In today's network security environment, creators of malware are aware that various anti-virus solutions may attempt to identify or investigate them, e.g., by creating a signature for a malware program. For these reasons, malware authors are using sophisticated obfuscation techniques to disguise their malware to appear one way on disk and appear a different way when executed in memory. For example, packer-based malware is malware that is modified on disk using various compression and/or encryption techniques to hide the code's real intention. Such packed malware is resilient to static analysis because on disk it may be non-identifiable.