Generate MAEC XML from Ero Carrera's pefile output
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.




A Python library for converting output from Ero Carrera's pefile utility to Malware Attribute Enumeration and Characterization (MAEC™) XML content. It is currently in the BETA phase.

pefile-to-maec uses the pefile package: "pefile is a multi-platform Python module to read and work with Portable Executable (aka PE) files. Most of the information in the PE Header is accessible, as well as all the sections, section's information and data."[1]

This package consists of a module that captures the pefile output for binary files in MAEC format (/pefile_to_maec), and a script that uses that module (



The pefile-to-maec script depends on the presence of certain packages/libraries to function. Please refer to their installation documentation for installation instructions.


The script can be called with:

python infile outfile

Where infile refers to the input PE binary file and outfile the name of the MAEC XML file to which the output will be written.

The module exposes the following functions:

  • generate_package_from_binary_filepath - given an filepath, return a python-maec Package object with the PEFile output.

To use these module functions, the module must first be installed with setuptools:

python install

At which point it can be used as a library:

import pefile_to_maec


The pefile-to-maec library is tested and written against python 2.7.x. Compatibility with other python versions is neither guaranteed nor implied.

Supported Features

The following features are mapped from the PEFile output and captured in MAEC:

  • Metadata
    • File name (on disk)
    • File path
    • File size (in bytes)
    • Hashes (MD5, SHA1)
  • DOS header
  • File header
  • Optional header
  • Exports
  • Imports
  • Resource directories


Bug reports and feature requests are welcome and encouraged. Pull requests are especially appreciated. Feel free to use the issue tracker on GitHub, join the MAEC Community Email Discussion List, or send an email directly to