| Abstract: | Embodiments of the invention describe systems and methods for malicious
software detection and analysis. A binary executable comprising
obfuscated malware on a host device may be received, and incident data
indicating a time when the binary executable was received and identifying
processes operating on the host device may be recorded. The binary
executable is analyzed via a scalable plurality of execution
environments, including one or more non-virtual execution environments
and one or more virtual execution environments, to generate runtime data
and deobfuscation data attributable to the binary executable. At least
some of the runtime data and deobfuscation data attributable to the
binary executable is stored in a shared database, while at least some of
the incident data is stored in a private, non-shared database. |