One computer security technique for dealing with unidentified and potentially harmful code is to execute the code in a sandbox where the behavior of the code can be observed without exposing a user or computer system to any harmful effects. As malware has become more sophisticated, anti-sandbox techniques have emerged in which, when malware detects that it is executing in a sandbox environment, the malware delays execution of harmful code in order to avoid detection.
There remains a need for improved malware detection that works around these anti-sandboxing techniques in order to properly characterize otherwise unidentified code.