According to one embodiment, a malware classification scheme operating with an electronic device, configured with one or more hardware processors and a memory that stores the software handling the malware classification scheme that is conducted through analysis of behavior-based rules, is described. This malware classification scheme (i) conducts a determination whether a sequence of rules correspond to potential malicious behaviors detected during analysis of a malware sample within one or more virtual machines, and in response to determining that the sequence of rules corresponds to potential malicious behaviors, (ii) conducts an attempt to classify the malware sample to at least one known malware family based on an analysis of the sequence of rules.