Dataset used in scenario 2 contains 21 less malware families which was excluded for zero-day testing; this caused small increase in detection performance. RF bested other methods with 96.12% accuracy.