malware may have one or more capabilities such as file upload or download, command execution, cryptography, module support, …
Many of these capabilities can be inferred with basic static analysis techniques. An example would be a sample containing calls to cURL library functions almost certainly is able to utilize HTTP.