The disclosed computer-implemented method for trichotomous malware classification may include (1) identifying a sample potentially representing malware, (2) selecting a machine learning model trained on a set of samples to distinguish between malware samples and benign samples, (3) analyzing the sample using a plurality of stochastically altered versions of the machine learning model to produce a plurality of classification results, (4) calculating a variance of the plurality of classification results, and (5) classifying the sample based at least in part on the variance of the plurality of classification results. Various other methods, systems, and computer-readable media are also disclosed.