In this talk, we will start by showing the multi-CPU architectural IoT malware. And why it is challenging to analyze such IoT malware from the perspective of static and dynamic analysis. Then we will talk about how it was possible to do cross-architectural malware analysis through the LLVM interpreter by lifting it to LLVM IR. Next, we will explain a problem that could be a significant hurdle in being a practical analysis tool: slow execution, and how we resolved this problem by inventing execution domain transition. Finally, we will end our talk with a demo of our work.