YARA, a powerful framework for pattern matching, is often used to detect malicious files, but it can also be used to detect specific capabilities within files. These capabilities signatures can then be aggregated to give a full picture of just how suspicious a given file is.
Article Link: http://www.securitytube.net/video/16803?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:%20SecurityTube%20(SecurityTube.Net)
Credit to: https://cert.europa.eu