Botnet attacks caused the series impact loss of profits for enterprises or individuals by means of stealingthe commercial information. In the previous studies for analyzing the signature of malware, defender found that some malware gotupdated with new features including (i) modular design (ii) variant is built by altering part of signatures, and (iii) anti-VM capability. Accordingly, the present study proposes a new method for analysis of malware signature problem in botnets thru aggregated TRUMAN system and sandbox technique. In the proposed approach, both clear OS and sandbox are used to predict their behavior thru the comparison of between the results of sandbox and TRUMAN in order to increase the precisionand accuracy. The analysis ability of our scheme to the support and confidence degree is enhanced by means of frequent episode. A series of case studies for threat analysis are performed to investigate the attack actions required to successfully estimate the threat degree from system vulnerabilities via attack trees. Overall, the results confirm that the proposed method provides an effective means of analyzing the impact loss and its risks from botnet threats.