Traditional static analysis struggles to detect highly obfuscated and polymorphic/metamorphic malware. To address this, we propose a deep learning–based classification method that dynamically visualizes API behavior. Our approach monitors Windows PE files during execution to capture fine-grained semantic features—including API call sequences, arguments, and return values—constructing temporal behavioral traces. These traces are uniquely encoded as grayscale images using the magma colormap, then fed into a convolutional neural network (CNN) for end-to-end classification. By tightly integrating runtime semantic representation with CNNs’ spatial feature extraction capability, our method achieves 98.36% average classification accuracy on standard benchmarks. It demonstrates significantly enhanced robustness against evasion techniques such as code obfuscation, packing, and anti-debugging, while effectively distinguishing both malicious software families and benign samples.

Malware detection and classification remains a topic of concern for cybersecurity, since it is becoming common for attackers to use advanced obfuscation on their malware to stay undetected. Conventional static analysis is not effective against polymorphic and metamorphic malware as these change their appearance without modifying their behavior, thus defying the analysis by code structure alone. This makes it important to use dynamic detection that monitors malware behavior at runtime. In this paper, we present a dynamic malware categorization framework that extracts API argument calls at the runtime execution of Windows Portable Executable (PE) files. Extracting and encoding the dynamic features of API names, argument return values, and other relative features, we convert raw behavioral data to temporal patterns. To enhance feature portrayal, the generated patterns are subsequently converted into grayscale pictures using a magma colormap. These improved photos are used to teach a Convolutional Neural Network (CNN) model discriminative features, which allows for reliable and accurate malware classification. Results from experiments indicate that our method, with an average accuracy of 98.36% is effective in classifying different classes of malware and benign by integrating dynamic analysis and deep learning. It not only achieves high classification accuracy but also demonstrates significant resilience against typical evasion strategies.