It is traditionally difficult to detect malware due to the constantly evolving nature of different types of malware. Experts may manually determine rules for detecting a particular instance of malware after identifying and studying that particular instance. However, attackers can develop new instances of malware that are not detectable by known rules. It is also challenging to predict characteristics of future iterations of malware or other types of anomalous files. In addition, current systems may require executing an application on a client to determine whether it is actually malicious, though this may not be ideal since executing malware can already cause undesirable effects to the client.