Malware may comprise any software used to gain access to private computer systems, gather sensitive information, disrupt computer operations, display unwanted advertising, and the like. In the alternative, grayware or Potentially Unwanted Applications (PUAs) represents unwanted applications or files, which are not classified as malware. Although these applications may have been downloaded by the user, the user may not be aware of the impact that these applications place upon the computing environment. For example, these applications may behave in an annoying or undesirable manner, with less serious or troublesome effects than malware; yet, PUAs can worsen the performance of computers and may cause security risks. PUAs may include but is not limited to, spyware, adware, fraudulent dialers, joke programs, remote access tools, and other unwanted programs that burden the performance of the computer system or pose a nuisance to the system and its users.
What complicates matters for PUAs, is that the developers of PUAs release new versions frequently. PUA designers also temper the precompiled files to create new user-defined versions of the PUA. Further, the designers use several packers and crypters; wherein, the packers represent software that are bundled into a single package that constantly changes its identity and crypters represent software that constantly mutates its signature. Thereby, the PUA becomes polymorphic, which makes it difficult to detect and remove. In particular, conventional antivirus software does not possess the ability to keep up with sorting and updating these PUA files. Currently, there is no generic solution to automatically distinguish between differing PUAs. Although antivirus software exists to identify a great variety of malware, there is no present solution for identifying PUA. It is within this context that the embodiments arise.