In the malware analysis, it is a common method to monitor malware dynamically in a virtual environment. However, with so many branches of executable pathes, path explosion problem will probably occur, leaving some executable pathes uncovered, and hence harming the comprehensiveness of analysis. To solve this problem, we propose a malware analysis method based on symbolic execution tree. This method introduces sinknode and solves the execution of malicious code path by constructing the symbolic execution tree, so improves the analysis of comprehensive. Experiments to analyze the samples of malware show that the method can enhance the efficiency of the analysis with lower time complexity.