Malware infections may be detected by comparing an identifier of a file under examination against an identifier of known malware. Antivirus applications may use such identifiers to match portions of suspected malware running on electronic devices. However, some malware may be encrypted using a cipher to disguise the true nature of the malware, and thus data comprising malware may not match any identifier for detecting the malware. When malware is newly encrypted, representing new permutations of existing malware, zero-day detection may not be possible.
Malware may include, but is not limited to, worms, spyware, rootkits, password stealers, spam, sources of phishing attacks, sources of denial-of-service-attacks, viruses, loggers, Trojans, adware, or any other digital content that produces unwanted activity.