1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to dynamic analysis of malware.
2. Description of the Background Art
Malware may be detected using so-called dynamic analysis, which involves running and monitoring the behavior of the malware. The dynamic analysis is typically performed in a sandbox, such as a suitably-configured virtual machine. One problem with dynamic analysis is that the analysis is typically performed on a single execution path, making the analysis vulnerable to evasion techniques, such as evasion codes. Evasion codes allow the malware to perform normally, i.e., without performing malicious actions, unless the malware detects that it is running in a particular computing environment. This prevents malware with evasion code from being properly evaluated in a sandbox and other dynamic analysis platforms.