A computer-implemented method for identifying malware may include (1) determining, for multiple commands within bytecode associated with a malware program, whether each command constitutes an invocation command, (2) filtering, based on the determination, invocation commands from the bytecode, (3) adding, for each invocation command filtered from the bytecode, an opcode, a format code, and a function prototype to a collection of opcodes, format codes, and function prototypes, (4) generating a digital fingerprint of the collection including the opcode, the format code, and the function prototype for each invocation command filtered from the bytecode, and (5) performing, by a computer security system, a remedial action to protect a user in response to detecting the presence of a variant of the malware program by determining that the digital fingerprint matches a candidate instance of bytecode under evaluation. Various other methods, systems, and computer-readable media are also disclosed.