How it works...

We began in step 1 by importing the pefile library and specifying which file we will be analyzing. In this case, the file was python-3.7.2-amd64.exe, though it is just as easy to analyze any other PE file. We then continued on to examine the DLLs being imported by the file, in order to understand which methods the file may be using in Step 2. DLLs answer this question because a DLL is a library of code that other applications may call upon. For example, USER32.dll is a library that contains Windows USER, a component of the Microsoft Windows operating system that provides core functionality for building user interfaces. The component allows other applications to leverage the functionality for window management, message passing, input processing, and standard controls. Logically then, if we see that a file is importing a method such as GetCursorPos, then it is likely to be looking to determine the position of the cursor. Continuing in step 3, we printed out the sections of the PE file. These provide a logical and physical separation to the different parts of a program, and therefore offer the analyst valuable information about the program. Finally, we printed out all of the parsed PE header information from the file in preparation for later utilizing it for feature engineering (Step 4).