Detection of malicious software (malware) by the use of static signatures is often criticized for being overly simplis- tic. Available methods of obfuscating code (so-called meta- morphic malware) will invalidate the use of a fixed signa- ture, without changing the harmful effects of the software. This paper presents a new approach for recognizing meta- morphic malware. The method uses fully automated static analysis of executables to summarize and compare program semantics, based primarily on the pattern of library or sys- tem functions which are called. The proposed method has been prototyped and evaluated using randomized benchmark programs, instances of known malware program variants, and utility software available in multiple releases. The results demonstrate three impor- tant capabilities of the proposed method: (a) it does well at identifying metamorphic variants of common malware; (b) it distinguishes easily between programs that are not related; and, (c) it can identify and detect program varia- tions, or code reuse. Such variations can be due to insertion of malware (such as viruses) into the executable of a host program. We argue that this method of metamorphic code detection will be difficult for malware writers to bypass.