Provided are a method and an apparatus for analyzing a malicious code by accurately and rapidly analyzing source code extracted from a set of a plurality of malicious codes, calculating a first degree of complexity of each of a plurality of malicious code binaries, select a root binary initially generated, by using the calculated first degree of complexity, and inferring an evolutionary order of the plurality of malicious code binaries, except for the root binary, based on the calculated first degree of complexity and a degree of distance between the plurality of malicious code binaries.