Abstract With the rapidly popularity of the Internet, the number of malware has rocketing to increase. Many virus analysis techniques suppose that the binary code of a piece of malware is available, which is however not always useful. We propose fuzzy logic-based program behavior describe and analysis method. The behavior of malicious codes is identified by assembly layer and API layer through decompile binary file. For analysis malicious behaviors, we calculate weighted similarity between unknown program and malicious behaviors pattern. The experiment results demonstrate the fuzzy logic-base behavior description and analysis is efficient in detecting unknown malicious actions.