While most of the detection techniques used in modern antivirus software need frequent and constant update (engines and databases), modern malware attacks are processed and managed efficiently only a few hours after the malware outbreak. This situation is especially concerning when considering targeted attacks which usually strike targets of high criticity. The aim of this paper is to present a new technique which enabled to detect (binary executable) malware proactively without any prior update neither of the engine nor of the relevant databases. By considering a combinatorial approach that focuses on malware behavior by synthetizing the information contained in the Import Address Table, we have been able to detect unknown malware with a detection probability of 98 % while keeping the false positive rate close to 1 %. This technique has been implemented in the French Antivirus Software Initiative (DAVFI) and has been intensively tested on real cases confirming the detection performances.