Oblivion: an open-source system for large-scale analysis of macro-based office malware

Abstract: Macro-based Office files have been extensively used as infection vectors to embed malware. In particular, VBA macros allow leveraging kernel functions and system routines to execute or remotely drop malicious payloads, and they are typically heavily obfuscated to make static analysis unfeasible. Current state-of-the-art approaches focus on discriminating between malicious and benign Office files by performing static and dynamic analysis directly on obfuscated macros, focusing mainly on detection rather than re… Show more