Malware, short for “malicious software,” is software that can be used to disrupt computer operations, damage data, gather sensitive information, or gain access to private computer systems without the user's knowledge or consent. Examples of such malware include software viruses, trojan horses, rootkits, ransomware etc. A common mechanism used by malware developers is to embed the malware into a file that is made to appear desirable to user, or is downloaded and executed when the user visits a web site. For example, malware may be embedded into a software application that appears legitimate and useful. The user downloads the file, and when the file is opened, the malware within the file is executed.
In the face of the growing threat of malware, many anti-malware software packages were developed to detect malware in a user's files. Upon detection, the anti-malware software may notify the user of the presence of the malware, and may automatically remove or quarantine the malware. Conventional anti-malware software is based on detecting a signature of the malware in a file. A signature is a distinctive pattern of bytes in the malware that identifies the software as potential malware.
In order to avoid detection by anti-malware software, sophisticated malware developers introduced polymorphism into their malware. Polymorphic malware refers to malware in which portions of the malware are automatically changed without changing the overall functioning of the malware. As a result of the polymorphic behavior, the malware does not have a consistent signature and is thus less likely to be detected by anti-malware software.