A security module identifies symbols within an executable file. The security module compares these identified symbols to a set of symbols expected to be present in a legitimate executable file. Based at least in part on an identified symbol not being within the set of expected symbols, the security module determines that the executable file poses a heightened security risk. In one embodiment, a remediation module takes an appropriate response to prevent potential malware exploits by the executable file.