Some analysts rename the malware as “malware.exe” or “sample.exe” or even with the file hash. Malware can detect the name before fully executing on the infected machine. If any of the blacklisted names are detected, the sample will run differently or end its process.