Embodiments of the present systems and methods may decide if a software file is malicious or benign, using properties of the file's overlay, if existing. For example, in an embodiment, a computer-implemented method for identifying malware in computer systems may comprise receiving a plurality of executable files labeled as being malicious or benign, training a machine learning model using properties extracted from overlays associated with each of the plurality of received labeled executable files, receiving an executable file that is not labeled, determining whether the received unlabeled executable file is malicious or benign using the trained machine learning model based on properties extracted from an overlay associated with the received unlabeled executable file, and transmitting information identifying the received unlabeled executable file as malicious when the received unlabeled executable file is determined to be malicious.
展开▼