Disclosed system and methods for detecting malware by performing behavioral malware analysis using malware trigger scenarios. In one aspect, a method for malware detection includes providing a plurality of malware trigger scenarios specifying different sets of malware trigger events known to trigger malicious behavior in malicious software. The method further includes executing a software program in a computer environment and creating one more malware trigger events as specified in the malware trigger scenarios. The method further includes monitoring execution events of the software program in the computer environment and determining based on the analysis of the monitored execution events whether the software program exhibits malicious behavior. When the software program exhibits malicious behavior, performing remedial actions on the software program. When the software program does not exhibit malicious behavior, selecting another scenario from the plurality of malware trigger scenarios for malware testing of the software program.