Many researchers analyze malware through static analysis and dynamic analysis technology, and combine it with excellent deep learning algorithm, which has achieved good results in malware classification. However, many researches only use the. ASM file generated by decompiler or. Bytes file represented by hexadecimal for feature extraction. This paper fully integrates the features of these two files, and uses word frequency and two deep learning algorithms to extract 184 opcode features and 16 probability features from ASM file and section file of Kaggle dataset respectively. Then, double byte feature coding method is used to fuse the features of the two files. Finally, convolution neural network is used to classify the fused samples. The experimental results show that the accuracy is 98.68% and the logarithm loss is 0.022.

许多研究人员通过静态分析和动态分析技术分析恶意软件，并结合优秀的深度学习算法，在恶意软件分类方面取得了良好的效果。然而，许多研究只使用了。反编译器生成的 ASM 文件或。用于特征提取的十六进制表示的字节文件。本文充分融合了这两个文件的特征，利用词频和两种深度学习算法分别从Kaggle数据集的ASM文件和节文件中提取了184个操作码特征和16个概率特征。然后，使用双字节特征编码方法融合两个文件的特征。最后，使用卷积神经网络对融合样本进行分类。实验结果表明，准确率为98.68%，对数损失为0.022。