Malware, short for “Malicious Software,” is software that can be used to disrupt computer operation, damage data, gather sensitive information, or gain access to private computer system without the user's knowledge or consent. Examples of such malware include software viruses, Trojan horses, rootkits, ransomware, etc. A common mechanism used by malware developers is to embed the malware into a file that is made to appear desirable to user, or is downloaded and executed when the user visit a website. For example, malware may be embedded into a software application that appears legitimate and useful. The user downloads the file, and when the file is opened, the malware within the file is executed. A file that contains malware can be referred to as malicious file.
In the face of the growing threat of malware, many anti-malware software packages were developed to detect malware in a user's files. Upon detection, the anti-malware software may notify the user of the presence of the malware, and may automatically remove or quarantine the malware. However, conventional system for detecting the malware requires significant time consumption to analyze an object file or data. While using a disassembly database, the program analysis load can be reduced because the file function can be compared with another file function, but it can be ineffective in detecting obfuscated malware. For these reasons, a need for an improved method for detecting malware, particularly without reducing system performance, exists.