Examining the PE header

Portable executable (PE) files are a common Windows file type. PE files include the .exe, .dll, and .sys files. All PE files are distinguished by having a PE header, which is a header section of the code that instructs Windows on how to parse the subsequent code. The fields from the PE header are often used as features in the detection of malware. To easily extract the multitude of values of the PE header, we will utilize the pefile Python module. In this recipe, we will parse the PE header of a file, and then print out notable portions of it.