A computer program includes one or more computer program instructions, each computer program instruction being of one or more instruction types. Prior to execution of the computer program instructions, the computer determines respective counts for the instruction type(s) of the computer program instructions. At a time during execution of the computer program instructions, the computer determines respective counts for the instruction type(s) of the computer program instructions. The computer, in response to determining that the count for one of the instruction types determined prior to execution differs a predetermined amount from the count for the same instruction type determined during execution, makes a record that the computer program has an indicia of maliciousness.