Standard machine learning methods, which naturally lend themselves to the automation of malware characterization, often lack explainability. Hence, an approach based on learning in description logics has been recently proposed, where well-comprehensible characterizations of malicious software are learned algorithmically. This approach, however, still requires validation and more thorough investigation because the previous work used just a single source of software data and studied only two algorithms for learning in description logics without extensive optimization of their configuration. Besides that, the representation of software properties in description logics has been enhanced since then. We fulfill the need for validation by carrying out experiments on new data utilizing the enriched software representation. We also examine two other learning algorithms in addition to the previously tested ones and try to optimize the performance of all four by tuning their configuration. In order to improve the learning process, we detect and repair numerous defects in these algorithms as well. Last but not least, we contribute to the research in this area by providing a deeper insight into how the algorithms behave when tasked with characterizing malware solely among executable files or shared libraries. Our findings show that learning in description logics is a valid approach to malware characterization and detection. Moreover, the optimization and the act of focusing on files of different types separately prove to have a quite significant impact on the overall performance of the algorithms.