System and method for detecting malignant code based on application program interface

The malware detection system that can detect infection occurring in the Windows environment are provided. According to the invention, the collected or extracted from the input analyte traffic first infection for storing a suspected malicious executable file management server; And to execute a first malignant suspicious executable files received from a malicious code management server extracts the 1 API (Application Program Interface) call information to malicious code is called and sends the extracted first 1 API call information to malicious code management server It includes a virtualization agent to analyze. Thus, by extracting and analyzing the API calls in the course of the infection is operating at the user level and kernel level, the existing behavior monitoring can detect not detect activity, it can be more specific actions can be analyzed.