code )
  for oO0Ooooo000 , OOoOi1IiiI in self . dridex_strings :
   self . code_dridex += '\n' + OOoOi1IiiI
   if 39 - 39: O0 - OoooooooOO
  self . vba_strings = o00o0o000Oo ( self . code )
  for oO0Ooooo000 , OOoOi1IiiI in self . vba_strings :
   self . code_vba += '\n' + OOoOi1IiiI
  ii1iiIi = [ ]
  self . autoexec_keywords = [ ]
  self . suspicious_keywords = [ ]
  self . iocs = [ ]
  if 63 - 63: iIii1I11I1II1 % o0oOOo0O0Ooo * ooOoO0o
  for oo0 , iii1iI in (
 ( self . code , None ) ,
 ( self . code_hex , 'Hex' ) ,
 ( self . code_hex_rev , 'Hex+StrReverse' ) ,
 ( self . code_rev_hex , 'StrReverse+Hex' ) ,
 ( self . code_base64 , 'Base64' ) ,
 ( self . code_dridex , 'Dridex' ) ,
 ( self . code_vba , 'VBA expression' ) ,
 ) :
   self . autoexec_keywords += OoOoooo0O ( oo0 , iii1iI )
   self . suspicious_keywords += o0oOoO00 ( oo0 , iii1iI )
   self . iocs += Ii11III ( oo0 , iii1iI )
   if 26 - 26: iIii1I11I1II1 - I1ii11iIi11i . IiII . IiII + iIii1I11I1II1 * Oo0Ooo
   if 85 - 85: OOooOOo + II111iiii - OOooOOo * oO0o - i1IIi % iII111i
  if self . hex_strings :
   self . suspicious_keywords . append ( ( 'Hex Strings' ,
 'Hex-encoded strings were detected, may be used to obfuscate strings (option --decode to see all)' ) )
  if self . base64_strings :
   self . suspicious_keywords . append ( ( 'Base64 Strings' ,
 'Base64-encoded strings were detected, may be used to obfuscate strings (option --decode to see all)' ) )
  if self . dridex_strings :
   self . suspicious_keywords . append ( ( 'Dridex Strings' ,
 'Dridex-encoded strings were detected, may be used to obfuscate strings (option --decode to see all)' ) )
  if self . vba_strings :
   self . suspicious_keywords . append ( ( 'VBA obfuscated Strings' ,
 'VBA string expressions were detected, may be used to obfuscate strings (option --decode to see all)' ) )
   if 1 - 1: OoooooooOO / O0 + OoOoOO00 + OoOoOO00 . I1Ii111 - OoOoOO00
  I11iii1I1Iiii = set ( )
  for i1iI1Ii11Ii1 , o0oO00o in self . autoexec_keywords :
   if i1iI1Ii11Ii1 not in I11iii1I1Iiii :
    ii1iiIi . append ( ( 'AutoExec' , i1iI1Ii11Ii1 , o0oO00o ) )
    I11iii1I1Iiii . add ( i1iI1Ii11Ii1 )
  I11iii1I1Iiii = set ( )
  for i1iI1Ii11Ii1 , o0oO00o in self . suspicious_keywords :
   if i1iI1Ii11Ii1 not in I11iii1I1Iiii :
    ii1iiIi . append ( ( 'Suspicious' , i1iI1Ii11Ii1 , o0oO00o ) )
    I11iii1I1Iiii . add ( i1iI1Ii11Ii1 )
  I11iii1I1Iiii = set ( )
  for O00O00 , I1iIII1IiiI in self . iocs :
   if I1iIII1IiiI not in I11iii1I1Iiii :
    ii1iiIi . append ( ( 'IOC' , I1iIII1IiiI , O00O00 ) )
    I11iii1I1Iiii . add ( I1iIII1IiiI )
    if 47 - 47: i11iIiiIii / Oo0Ooo - Oo0Ooo * OoO0O00
    if 48 - 48: IiII
  for oO0Ooooo000 , OOoOi1IiiI in self . hex_strings :
   if include_decoded_strings or i1oO ( OOoOi1IiiI ) :
    ii1iiIi . append ( ( 'Hex String' , OOoOi1IiiI , oO0Ooooo000 ) )
  for oO0Ooooo000 , OOoOi1IiiI in self . base64_strings :
   if include_decoded_strings or i1oO ( OOoOi1IiiI ) :
    ii1iiIi . append ( ( 'Base64 String' , OOoOi1IiiI , oO0Ooooo000 ) )
  for oO0Ooooo000 , OOoOi1IiiI in self . dridex_strings :
   if include_decoded_strings or i1oO ( OOoOi1IiiI ) :
    ii1iiIi . append ( ( 'Dridex string' , OOoOi1IiiI , oO0Ooooo000 ) )
  for oO0Ooooo000 , OOoOi1IiiI in self . vba_strings :
   if include_decoded_strings or i1oO ( OOoOi1IiiI ) :
    ii1iiIi . append ( ( 'VBA string' , OOoOi1IiiI , oO0Ooooo000 ) )
  self . results = ii1iiIi
  return ii1iiIi
  if 96 - 96: oO0o / O0 . II111iiii + IiII % o0oOOo0O0Ooo
 def scan_summary ( self ) :
  if 67 - 67: O0 % I1Ii111
  if self . results is None :
   if 35 - 35: I1IiiI . OoOoOO00 + OoooooooOO % Oo0Ooo % OOooOOo
   if 39 - 39: Ii1I
   if 60 - 60: OOooOOo
   if 62 - 62: I1Ii111 * I11i
   if 74 - 74: OoOoOO00 . iIii1I11I1II1
   if 87 - 87: ooOoO0o
   if 41 - 41: OoOoOO00 . iIii1I11I1II1 % ooOoO0o + O0
   if 22 - 22: o0oOOo0O0Ooo + Oo0Ooo . ooOoO0o + I1ii11iIi11i * iII111i . i11iIiiIii
   self . scan ( )
  return ( len ( self . autoexec_keywords ) , len ( self . suspicious_keywords ) ,
 len ( self . iocs ) , len ( self . hex_strings ) , len ( self . base64_strings ) ,
 len ( self . dridex_strings ) , len ( self . vba_strings ) )
  if 90 - 90: OOooOOo * OoOoOO00 - Oo0Ooo + o0oOOo0O0Ooo
  if 53 - 53: OoooooooOO . OoooooooOO + o0oOOo0O0Ooo - iII111i + OOooOOo
def i1111iIII ( vba_code , include_decoded_strings ) :
 return IIII ( vba_code ) . scan ( include_decoded_strings )
 if 50 - 50: O0 * I1ii11iIi11i + II111iiii . i1IIi + OoOoOO00
 if 39 - 39: iIii1I11I1II1 + ooOoO0o
 if 92 - 92: I11i % i11iIiiIii % Oo0Ooo
 if 23 - 23: II111iiii * iII111i
 if 80 - 80: I1Ii111 / i11iIiiIii + OoooooooOO
 if 38 - 38: I1ii11iIi11i % ooOoO0o + i1IIi * OoooooooOO * oO0o
 if 83 - 83: iIii1I11I1II1 - ooOoO0o - I1Ii111 / OoO0O00 - O0
 if 81 - 81: Ii1I - oO0o * I1ii11iIi11i / I1Ii111
 if 21 - 21: OoO0O00
 if 63 - 63: I11i . O0 * I11i + iIii1I11I1II1
 if 46 - 46: i1IIi + II111iiii * i1IIi - Ii1I
 if 79 - 79: II111iiii - oO0o * I1ii11iIi11i - OoOoOO00 . I1ii11iIi11i
 if 11 - 11: O0 * OoOoOO00
 if 37 - 37: OoOoOO00 + O0 . O0 * Oo0Ooo % I1Ii111 / iII111i
 if 18 - 18: OoooooooOO
class O0oOo00oooO ( object ) :
 if 16 - 16: i1IIi . i1IIi / I1Ii111 % OoOoOO00 / I1IiiI * I1ii11iIi11i
 if 30 - 30: o0oOOo0O0Ooo + OoooooooOO + OOooOOo / II111iiii * Oo0Ooo
 if 59 - 59: Ii1I / OoOoOO00 * OoO0O00 * iII111i % oO0o
 if 61 - 61: Oo0Ooo - O0 - OoooooooOO
 if 4 - 4: II111iiii - oO0o % Oo0Ooo * i11iIiiIii
 if 18 - 18: Oo0Ooo % O0
 if 66 - 66: iIii1I11I1II1 % i11iIiiIii / I1IiiI
 if 47 - 47: I1ii11iIi11i * oO0o + iIii1I11I1II1 - oO0o / IiII
 if 86 - 86: IiII
 if 43 - 43: I1IiiI / iII111i / ooOoO0o + iIii1I11I1II1 + OoooooooOO
 if 33 - 33: II111iiii - IiII - ooOoO0o
 if 92 - 92: OoO0O00 * IiII
 def __init__ ( self , filename , data = None , container = None ) :
  if 92 - 92: oO0o
  if 7 - 7: iII111i
  if 73 - 73: OoO0O00 % I1ii11iIi11i
  if data is None :
   if 32 - 32: OOooOOo + iII111i + iIii1I11I1II1 * Oo0Ooo
   if 62 - 62: i11iIiiIii
   if 2 - 2: I1IiiI
   if 69 - 69: OoooooooOO / Oo0Ooo * I1Ii111
   if 99 - 99: II111iiii * iIii1I11I1II1 % O0 * oO0o / II111iiii % OoooooooOO
   if 14 - 14: IiII . IiII % ooOoO0o
   if 42 - 42: o0oOOo0O0Ooo . OOooOOo - ooOoO0o
   if 33 - 33: II111iiii / O0 / IiII - I11i - i1IIi
   if 8 - 8: i11iIiiIii . iII111i / iIii1I11I1II1 / I1ii11iIi11i / IiII - Ii1I
   if 32 - 32: o0oOOo0O0Ooo . i1IIi * Oo0Ooo
   if 98 - 98: Ii1I - II111iiii / I1IiiI . oO0o * IiII . I11i
   if 25 - 25: i11iIiiIii / OoOoOO00 - I1Ii111 / OoO0O00 . o0oOOo0O0Ooo . o0oOOo0O0Ooo
   if 6 - 6: oO0o . I11i
   iIIII1 = filename
  else :
   if 65 - 65: O0 / II111iiii . iIii1I11I1II1 . oO0o / Oo0Ooo % iIii1I11I1II1
   iIIII1 = cStringIO . StringIO ( data )
   if 74 - 74: i1IIi / I1IiiI % I1ii11iIi11i / O0 % I11i - OoOoOO00
  self . ole_file = None
  self . ole_subfiles = [ ]
  self . filename = filename
  self . container = container
  self . type = None
  self . vba_projects = None
  self . contains_macros = None
  self . vba_code_all_modules = None
  if 31 - 31: I1IiiI / OoooooooOO . iIii1I11I1II1 * OoOoOO00 . OoooooooOO + II111iiii
  self . modules = None
  if 8 - 8: I1ii11iIi11i * I1ii11iIi11i * i1IIi + iII111i . I1ii11iIi11i
  self . analysis_results = None
  if 100 - 100: OoooooooOO - O0 . I11i / I11i + II111iiii * OoOoOO00
  self . nb_macros = 0
  self . nb_autoexec = 0
  self . nb_suspicious = 0
  self . nb_iocs = 0
  self . nb_hexstrings = 0
  self . nb_base64strings = 0
  self . nb_dridexstrings = 0
  self . nb_vbastrings = 0
  if 37 - 37: Oo0Ooo
  if 72 - 72: IiII % I1ii11iIi11i * OOooOOo . i11iIiiIii % IiII * OOooOOo
  if 15 - 15: I11i / Oo0Ooo * I11i
  if 20 - 20: ooOoO0o - OOooOOo * OoO0O00 * o0oOOo0O0Ooo * OOooOOo / IiII
  if 40 - 40: I1IiiI * o0oOOo0O0Ooo . I1IiiI
  if 62 - 62: ooOoO0o + II111iiii % ooOoO0o
  if 50 - 50: OoooooooOO + oO0o * I1IiiI - Ii1I / i11iIiiIii
  if 5 - 5: O0 - I1IiiI
  if 44 - 44: II111iiii . II111iiii + OOooOOo * Ii1I
  if olefile . isOleFile ( iIIII1 ) :
   if 16 - 16: II111iiii
   logging . info ( 'Opening OLE file %s' % self . filename )
   if 100 - 100: O0 - i1IIi
   self . type = II
   if 48 - 48: oO0o % ooOoO0o + O0
   self . ole_file = olefile . OleFileIO ( iIIII1 , path_encoding = None )
   if 27 - 27: I1ii11iIi11i / OOooOOo
  elif zipfile . is_zipfile ( iIIII1 ) :
   if 33 - 33: OoooooooOO % I1ii11iIi11i . O0 / I1ii11iIi11i
   if 63 - 63: IiII + iIii1I11I1II1 + I1IiiI + I1Ii111
   if 72 - 72: OoO0O00 + i11iIiiIii + I1ii11iIi11i
   if 96 - 96: oO0o % i1IIi / o0oOOo0O0Ooo
   logging . info ( 'Opening ZIP/OpenXML file %s' % self . filename )
   self . type = o0Oo0oO0oOO00
   Ii1IIi11 = zipfile . ZipFile ( iIIII1 )
   if 47 - 47: O0
   if 83 - 83: O0 + OoOoOO00 / O0 / I11i
   if 68 - 68: i1IIi . I11i . i1IIi + IiII % I1IiiI
   for IIoO in Ii1IIi11 . namelist ( ) :
    iI1I = Ii1IIi11 . open ( IIoO ) . read ( len ( olefile . MAGIC ) )
    if iI1I == olefile . MAGIC :
     logging . debug ( 'Opening OLE file %s within zip' % IIoO )
     i111I1 = Ii1IIi11 . open ( IIoO ) . read ( )
     try :
      self . ole_subfiles . append ( O0oOo00oooO ( filename = IIoO , data = i111I1 ) )
     except :
      logging . debug ( '%s is not a valid OLE file' % IIoO )
      continue
   Ii1IIi11 . close ( )
  else :
   if 69 - 69: OoO0O00 - OoooooooOO - OOooOOo % I11i / OoOoOO00 - II111iiii
   if 67 - 67: OOooOOo + OOooOOo + OoO0O00 . i11iIiiIii + I1ii11iIi11i + i11iIiiIii
   if data is None :
    data = open ( filename , 'rb' ) . read ( )
    if 31 - 31: oO0o * I1Ii111 . OoOoOO00 * I11i
   I1II1I = data . lower ( )
   if 7 - 7: I11i + I11i + II111iiii % Ii1I
   if 31 - 31: oO0o * OoOoOO00 + OOooOOo
   if 'http://schemas.microsoft.com/office/word/2003/wordml' in data :
    logging . info ( 'Opening Word 2003 XML file %s' % self . filename )
    try :
     if 58 - 58: o0oOOo0O0Ooo % I1IiiI . I1IiiI * OoO0O00 - IiII . OoooooooOO
     if 10 - 10: I1Ii111
     I11i1i11IiIi1 = ET . fromstring ( data )
     if 8 - 8: iII111i - I1IiiI * Oo0Ooo % I1ii11iIi11i * OoooooooOO
     self . type = oo00OO0000oO
     if 26 - 26: i1IIi / iII111i . iII111i
     for I1i11IIIi in I11i1i11IiIi1 . getiterator ( I1iiii1I ) :
      if 19 - 19: oO0o * iII111i + OoOoOO00 - oO0o + I1ii11iIi11i
      if 14 - 14: OoO0O00
      if 38 - 38: O0
      ooOi1i1i11iI11II = I1i11IIIi . get ( OOo0 , 'noname.mso' )
      if 6 - 6: OoOoOO00 . II111iiii * I1IiiI . I1IiiI / Ii1I
      I1I1ii1111 = binascii . a2b_base64 ( I1i11IIIi . text )
      if OOoo0oo ( I1I1ii1111 ) :
       if 4 - 4: I1ii11iIi11i * O0 - I1Ii111 - i11iIiiIii / o0oOOo0O0Ooo . OOooOOo
       if 44 - 44: ooOoO0o * i11iIiiIii
       i111I1 = OO0O0ooOOO00 ( I1I1ii1111 )
       try :
        self . ole_subfiles . append ( O0oOo00oooO ( filename = ooOi1i1i11iI11II , data = i111I1 ) )
       except :
        logging . error ( '%s does not contain a valid OLE file' % ooOi1i1i11iI11II )
      else :
       logging . error ( '%s is not a valid MSO file' % ooOi1i1i11iI11II )
    except :
     if 6 - 6: o0oOOo0O0Ooo % OOooOOo * I1ii11iIi11i % Ii1I . OOooOOo
     logging . exception ( 'Failed XML parsing for file %r' % self . filename )
     pass
     if 43 - 43: OoO0O00 . ooOoO0o * Oo0Ooo
     if 20 - 20: i1IIi . i1IIi - I11i
     if 89 - 89: ooOoO0o - I11i . O0 % OoooooooOO . i11iIiiIii
     if 35 - 35: II111iiii / OoOoOO00 - O0 . II111iiii
     if 55 - 55: Oo0Ooo % i1IIi * I11i
     if 95 - 95: OOooOOo / II111iiii - o0oOOo0O0Ooo % I1Ii111 . I11i
   if self . type is None and 'mime' in I1II1I and 'version' in I1II1I and 'multipart' in I1II1I :
    logging . info ( 'Opening MHTML file %s' % self . filename )
    try :
     if 63 - 63: iIii1I11I1II1 / ooOoO0o
     if 24 - 24: Oo0Ooo / iIii1I11I1II1 % OOooOOo * OoOoOO00 - iIii1I11I1II1
     iI1ii = data . lstrip ( '\r\n\t ' )
     oOoooOooOOoO = email . message_from_string ( iI1ii )
     self . type = I1II1
     if 90 - 90: iII111i * Ii1I - iII111i + OoO0O00 + I11i % O0
     for i111IIIIiI in oOoooOooOOoO . walk ( ) :
      Oo0oOOO = i111IIIIiI . get_content_type ( )
      ooOi1i1i11iI11II = i111IIIIiI . get_filename ( None )
      if 62 - 62: Ii1I - oO0o % iIii1I11I1II1
      logging . debug ( 'MHTML part: filename=%r, content-type=%r' % ( ooOi1i1i11iI11II , Oo0oOOO ) )
      ooOOO = i111IIIIiI . get_payload ( decode = True )
      if 97 - 97: i1IIi * I1Ii111 . II111iiii
      if 62 - 62: OoooooooOO . Ii1I
      if 28 - 28: oO0o . oO0o . iIii1I11I1II1 . OOooOOo . I1ii11iIi11i * i11iIiiIii
      if 72 - 72: I11i
      if 26 - 26: IiII % Oo0Ooo
      if isinstance ( ooOOO , str ) and OOoo0oo ( ooOOO ) :
       logging . debug ( 'Found ActiveMime header, decompressing MSO container' )
       try :
        i111I1 = OO0O0ooOOO00 ( ooOOO )
        try :
         if 72 - 72: O0 + o0oOOo0O0Ooo + I1IiiI / Oo0Ooo
         if 83 - 83: IiII - I1IiiI . Ii1I
         self . ole_subfiles . append ( O0oOo00oooO ( filename = ooOi1i1i11iI11II , data = i111I1 ) )
        except :
         logging . debug ( '%s does not contain a valid OLE file' % ooOi1i1i11iI11II )
       except :
        logging . exception ( 'Failed decompressing an MSO container in %r - %s'
 % ( ooOi1i1i11iI11II , o00oo0 ) )
        if 34 - 34: OoOoOO00 - oO0o * OoooooooOO
    except :
     logging . exception ( 'Failed MIME parsing for file %r - %s'
 % ( self . filename , o00oo0 ) )
     pass
     if 5 - 5: i11iIiiIii * iII111i - Ii1I - I1ii11iIi11i - i1IIi + iII111i
     if 4 - 4: ooOoO0o + O0 . i1IIi * I1ii11iIi11i - o0oOOo0O0Ooo
     if 42 - 42: o0oOOo0O0Ooo * OoOoOO00 . OoO0O00 - iII111i / II111iiii
     if 25 - 25: Oo0Ooo % OoOoOO00
  if self . type is None :
   o00O = '%s is not a supported file type, cannot extract VBA Macros.' % self . filename
   logging . error ( o00O )
   raise TypeError ( o00O )
   if 36 - 36: OOooOOo * OoO0O00 - I1ii11iIi11i + iII111i
 def find_vba_projects ( self ) :
  if 13 - 13: OoO0O00 % iIii1I11I1II1 - II111iiii / I1IiiI
  if self . ole_file is None :
   if 9 - 9: I1ii11iIi11i * Ii1I - IiII
   if 88 - 88: iIii1I11I1II1
   if 27 - 27: I11i * i11iIiiIii . OOooOOo + ooOoO0o
   if 14 - 14: I1Ii111 * OoO0O00 + I11i - IiII . I1ii11iIi11i * oO0o
   if 100 - 100: I11i
   if 36 - 36: OoO0O00 + II111iiii * OoOoOO00
   if 14 - 14: I1Ii111 % I1Ii111
   if 9 - 9: Oo0Ooo - Oo0Ooo - o0oOOo0O0Ooo + I1Ii111 - II111iiii . I1IiiI
   if 57 - 57: iII111i - I1IiiI + OoooooooOO / iII111i . ooOoO0o % i1IIi
   if 52 - 52: O0 - iIii1I11I1II1 / OoO0O00 / IiII
   if 29 - 29: Ii1I * OOooOOo * i1IIi . Ii1I * I1Ii111 . ooOoO0o
   if 54 - 54: iII111i . i1IIi . I1ii11iIi11i * o0oOOo0O0Ooo % iII111i
   if 30 - 30: I11i
   if 85 - 85: II111iiii + ooOoO0o * I11i
   if 12 - 12: Ii1I . I1IiiI % o0oOOo0O0Ooo
   if 28 - 28: Ii1I - I1IiiI % OoO0O00 * I1Ii111
   if 80 - 80: OOooOOo * IiII
   return None
   if 4 - 4: iIii1I11I1II1 . I1Ii111 + II111iiii % OoooooooOO
   if 82 - 82: OoooooooOO / ooOoO0o * I11i * O0 . I1ii11iIi11i
  if self . vba_projects is not None :
   return self . vba_projects
   if 21 - 21: II111iiii + Oo0Ooo
   if 59 - 59: OOooOOo + I1IiiI / II111iiii / OoOoOO00
   if 80 - 80: OoOoOO00 + iIii1I11I1II1 . IiII
   if 76 - 76: I1IiiI * OOooOOo
   if 12 - 12: iIii1I11I1II1 / I11i % Ii1I
   if 49 - 49: OoO0O00 + II111iiii / IiII - O0 % Ii1I
   if 27 - 27: OoO0O00 + Oo0Ooo
   if 92 - 92: I1IiiI % iII111i
   if 31 - 31: OoooooooOO - oO0o / I1Ii111
   if 62 - 62: i11iIiiIii - I11i
   if 81 - 81: I11i
   if 92 - 92: OOooOOo - Oo0Ooo - OoooooooOO / IiII - i1IIi
   if 81 - 81: i1IIi / I1Ii111 % i11iIiiIii . iIii1I11I1II1 * OoOoOO00 + OoooooooOO
   if 31 - 31: i1IIi % II111iiii
   if 13 - 13: iIii1I11I1II1 - II111iiii % O0 . Ii1I % OoO0O00
   if 2 - 2: OoooooooOO - Ii1I % oO0o / I1IiiI / o0oOOo0O0Ooo
  self . vba_projects = [ ]
  if 3 - 3: II111iiii / OOooOOo
  i1IIiiIIIIi = self . ole_file
  for IiIIIi in i1IIiiIIIIi . listdir ( streams = False , storages = True ) :
   if 81 - 81: OoooooooOO . OoOoOO00 * iIii1I11I1II1 / OoOoOO00 - I1ii11iIi11i % i1IIi
   if IiIIIi [ - 1 ] . upper ( ) == 'VBA' :
    logging . debug ( 'Found VBA storage: %s' % ( '/' . join ( IiIIIi ) ) )
    oOooO = '/' . join ( IiIIIi [ : - 1 ] )
    if 41 - 41: OOooOOo
    if 76 - 76: I1IiiI - I1IiiI - o0oOOo0O0Ooo % ooOoO0o * O0
    if oOooO != '' :
     oOooO += '/'
    logging . debug ( 'Checking vba_root="%s"' % oOooO )
    if 11 - 11: Ii1I + I11i . OoO0O00 . i11iIiiIii * OoO0O00
    def I1IIiIi ( ole , vba_root , stream_path ) :
     OOOOoOoO = vba_root + stream_path
     if ole . exists ( OOOOoOoO ) and ole . get_type ( OOOOoOoO ) == olefile . STGTY_STREAM :
      logging . debug ( 'Found %s stream: %s' % ( stream_path , OOOOoOoO ) )
      return OOOOoOoO
     else :
      logging . debug ( 'Missing %s stream, this is not a valid VBA project structure' % stream_path )
      return False
      if 72 - 72: OoOoOO00 / I1Ii111 * IiII % iIii1I11I1II1
      if 53 - 53: OoO0O00 . O0 . I1IiiI * OOooOOo / o0oOOo0O0Ooo
    iiIIiI1 = I1IIiIi ( i1IIiiIIIIi , oOooO , 'PROJECT' )
    if not iiIIiI1 : continue
    if 28 - 28: I1ii11iIi11i * oO0o / II111iiii + OOooOOo - O0
    Iii1IoOo000Oo00o = I1IIiIi ( i1IIiiIIIIi , oOooO , 'VBA/_VBA_PROJECT' )
    if not Iii1IoOo000Oo00o : continue
    if 81 - 81: OoooooooOO
    ooOOOoOoOOOO = I1IIiIi ( i1IIiiIIIIi , oOooO , 'VBA/dir' )
    if not ooOOOoOoOOOO : continue
    if 32 - 32: IiII - ooOoO0o * iII111i * I11i
    logging . debug ( 'VBA root storage: "%s"' % oOooO )
    if 84 - 84: Ii1I + I1ii11iIi11i % I1IiiI + i11iIiiIii
    self . vba_projects . append ( ( oOooO , iiIIiI1 , ooOOOoOoOOOO ) )
  return self . vba_projects
  if 37 - 37: I11i % I1ii11iIi11i / ooOoO0o
 def detect_vba_macros ( self ) :
  if 94 - 94: I11i / OoO0O00 . o0oOOo0O0Ooo
  if 1 - 1: Oo0Ooo . II111iiii
  if 93 - 93: II111iiii . i11iIiiIii + II111iiii % oO0o
  if self . contains_macros is not None :
   if 98 - 98: I1Ii111 * oO0o * OoOoOO00 + Ii1I * iII111i
   if 4 - 4: IiII
   if 16 - 16: iIii1I11I1II1 * iII111i + oO0o . O0 . o0oOOo0O0Ooo
   if 99 - 99: i11iIiiIii - iII111i
   if 85 - 85: I1Ii111 % I1ii11iIi11i
   if 95 - 95: OoO0O00 * OOooOOo * iII111i . o0oOOo0O0Ooo
   if 73 - 73: OoO0O00
   if 28 - 28: OoooooooOO - I11i
   if 84 - 84: II111iiii
   if 36 - 36: OOooOOo - OoOoOO00 - iIii1I11I1II1
   if 10 - 10: I1ii11iIi11i / Ii1I * i1IIi % O0 + I11i
   if 25 - 25: I1Ii111 - Ii1I / O0 . OoooooooOO % I1IiiI . i1IIi
   if 19 - 19: II111iiii / II111iiii % I1ii11iIi11i + oO0o + oO0o + iII111i
   if 4 - 4: o0oOOo0O0Ooo + I11i / iII111i + i1IIi % o0oOOo0O0Ooo % iII111i
   if 80 - 80: Ii1I
   return self . contains_macros
   if 26 - 26: iIii1I11I1II1 . OoooooooOO - iIii1I11I1II1
  if self . ole_file is None :
   for oOo0O0 in self . ole_subfiles :
    if oOo0O0 . detect_vba_macros ( ) :
     self . contains_macros = True
     return True
     if 1 - 1: oO0o + I1Ii111 . I1IiiI
   self . contains_macros = False
   return False
   if 47 - 47: iII111i . OoOoOO00
  o0oOO0 = self . find_vba_projects ( )
  if len ( o0oOO0 ) == 0 :
   self . contains_macros = False
  else :
   self . contains_macros = True
  return self . contains_macros
  if 31 - 31: Ii1I * o0oOOo0O0Ooo * Ii1I + OoO0O00 * o0oOOo0O0Ooo . I1Ii111
 def extract_macros ( self ) :
  if self . ole_file is None :
   if 89 - 89: OoooooooOO * Ii1I * I1IiiI . ooOoO0o * Ii1I / iII111i
   if 46 - 46: i11iIiiIii
   if 15 - 15: O0 / i1IIi / i1IIi . iII111i % OoOoOO00 + I1IiiI
   if 48 - 48: I1Ii111 % iII111i % Ii1I % iIii1I11I1II1 . Ii1I
   if 14 - 14: iII111i * OoO0O00 % O0 + I11i + I1ii11iIi11i
   if 23 - 23: Oo0Ooo % iII111i + Ii1I - I1Ii111
   if 65 - 65: OoooooooOO
   if 22 - 22: OOooOOo + II111iiii + Oo0Ooo
   for oOo0O0 in self . ole_subfiles :
    for ii1iiIi in oOo0O0 . extract_macros ( ) :
     yield ii1iiIi
  else :
   self . find_vba_projects ( )
   for oOooO , iiIIiI1 , ooOOOoOoOOOO in self . vba_projects :
    if 83 - 83: ooOoO0o
    for i1Ii1i11ii , oO0O0oo , OOOOOOO00OO in ooOO0o ( self . ole_file , oOooO , iiIIiI1 ,
 ooOOOoOoOOOO ) :
     yield ( self . filename , i1Ii1i11ii , oO0O0oo , OOOOOOO00OO )
     if 68 - 68: I1IiiI
     if 94 - 94: iII111i / OoOoOO00 % II111iiii . iIii1I11I1II1
 def extract_all_macros ( self ) :
  if self . modules is None :
   if 49 - 49: OOooOOo * I1IiiI / II111iiii
   if 82 - 82: Oo0Ooo / I1IiiI . I1ii11iIi11i - Oo0Ooo
   if 4 - 4: O0 / I11i . OoO0O00 - ooOoO0o / OOooOOo
   if 25 - 25: I11i * OoOoOO00 - Oo0Ooo . ooOoO0o . oO0o
   if 89 - 89: O0 * I11i * OoO0O00
   if 3 - 3: OOooOOo / iII111i * iIii1I11I1II1 + II111iiii / o0oOOo0O0Ooo / IiII
   self . modules = [ ]
   for ( II1I11 , i1Ii1i11ii , oO0O0oo , OOOOOOO00OO ) in self . extract_macros ( ) :
    self . modules . append ( ( II1I11 , i1Ii1i11ii , oO0O0oo , OOOOOOO00OO ) )
  self . nb_macros = len ( self . modules )
  return self . modules
  if 28 - 28: I1Ii111 - II111iiii % i11iIiiIii + iIii1I11I1II1 + II111iiii
  if 60 - 60: i1IIi / I1IiiI . II111iiii . iII111i % oO0o - I1IiiI
  if 39 - 39: I1IiiI . OoO0O00 + I11i + OOooOOo / II111iiii % i11iIiiIii
 def analyze_macros ( self , show_decoded_strings = False ) :
  if self . detect_vba_macros ( ) :
   if 86 - 86: I1ii11iIi11i - i1IIi + Oo0Ooo * I1IiiI / i11iIiiIii % oO0o
   if 17 - 17: ooOoO0o + ooOoO0o . I1ii11iIi11i
   if 50 - 50: iIii1I11I1II1 * oO0o
   if 85 - 85: i1IIi
   if 100 - 100: OoooooooOO / I11i % OoO0O00 + Ii1I
   if self . analysis_results is not None :
    return self . analysis_results
    if 42 - 42: Oo0Ooo / IiII . Ii1I * I1IiiI
   if self . vba_code_all_modules is None :
    self . vba_code_all_modules = ''
    for ( II1I11 , i1Ii1i11ii , oO0O0oo , OOOOOOO00OO ) in self . extract_all_macros ( ) :
     if 54 - 54: OoOoOO00 * iII111i + OoO0O00
     self . vba_code_all_modules += OOOOOOO00OO + '\n'
     if 93 - 93: o0oOOo0O0Ooo / I1IiiI
   iII1IIIiI1I1 = IIII ( self . vba_code_all_modules )
   self . analysis_results = iII1IIIiI1I1 . scan ( show_decoded_strings )
   oOOo , III11iI1i11i , IIiI , OOoOo0oO0oo00 , OO , I1I , o0oO00O = iII1IIIiI1I1 . scan_summary ( )
   self . nb_autoexec += oOOo
   self . nb_suspicious += III11iI1i11i
   self . nb_iocs += IIiI
   self . nb_hexstrings += OOoOo0oO0oo00
   self . nb_base64strings += OO
   self . nb_dridexstrings += I1I
   self . nb_vbastrings += o0oO00O
   if 72 - 72: OoO0O00 - iIii1I11I1II1 . iII111i / Ii1I
  return self . analysis_results
  if 12 - 12: I1IiiI + I1Ii111
  if 80 - 80: oO0o . O0
  if 90 - 90: II111iiii / OoO0O00 / Ii1I
  if 70 - 70: Ii1I - II111iiii . Oo0Ooo / Oo0Ooo
  if 30 - 30: oO0o . OoO0O00 + I11i / iIii1I11I1II1 % Oo0Ooo / oO0o
 def close ( self ) :
  if self . ole_file is None :
   if 3 - 3: I1ii11iIi11i / II111iiii
   if 73 - 73: OoO0O00 * OoooooooOO - OoooooooOO + I1IiiI * Oo0Ooo
   if 87 - 87: o0oOOo0O0Ooo / IiII / i11iIiiIii
   if 95 - 95: i1IIi / Ii1I / Ii1I
   for oOo0O0 in self . ole_subfiles :
    oOo0O0 . close ( )
  else :
   self . ole_file . close ( )
   if 65 - 65: I1Ii111 + iII111i * iII111i
   if 79 - 79: i1IIi / Oo0Ooo - I1IiiI . O0
   if 56 - 56: IiII % O0 * i1IIi - II111iiii
class Oo0OoOOoo ( O0oOo00oooO ) :
 if 84 - 84: I1Ii111
 if 53 - 53: i1IIi
 if 59 - 59: o0oOOo0O0Ooo + I1IiiI % OoooooooOO - iIii1I11I1II1
 if 9 - 9: i1IIi - OoOoOO00
 if 57 - 57: iIii1I11I1II1 * Ii1I * iII111i / oO0o
 def __init__ ( self , filename , data = None , container = None ) :
  try :
   if 46 - 46: Ii1I
   if 61 - 61: o0oOOo0O0Ooo / ooOoO0o - II111iiii
   if 87 - 87: I1ii11iIi11i / I1IiiI
   if 45 - 45: OoOoOO00 * ooOoO0o / OoooooooOO + OoO0O00 . I1Ii111 / OoO0O00
   if 64 - 64: Ii1I / i1IIi % I1IiiI - o0oOOo0O0Ooo
   if 11 - 11: I1ii11iIi11i - OoooooooOO
   if 16 - 16: IiII % OoooooooOO - ooOoO0o * Ii1I - Ii1I
   if 27 - 27: IiII + iIii1I11I1II1 / Oo0Ooo + OoO0O00 % Oo0Ooo + OoO0O00
   if 77 - 77: Oo0Ooo * ooOoO0o % Ii1I
   if 2 - 2: I11i / Oo0Ooo / Ii1I / I1ii11iIi11i / OoooooooOO
   if 22 - 22: iIii1I11I1II1 * I1IiiI / I11i + OoOoOO00
   if 98 - 98: OOooOOo
   if 69 - 69: II111iiii + Oo0Ooo - oO0o . Oo0Ooo / iIii1I11I1II1 * iIii1I11I1II1
   if 75 - 75: OoO0O00 % OoooooooOO
   O0oOo00oooO . __init__ ( self , filename , data = data , container = container )
  except TypeError :
   if 16 - 16: O0 / i1IIi
   pass
   if 58 - 58: o0oOOo0O0Ooo / i11iIiiIii / O0 % I11i % I1IiiI
   if 86 - 86: IiII + OoOoOO00 / I1IiiI + I11i % I11i / i11iIiiIii
 def print_analysis ( self , show_decoded_strings = False ) :
  if 12 - 12: OoOoOO00 + o0oOOo0O0Ooo . I1Ii111
  if sys . stdout . isatty ( ) :
   if 52 - 52: OoO0O00
   if 4 - 4: Ii1I % I1ii11iIi11i + I11i - I1ii11iIi11i
   if 98 - 98: Ii1I - O0 * oO0o * Ii1I * Ii1I
   if 44 - 44: IiII + I11i
   if 66 - 66: oO0o
   if 34 - 34: iII111i % i11iIiiIii + i11iIiiIii - iII111i
   if 2 - 2: II111iiii + i1IIi
   print 'Analysis...\r' ,
   sys . stdout . flush ( )
  ii1iiIi = self . analyze_macros ( show_decoded_strings )
  if ii1iiIi :
   iII1111III1I = prettytable . PrettyTable ( ( 'Type' , 'Keyword' , 'Description' ) )
   iII1111III1I . align = 'l'
   iII1111III1I . max_width [ 'Type' ] = 10
   iII1111III1I . max_width [ 'Keyword' ] = 20
   iII1111III1I . max_width [ 'Description' ] = 39
   for oO0OO00 , i1iI1Ii11Ii1 , o0oO00o in ii1iiIi :
    if 16 - 16: OoooooooOO / oO0o . Ii1I * ooOoO0o - I1IiiI
    if not i1oO ( i1iI1Ii11Ii1 ) :
     i1iI1Ii11Ii1 = repr ( i1iI1Ii11Ii1 )
    if not i1oO ( o0oO00o ) :
     o0oO00o = repr ( o0oO00o )
    iII1111III1I . add_row ( ( oO0OO00 , i1iI1Ii11Ii1 , o0oO00o ) )
   print iII1111III1I
  else :
   print 'No suspicious keyword or IOC found.'
   if 32 - 32: I1IiiI / OoO0O00
   if 28 - 28: Oo0Ooo / IiII . iII111i + OoO0O00 + I11i % Oo0Ooo
 def reveal ( self ) :
  if 45 - 45: Oo0Ooo / O0 % OoooooooOO
  print 'MACRO SOURCE CODE WITH DEOBFUSCATED VBA STRINGS (EXPERIMENTAL):\n'
  if 92 - 92: Ii1I . OoOoOO00 . I11i - OoooooooOO / ooOoO0o
  ooOo0 = self . analyze_macros ( show_decoded_strings = False )
  if 41 - 41: I1Ii111 + OoO0O00 * I1IiiI * O0 * Oo0Ooo - OoOoOO00
  if 96 - 96: I1IiiI - iIii1I11I1II1
  ooOo0 = sorted ( ooOo0 , key = lambda Ii1o0OOOoo0000 : len ( Ii1o0OOOoo0000 [ 2 ] ) , reverse = True )
  if 19 - 19: OoooooooOO . I1IiiI + I1Ii111 - I1IiiI / I1IiiI % IiII
  IiIIIii1i1iI = self . vba_code_all_modules
  for oO0OO00 , OOoOi1IiiI , oO0Ooooo000 in ooOo0 :
   if oO0OO00 == 'VBA string' :
    if 99 - 99: iIii1I11I1II1 - oO0o - OoOoOO00 / iIii1I11I1II1 * Oo0Ooo - oO0o
    if 72 - 72: IiII % i1IIi / iIii1I11I1II1
    if 95 - 95: O0 . OoO0O00
    OOoOi1IiiI = OOoOi1IiiI . replace ( '"' , '""' )
    IiIIIii1i1iI = IiIIIii1i1iI . replace ( oO0Ooooo000 , '"%s"' % OOoOi1IiiI )
  print ''
  print IiIIIii1i1iI
  if 89 - 89: i1IIi
  if 19 - 19: ooOoO0o / o0oOOo0O0Ooo % IiII - Ii1I
  if 14 - 14: I1ii11iIi11i - i11iIiiIii * I1Ii111
 def process_file ( self , show_decoded_strings = False ,
 display_code = True , global_analysis = True , hide_attributes = True ,
 vba_code_only = False , show_deobfuscated_code = False ) :
  if 39 - 39: OoooooooOO
  if 19 - 19: i11iIiiIii
  if vba_code_only and not display_code :
   if 80 - 80: I1IiiI
   if 58 - 58: oO0o + I1ii11iIi11i % OoOoOO00
   if 22 - 22: iIii1I11I1II1 - Ii1I / I1IiiI * IiII
   if 26 - 26: o0oOOo0O0Ooo + OOooOOo - o0oOOo0O0Ooo + Oo0Ooo . oO0o
   if 97 - 97: i1IIi
   if 46 - 46: I1ii11iIi11i
   if 30 - 30: OoO0O00 / O0 * o0oOOo0O0Ooo * I1Ii111 + OoooooooOO * iII111i
   if 23 - 23: I11i
   if 36 - 36: IiII . iII111i - i1IIi + I1Ii111
   if 54 - 54: OoooooooOO . oO0o - iII111i
   if 76 - 76: I1Ii111
   display_code = True
  if self . container :
   O00o0 = '%s in %s' % ( self . filename , self . container )
  else :
   O00o0 = self . filename
  print '=' * 79
  print 'FILE:' , O00o0
  try :
   if 98 - 98: iIii1I11I1II1 + i11iIiiIii * I1ii11iIi11i / I1Ii111 / ooOoO0o - O0
   print 'Type:' , self . type
   if self . detect_vba_macros ( ) :
    if 42 - 42: iII111i
    for ( II1I11 , i1Ii1i11ii , oO0O0oo , OOOOOOO00OO ) in self . extract_all_macros ( ) :
     if hide_attributes :
      if 77 - 77: i1IIi * oO0o % OoooooooOO + O0 * ooOoO0o
      I11i1iiiiIIIi = I1iI1I1ii1 ( OOOOOOO00OO )
     else :
      I11i1iiiiIIIi = OOOOOOO00OO
     print '-' * 79
     print 'VBA MACRO %s ' % oO0O0oo
     print 'in file: %s - OLE stream: %s' % ( II1I11 , repr ( i1Ii1i11ii ) )
     if display_code :
      print '- ' * 39
      if 13 - 13: O0 + I1Ii111 * II111iiii + Oo0Ooo * IiII
      if I11i1iiiiIIIi . strip ( ) == '' :
       print '(empty macro)'
      else :
       print I11i1iiiiIIIi
     if not global_analysis and not vba_code_only :
      if 12 - 12: IiII - Ii1I % Ii1I
      raise NotImplementedError
      print '- ' * 39
      print 'ANALYSIS:'
      if 23 - 23: ooOoO0o
      self . print_analysis ( show_decoded_strings )
    if global_analysis and not vba_code_only :
     if 61 - 61: IiII + iII111i - OoO0O00 * oO0o
     self . print_analysis ( show_decoded_strings )
    if show_deobfuscated_code :
     self . reveal ( )
   else :
    print 'No VBA macros found.'
  except :
   if 87 - 87: II111iiii % II111iiii
   if 51 - 51: ooOoO0o * iIii1I11I1II1 . iII111i
   if 25 - 25: OOooOOo - Ii1I . I11i
   if 57 - 57: o0oOOo0O0Ooo + Oo0Ooo * I1ii11iIi11i - ooOoO0o % iIii1I11I1II1 - Ii1I
   traceback . print_exc ( )
  print ''
  if 37 - 37: OoO0O00 * I11i + Ii1I + I1ii11iIi11i * o0oOOo0O0Ooo
  if 95 - 95: Ii1I - i11iIiiIii % i11iIiiIii - O0 * I1Ii111
 def process_file_triage ( self ) :
  if 81 - 81: II111iiii * I1IiiI % i1IIi * i11iIiiIii + OoOoOO00
  oo0OoOO000O = ''
  if 62 - 62: i1IIi * iIii1I11I1II1 % oO0o % OoOoOO00 / OoooooooOO
  if 39 - 39: Oo0Ooo % iII111i
  if 90 - 90: I1IiiI * I1ii11iIi11i . I11i * Ii1I - o0oOOo0O0Ooo
  try :
   if self . type is not None :
    if 40 - 40: O0 / IiII - II111iiii + o0oOOo0O0Ooo % Oo0Ooo
    if self . detect_vba_macros ( ) :
     if 93 - 93: ooOoO0o
     if sys . stdout . isatty ( ) :
      print 'Analysis...\r' ,
      sys . stdout . flush ( )
     self . analyze_macros ( )
    OOo0O = ooo [ self . type ]
    IiI11iiIii = oOOo = III11iI1i11i = IIiI = OOoOo0oO0oo00 = i1IIII1II = I1I = O000oO00oO = '-'
    if self . nb_macros : IiI11iiIii = 'M'
    if self . nb_autoexec : oOOo = 'A'
    if self . nb_suspicious : III11iI1i11i = 'S'
    if self . nb_iocs : IIiI = 'I'
    if self . nb_hexstrings : OOoOo0oO0oo00 = 'H'
    if self . nb_base64strings : i1IIII1II = 'B'
    if self . nb_dridexstrings : I1I = 'D'
    if self . nb_vbastrings : O000oO00oO = 'V'
    OOo0O += '%s%s%s%s%s%s%s%s' % ( IiI11iiIii , oOOo , III11iI1i11i , IIiI , OOoOo0oO0oo00 ,
 i1IIII1II , I1I , O000oO00oO )
    if 96 - 96: IiII
    if 99 - 99: iIii1I11I1II1 - ooOoO0o
    if 79 - 79: I1IiiI + oO0o % I11i % oO0o
    if 56 - 56: I1ii11iIi11i + oO0o . OoO0O00 + OoooooooOO * I1ii11iIi11i - O0
    if 35 - 35: OOooOOo . I11i . I1Ii111 - I11i % I11i + I1Ii111
    if 99 - 99: o0oOOo0O0Ooo + OOooOOo
    if 34 - 34: I1Ii111 * o0oOOo0O0Ooo . I1IiiI % i11iIiiIii
    if 61 - 61: iIii1I11I1II1 + oO0o * I11i - i1IIi % oO0o
    if 76 - 76: oO0o / OoOoOO00
   else :
    if 12 - 12: I1Ii111
    if 58 - 58: OoO0O00 + iIii1I11I1II1 % O0 + I11i + OoOoOO00 * OoooooooOO
    OOo0O = '?'
    oo0OoOO000O = 'File format not supported'
  except :
   if 41 - 41: oO0o * I1IiiI
   if 76 - 76: oO0o . O0 * OoooooooOO + ooOoO0o
   if 53 - 53: Oo0Ooo
   if 3 - 3: IiII - OoooooooOO * OoooooooOO - I1IiiI / I1Ii111 * I1ii11iIi11i
   OOo0O = '!ERROR'
   oo0OoOO000O = sys . exc_value
  o0O = '%-12s %s' % ( OOo0O , self . filename )
  if oo0OoOO000O :
   o0O += ' - %s' % oo0OoOO000O
  print o0O
  if 58 - 58: IiII % iIii1I11I1II1 / i11iIiiIii % o0oOOo0O0Ooo . I1Ii111 * iII111i
  if 32 - 32: OoooooooOO + o0oOOo0O0Ooo
  if 91 - 91: ooOoO0o - I1Ii111 * I1Ii111
  if 55 - 55: iIii1I11I1II1 + I1IiiI - Oo0Ooo
  if 24 - 24: OoO0O00 / I1Ii111 + iII111i * I11i * iII111i
  if 10 - 10: I1IiiI - I1ii11iIi11i - Oo0Ooo - o0oOOo0O0Ooo
  if 21 - 21: OoooooooOO + I1Ii111
  if 43 - 43: i11iIiiIii . I1ii11iIi11i . oO0o
  if 31 - 31: Ii1I % o0oOOo0O0Ooo % I1Ii111 . I1ii11iIi11i / o0oOOo0O0Ooo * oO0o
  if 74 - 74: I1IiiI . ooOoO0o / iII111i . IiII
  if 74 - 74: Oo0Ooo / I1Ii111 % I1Ii111 . IiII
  if 72 - 72: i1IIi
  if 21 - 21: I1Ii111 . OOooOOo / i11iIiiIii * i1IIi
  if 82 - 82: ooOoO0o * Oo0Ooo % i11iIiiIii * i1IIi . OOooOOo
  if 89 - 89: IiII - i1IIi - IiII
  if 74 - 74: OoO0O00 % OoO0O00
  if 28 - 28: OoOoOO00 % oO0o - OOooOOo + OOooOOo + oO0o / iIii1I11I1II1
def oo0o ( ) :
 OOoOoo = 'usage: %prog [options] <filename> [filename2 ...]'
 if 83 - 83: I1ii11iIi11i * iIii1I11I1II1 + OoOoOO00 * i1IIi . OoooooooOO % Ii1I
 if 81 - 81: OoO0O00 - iIii1I11I1II1
 if 60 - 60: I1Ii111
 ooO0 = optparse . OptionParser ( usage = OOoOoo )
 if 35 - 35: Oo0Ooo * oO0o / OoooooooOO + O0 / OoooooooOO / OOooOOo
 if 44 - 44: i1IIi . I1ii11iIi11i - ooOoO0o . OOooOOo . o0oOOo0O0Ooo + oO0o
 if 17 - 17: iIii1I11I1II1 + i1IIi . I1ii11iIi11i + Ii1I % i1IIi . oO0o
 if 57 - 57: oO0o
 ooO0 . add_option ( "-r" , action = "store_true" , dest = "recursive" ,
 help = 'find files recursively in subdirectories.' )
 ooO0 . add_option ( "-z" , "--zip" , dest = 'zip_password' , type = 'str' , default = None ,
 help = 'if the file is a zip archive, open all files from it, using the provided password (requires Python 2.6+)' )
 ooO0 . add_option ( "-f" , "--zipfname" , dest = 'zip_fname' , type = 'str' , default = '*' ,
 help = 'if the file is a zip archive, file(s) to be opened within the zip. Wildcards * and ? are supported. (default:*)' )
 ooO0 . add_option ( "-t" , '--triage' , action = "store_true" , dest = "triage_mode" ,
 help = 'triage mode, display results as a summary table (default for multiple files)' )
 ooO0 . add_option ( "-d" , '--detailed' , action = "store_true" , dest = "detailed_mode" ,
 help = 'detailed mode, display full results (default for single file)' )
 ooO0 . add_option ( "-a" , '--analysis' , action = "store_false" , dest = "display_code" , default = True ,
 help = 'display only analysis results, not the macro source code' )
 ooO0 . add_option ( "-c" , '--code' , action = "store_true" , dest = "vba_code_only" , default = False ,
 help = 'display only VBA source code, do not analyze it' )
 ooO0 . add_option ( "-i" , "--input" , dest = 'input' , type = 'str' , default = None ,
 help = 'input file containing VBA source code to be analyzed (no parsing)' )
 ooO0 . add_option ( "--decode" , action = "store_true" , dest = "show_decoded_strings" ,
 help = 'display all the obfuscated strings with their decoded content (Hex, Base64, StrReverse, Dridex, VBA).' )
 ooO0 . add_option ( "--attr" , action = "store_false" , dest = "hide_attributes" , default = True ,
 help = 'display the attribute lines at the beginning of VBA source code' )
 ooO0 . add_option ( "--reveal" , action = "store_true" , dest = "show_deobfuscated_code" ,
 help = 'display the macro source code after replacing all the obfuscated strings by their decoded content.' )
 if 92 - 92: II111iiii - OoO0O00 - OOooOOo % I1IiiI - OoOoOO00 * I1Ii111
 if 16 - 16: iIii1I11I1II1 + OoooooooOO - ooOoO0o * IiII
 if 37 - 37: iII111i
 if 15 - 15: o0oOOo0O0Ooo % OoO0O00 / iII111i
 if 36 - 36: OoO0O00 + OoO0O00 % Oo0Ooo + Oo0Ooo / i1IIi % i1IIi
 if 20 - 20: OOooOOo * oO0o
 if 91 - 91: OoO0O00 % i1IIi - iIii1I11I1II1 . OOooOOo
 ( IIiiIiIIiI1 , I1IiI ) = ooO0 . parse_args ( )
 if 79 - 79: OoOoOO00 + IiII
 if 14 - 14: I1Ii111 / I11i - OOooOOo * O0 % IiII . O0
 if len ( I1IiI ) == 0 and not IIiiIiIIiI1 . input :
  print __doc__
  ooO0 . print_help ( )
  sys . exit ( )
  if 86 - 86: i1IIi * OoooooooOO
  if 22 - 22: I1Ii111 + iII111i - I11i + iIii1I11I1II1 / I1Ii111 - OoooooooOO
 print 'olevba %s - http://decalage.info/python/oletools' % __version__
 if 42 - 42: OoooooooOO - OoOoOO00 - OOooOOo * I1Ii111
 if 98 - 98: OoO0O00 . iIii1I11I1II1 % Oo0Ooo + OoooooooOO
 logging . basicConfig ( format = '%(levelname)s: %(message)s' , level = logging . WARNING )
 if 2 - 2: I1Ii111 % OoooooooOO - ooOoO0o * I1ii11iIi11i * IiII
 logging . disable ( logging . CRITICAL )
 if 99 - 99: iIii1I11I1II1 . Oo0Ooo / ooOoO0o . OOooOOo % I1IiiI * I11i
 if IIiiIiIIiI1 . input :
  if 95 - 95: oO0o
  raise NotImplementedError
  if 80 - 80: IiII
  print 'Analysis of VBA source code from %s:' % IIiiIiIIiI1 . input
  OOOOOOO00OO = open ( IIiiIiIIiI1 . input ) . read ( )
  print_analysis ( OOOOOOO00OO , show_decoded_strings = IIiiIiIIiI1 . show_decoded_strings )
  sys . exit ( )
  if 42 - 42: OoooooooOO * II111iiii
  if 53 - 53: I1Ii111 + i1IIi . OoO0O00 / i11iIiiIii + Ii1I % OoOoOO00
  if 9 - 9: ooOoO0o . I11i - Oo0Ooo . I1Ii111
  if 39 - 39: OOooOOo
  if 70 - 70: IiII % OoO0O00 % I1IiiI
  if 95 - 95: OoOoOO00 - I1Ii111 / O0 * I1IiiI - o0oOOo0O0Ooo
 if not IIiiIiIIiI1 . detailed_mode or IIiiIiIIiI1 . triage_mode :
  print '%-12s %-65s' % ( 'Flags' , 'Filename' )
  print '%-12s %-65s' % ( '-' * 11 , '-' * 65 )
  if 12 - 12: iIii1I11I1II1 % Oo0Ooo . iII111i . IiII % i11iIiiIii
 IIiI1I11ii1i = None
 o0o = 0
 ooIi1Iii1 = oOOO0oOoo = ooooI11iii1iIIIIi = None
 III1i1iiI1 = None
 for ooIi1Iii1 , oOOO0oOoo , ooooI11iii1iIIIIi in xglob . iter_files ( I1IiI , recursive = IIiiIiIIiI1 . recursive ,
 zip_password = IIiiIiIIiI1 . zip_password , zip_fname = IIiiIiIIiI1 . zip_fname ) :
  if 62 - 62: Ii1I . i11iIiiIii % O0 % I1Ii111 - Oo0Ooo
  if ooIi1Iii1 and oOOO0oOoo . endswith ( '/' ) :
   continue
   if 69 - 69: II111iiii . OoOoOO00 * OoOoOO00 % Ii1I + I1IiiI
  III1i1iiI1 = Oo0OoOOoo ( oOOO0oOoo , data = ooooI11iii1iIIIIi , container = ooIi1Iii1 )
  if IIiiIiIIiI1 . detailed_mode and not IIiiIiIIiI1 . triage_mode :
   if 100 - 100: i11iIiiIii - Oo0Ooo
   III1i1iiI1 . process_file ( show_decoded_strings = IIiiIiIIiI1 . show_decoded_strings ,
 display_code = IIiiIiIIiI1 . display_code , global_analysis = True ,
   hide_attributes = IIiiIiIIiI1 . hide_attributes , vba_code_only = IIiiIiIIiI1 . vba_code_only ,
 show_deobfuscated_code = IIiiIiIIiI1 . show_deobfuscated_code )
  else :
   if 47 - 47: iII111i * OoOoOO00 * IiII
   if ooIi1Iii1 != IIiI1I11ii1i :
    if ooIi1Iii1 is not None :
     print '\nFiles in %s:' % ooIi1Iii1
    IIiI1I11ii1i = ooIi1Iii1
    if 46 - 46: Ii1I
   III1i1iiI1 . process_file_triage ( )
  o0o += 1
 if not IIiiIiIIiI1 . detailed_mode or IIiiIiIIiI1 . triage_mode :
  print '\n(Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, ' 'A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, ' 'B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)\n'
  if 42 - 42: iIii1I11I1II1
  if 32 - 32: Oo0Ooo - Ii1I . OoooooooOO - OoooooooOO - Oo0Ooo . iIii1I11I1II1
  if 34 - 34: Oo0Ooo
 if o0o == 1 and not IIiiIiIIiI1 . triage_mode and not IIiiIiIIiI1 . detailed_mode :
  if 31 - 31: i1IIi - I11i + I1Ii111 + ooOoO0o . ooOoO0o . O0
  III1i1iiI1 . process_file ( show_decoded_strings = IIiiIiIIiI1 . show_decoded_strings ,
 display_code = IIiiIiIIiI1 . display_code , global_analysis = True ,
  hide_attributes = IIiiIiIIiI1 . hide_attributes , vba_code_only = IIiiIiIIiI1 . vba_code_only ,
 show_deobfuscated_code = IIiiIiIIiI1 . show_deobfuscated_code )
  if 33 - 33: i1IIi / iII111i * OoO0O00
  if 2 - 2: oO0o . OOooOOo
if __name__ == '__main__' :
 oo0o ( )
 if 43 - 43: iIii1I11I1II1
 if 29 - 29: IiII % ooOoO0o + OoO0O00 . i1IIi + I1IiiI
# dd678faae9ac167bc83abf78e5cb2f3f0688d3a3