Malicious software, commonly referred to as “malware,” is often covertly deployed on devices to extract information stored on or input to the devices, as well as to reduce performance of the devices, among other things. Malicious software is often detected using a syntactic approach where code of a software program may be compared with code of a known malicious software program to determine whether at least a portion of the code of the software program matches the code of the known malicious software program. However, in some instances, syntactic detection may be avoided via simple changes to code such that it does not match that of the known malicious software program while also exhibiting substantially the same behavior.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.