PE files features extract

[Natruel]

I want to know how to extract the features of PE files，because when i read the python file ，“features.py”， it‘s hard to understand the code. I want to know if it's convenient for you to tell me the specific extraction method, or if there's an instruction manual or a link to the paper or something like that. Thank you!

[mrphilroth]

Hi! The paper is here: https://arxiv.org/abs/1804.04637

The classify_binaries.py script will return model predictions on PE files. As part of this process, the features are calculated. Here's how it's done:

    extractor = PEFeatureExtractor(feature_version)
    features = np.array(extractor.feature_vector(file_data), dtype=np.float32)

https://github.com/endgameinc/ember/blob/master/ember/__init__.py#L221-L222