Generally, malicious software of “malware” includes so-called Advanced Persistent Threats (APTs) may be characterized by persistent, background execution with a purpose of stealing sensitive information and/or obtaining unauthorized access to computing resources. Typically, detecting APTs and taking remediation actions may be difficult. Traditionally, anti-malware products, including anti-virus applications, may depend on file signatures for detection of malware. Typically, signatures of executable files of known malware may be stored in a database, and detection products may scan a target system for files having matching signatures. Such detection techniques may be thwarted by creating variants that have a same or similar functionality but different signatures, a technique which is used to some degree by fraudsters. These detection techniques may also be thwarted by malware that actively seeks to avoid detection by disabling anti-virus software, embedding itself into an operating system kernel, and other methods.