With the large volume of malware in daily circulation, automated malware analysis environments are important tools in the detection of malicious files. An automated analysis environment enables automatic testing of submitted files without risk to production computers, e.g., by opening/running/analyzing files in a virtualized or sandboxed environment. A key concern with automated malware analysis environments is the time required to generate an accurate disposition of a file submitted for analysis. With so many files being analyzed, the time and resources utilized to make each determination adds up significantly. Furthermore, some versions of file readers, viewers and players used to open files in different formats being analyzed present a greater attack surface or contain a greater number of exploitable vulnerabilities than others (e.g., Adobe Reader versions 9.1 vs 10.3). If all or many versions of a program are used in automatic malware analysis, the time and resources per disposition increases. On the other hand, if only a small sample of available versions are used, automated malware analysis could fail to detect malicious files where the more vulnerable version(s) are omitted.
It would be desirable to address these issues.