In [2]:
import pefile
from os import listdir
from os.path import isfile, join

directories = ["Benign PE Samples", "Malicious PE Samples"]

In [4]:
def get_section_names(pe):
    """Gets a list of section names from a PE file."""
    list_of_section_names = []
    for sec in pe.sections:
        normalized_name = sec.Name.decode().replace("\x00", "").lower()
        list_of_section_names.append(normalized_name)
    return list_of_section_names

In [6]:
def preprocess_imports(list_of_DLLs):
    """Normalize the naming of the imports of a PE file."""
    return [x.decode().split(".")[0].lower() for x in list_of_DLLs]


def get_imports(pe):
    """Get a list of the imports of a PE file."""
    list_of_imports = []
    for entry in pe.DIRECTORY_ENTRY_IMPORT:
        list_of_imports.append(entry.dll)
    return preprocess_imports(list_of_imports)

In [8]:
imports_corpus = []
num_sections = []
section_names = []
for dataset_path in directories:
    samples = [f for f in listdir(dataset_path) if isfile(join(dataset_path, f))]
    for file in samples:
        file_path = dataset_path + "/" + file
        try:
            pe = pefile.PE(file_path)
            imports = get_imports(pe)
            n_sections = len(pe.sections)
            sec_names = get_section_names(pe)
            imports_corpus.append(imports)
            num_sections.append(n_sections)
            section_names.append(sec_names)

        except Exception as e:
            print(e)
            print("Unable to obtain imports from " + file_path)

'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/adamuninstall.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/ADSchemaAnalyzer.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/appcmd.exe
'PE' object has no attribute 'DIRECTORY_ENTRY_IMPORT'
Unable to obtain imports from Benign PE Samples/AppVStreamingUX.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/aspnetca.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/bash.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/BootExpCfg.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/c2wtshost.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/CCG.exe
'DOS Header magic not found.'
Unable to obtain imports from Benign PE Samples/CExecSvc.exe
'DOS Header magic not found.'
Unable to obtain imports

In [9]:
print(imports_corpus[0:5])
print(num_sections[0:5])
print(section_names[0:5])

[['mscoree'], ['mscoree'], ['mscoree'], ['wincorlib', 'api-ms-win-eventing-provider-l1-1-0', 'api-ms-win-core-libraryloader-l1-2-0', 'api-ms-win-core-localization-l1-2-0', 'api-ms-win-core-processthreads-l1-1-0', 'api-ms-win-core-heap-l1-1-0', 'api-ms-win-core-debug-l1-1-0', 'api-ms-win-core-errorhandling-l1-1-0', 'api-ms-win-core-handle-l1-1-0', 'api-ms-win-core-synch-l1-1-0', 'api-ms-win-core-synch-l1-2-0', 'api-ms-win-core-com-l1-1-0', 'ext-ms-win-shell32-shellfolders-l1-1-0', 'api-ms-win-core-string-l1-1-0', 'api-ms-win-core-registry-l1-1-0', 'api-ms-win-core-util-l1-1-0', 'api-ms-win-core-winrt-error-l1-1-0', 'api-ms-win-core-winrt-error-l1-1-1', 'api-ms-win-core-winrt-string-l1-1-0', 'msvcrt', 'ntdll', 'api-ms-win-core-profile-l1-1-0', 'api-ms-win-core-sysinfo-l1-1-0'], ['advapi32', 'kernel32', 'msvcrt', 'ntdll', 'ole32', 'oleaut32', 'wintrust', 'fltlib', 'shell32', 'version', 'activeds']]
[3, 3, 3, 6, 6]
[['.text', '.rsrc', '.reloc'], ['.text', '.rsrc', '.reloc'], ['.text', '.rs