Extract-PE-header.py

# Extract-PE-header.py
# Extracting Meta Data from malwares

import os
import pefile
import json

for filename in os.listdir("./benign/"):
    if os.path.splitext(filename)[1]=='.dll':
        print(filename)

        # exit(0)
        try: 
            # filename = '33b711ab30af29989a95d76cb05eb0fe';
            PEfile = pefile.PE("./benign/"+filename, fast_load=True)
            data = {}

            DebugSize = PEfile.OPTIONAL_HEADER.DATA_DIRECTORY[6].Size
            data["DebugSize"]=DebugSize
            # print(DebugSize)


            DebugRVA = PEfile.OPTIONAL_HEADER.DATA_DIRECTORY[6].VirtualAddress
            data["DebugRVA"]=DebugRVA
            # print(DebugRVA)

            ImageVersion = PEfile.OPTIONAL_HEADER.MajorImageVersion
            data["ImageVersion"]=ImageVersion
            # print(ImageVersion)

            OSVersion = PEfile.OPTIONAL_HEADER.MajorOperatingSystemVersion
            data["OSVersion"]=OSVersion
            # print(OSVersion)

            ExportRVA = PEfile.OPTIONAL_HEADER.DATA_DIRECTORY[0].VirtualAddress
            data["ExportRVA"]=ExportRVA
            # print(ExportRVA)

            ExportSize = PEfile.OPTIONAL_HEADER.DATA_DIRECTORY[0].Size
            data["ExportSize"]=ExportSize
            # print(ExportSize)

            IATRVA = PEfile.OPTIONAL_HEADER.DATA_DIRECTORY[12].VirtualAddress
            data["IATRVA"]=IATRVA
            # print(IATRVA)

            ResSize = PEfile.OPTIONAL_HEADER.DATA_DIRECTORY[2].Size
            data["ResSize"]=ResSize
            # print(ResSize)

            LinkerVersion = PEfile.OPTIONAL_HEADER.MajorLinkerVersion
            data["LinkerVersion"]=LinkerVersion
            # print(LinkerVersion)

            NumberOfSections = PEfile.FILE_HEADER.NumberOfSections
            data["NumberOfSections"]=NumberOfSections
            # print(NumberOfSections)

            StackReserveSize = PEfile.OPTIONAL_HEADER.SizeOfStackReserve
            data["StackReserveSize"]=StackReserveSize
            # print(StackReserveSize)

            DllChar_ = PEfile.OPTIONAL_HEADER.DllCharacteristics
            data["DllCharacteristics"]=DllChar_
            # print(DllChar_)

            print(data)
            with open("./benign_meta_data/"+filename[:-4]+".json", "w") as write_file:
                json.dump(data, write_file, indent=4)

        # exit(0)
        except: 
            continue