Dynamic Malware Analysis involves the observation of a malware sample at runtime, usually inside a sandbox, whereby probes are used to detect different actions performed by the malware in order to categorize its behaviour. However, Dynamic Analysis is limited in that it can only observe a single run of the malware at a time, and there is no way of telling whether the run demonstrated the complete set of behaviours contained in the malware. Exploitation of this drawback is on the increase by malware authors as the presence of hidden and trigger-based behaviours has become more widespread.peer-reviewe
