With　the　rapid　development　of　cloud　computing,　cloud　security　is　increasingly　an　important　issue.　Virtual　machine　(VM)　is　the　main　form　to　provide　cloud　service.　To　protect　VMs　against　malware　attack,　a　cloud　needs　to　have　the　ability　to　react　not　only　to　known　malware,　but　also　to　the　new　emerged　ones.　Virtual　Machine　Introspection　(VMI)　is　a　good　solution　for　VM　monitoring,　which　can　obtain　the　raw　memory　state　of　the　VM　at　Virtual　Machine　Monitor　(VMM)　level.　Through　analyzing　the　memory　dumps,　the　significant　features　of　malware　can　be　obtained.　In　our　research,　we　propose　a　novel　static　analysis　method　for　unknown　malware　detection　based　on　the　feature　of　opcode　n-gram　of　the　executable　files.　Different　feature　sizes　ranging　from　2-gram　to　4-gram　are　implemented　with　the　feature　length　of　100,　200,　300　respectively.　The　feature　selection　criterion　of　Term　Frequency　(TF)-Inverse　Document　Frequency　(IDF)　and　Information　Gain　(IG)　are　leveraged　to　extract　the　top　features　for　classifier　training.　Different　classifiers　are　trained　with　the　preprocessed　dataset.　The　experimental　results　show　that　the　weighted　integrated　classifier　with　opcode　4-gram　of　300　features　has　the　optimal　accuracy　of　98.2%.　©　2018,　Springer　Nature　Switzerland　AG.