Augmented machine learning malware detection based on static and dynamic analysis

The invention claimed is: 1. A computer implemented method for adjusted machine-learning malware detection based on static and dynamic analysis of a file, the method executed on a processor of a target computing system, the method comprising: classifying the file with a static analysis machine learning model based on static features extracted from the file before execution, wherein classifying the file comprises obtaining a first verdict with a rate of conformity to a class of files and a rate of a predicted dynamic feature; executing the file on the target computing system; collecting data related to file execution on the target computing system; extracting the predicted dynamic feature from the collected data; classifying the file with a dynamic analysis machine learning model based on the predicted dynamic feature, wherein classifying the file comprises obtaining a second verdict with a rate of conformity to a class of files and wherein the second verdict is adjusted with the rate of the predicted dynamic feature; and classifying the file with a malware classification machine learning model based on the first verdict of the static analysis machine learning model and the second verdict of the dynamic analysis machine learning model. 2. The method of claim 1 , further comprising the step of processing a malware classification verdict at an endpoint protection agent to detect malware, wherein the step of processing occurs after classifying the file with a malware classification machine learning model. 3. The method of claim 2 wherein the target computing system comprises a sandbox for securely executing the file. 4. The method of claim 2 , further comprising the step of performing a detection response action at the endpoint protection agent to counter the malware. 5. The method of claim 4 wherein the target computing system comprises a sandbox for securely executing the file. 6. A system for adjusted machine learning malware detection comprising: a processor coupled to a storage device configured for training and storing a plurality of machine learning models; a static analysis machine learning model configured to extract static features from a file before execution and to classify the file based on extracted static features, wherein the file classification comprises a first verdict with a rate of conformity to at least one class of files and a rate of a predicted dynamic feature; a target computing system for executing the file; collected data related to the file's execution on the target computing system; dynamic features from the collected data extracted in accordance to a predicted dynamic feature list comprising the predicted dynamic feature; a dynamic analysis machine learning model configured to classify the file based on the extracted dynamic features, wherein the file classification results in a second verdict comprising a rate of conformity to a class of files and adjusted with the rate of the predicted dynamic feature; and a malware classification machine learning model configured to classify the file based on the first verdict of the static analysis machine learning model and the second verdict of the dynamic analysis machine learning model. 7. The system of claim 6 , wherein the target computing system for running the file comprises a sandbox for securely executing the file. 8. A computer implemented method for adjusted machine-learning malware detection based on static and dynamic analysis of the file, the method executed on a processor of a target computing system, the method comprising: classifying a file with a static analysis machine learning model based on static features extracted from the file before execution, wherein the classification results in a first verdict comprising a rate of conformity to a class of files and a rate of first and second predicted dynamic features; executing the file on the target computing system; collecting data related to file execution on the target computing system; extracting dynamic features from collected data in accordance with a predicted dynamic feature list to create a first dynamic features dataset; wherein the predicted dynamic feature list comprises first and second predicted dynamic features; wherein the first predicted dynamic feature has a first weight and the second predicted dynamic feature has a second weight; extracting dynamic features from collected data to create a second dynamic features dataset; training a first dynamic analysis machine learning model using the first dynamic features dataset and training a second dynamic analysis machine learning model using the second dynamic features dataset; classifying the file with the first dynamic analysis machine learning model, wherein the classification results in a second verdict adjusted with the rate of the first predicted dynamic feature; classifying the file with the second dynamic analysis machine learning model, wherein the classification results in a third verdict adjusted with the rate of the second predicted dynamic feature; and classifying the file with a malware classification machine learning model based on the first and second and third verdicts. 9. The method of claim 8 , wherein the the step of classifying the file with a malware classification machine learning model further comprises ranking the verdicts of the first and second dynamic analysis machine learning models with the rate of the predicted dynamic feature. 10. The method of claim 8 , wherein the first verdict includes a rate of a plurality of predicted dynamic features.