Techniques that leverage symbolic execution to automatically analyze and understand malicious XL4 macros is provided. Using symbolic execution, these techniques can automatically infer the “correct” values for environmental inputs that are employed by advanced XL4 malware for obfuscating their malicious payloads, thereby allowing for a complete analysis of such malware.