Files
Flamend_30191700_2023.pdf
Open access - Adobe PDF
- 2.24 MB
Details
- Supervisors
- Faculty
- Degree label
- Abstract
- In recent years, the emergence of malicious Excel files in email spam campaigns has introduced a new threat environment. These files leverage an older feature of Excel known as Excel 4.0 macros or XLM, which serves as the precursor to the widely known Virtual Basic Application (VBA). To address this evolving threat, a tool called Symbexcel was developed in 2022. Symbexcel uses the power of symbolic execution, a well-established method in security research, to unpack Excel files. This approach enables the exploration of various execution paths within the malware, providing valuable insights on its behavior. The primary objective of this thesis is to extend the capabilities of the SEMA-toolchain by the integration of Symbexcel. This integration leads to empower the toolchain in order to effectively analyze Excel files containing XLM macros. Additionally, this research aims to identify the underlying concepts behind the creation of such files, shedding light on the techniques and strategies employed by malware authors for obfuscation and infection. Furthermore, this work has the objective to present an overview of the analysis conducted on the sample dataset specifically created, using the combined SEMA toolchain and Symbexcel. The findings are presented, and potential areas for improvement and further research are explored.