A device receives a software program, performs a dynamic malware analysis of the software program to generate dynamic malware analysis results, and generates a call graph based on the dynamic malware analysis of the software program. The device utilizes, during the dynamic malware analysis of the software program, the call graph to identify an exit of the software program and/or a forced kill of the software program, and performs a static malware analysis of the software program based on identifying the exit of the software program and/or the forced kill of the software program. The device generates static malware analysis results based on performing the static malware analysis of the software program, and combines the dynamic malware analysis results and the static malware analysis results to generate combined malware analysis results. The device performs one or more actions based on the combined malware analysis results.