Malware is a serious threat that has caused catastrophic disasters in recent decades. To deal with this issue, various approaches have been proposed. One effective and widely used method is signature-based detection. However, there is a substantial problem in detecting new instances; therefore, this method is solely useful for second malware attacks. In addition, owing to the rapid proliferation of malware and the significant human effort requirement to extract signatures, this approach is an inadequate solution; thus, an intelligent malware detection system is required. One of the major phases of such a system is feature extraction, used to construct a learning model. This paper introduces an approach to generate a group of semantic signatures, represented by a set of learning models, in which various features indicate the different programming styles of the execution files. A set of these signatures is obtained by mining frequent sub-graphs, common code sub-structures employed for malware writing, in a group of control flow graphs. The experimental results depict an improved F-measure rate in comparison with the classic graph-based approach. Copyright © 2014 John Wiley & Sons, Ltd.