Method and device for extracting PE file features

The invention discloses a method and device for extracting PE file features. The method comprises the steps that source codes of a target PE file are analyzed, and feature codes in the source codes are obtained; the feature codes are one or a combination of more of a target PE file code section or target PE file additional data or PE file resource sections; the hash features of the feature codes are extracted; and according to the hash features of the feature codes, the features of the PE file are generated, and the features of the PE file are used for detecting whether the target PE file is infected by viruses. When antivirus software uses the features extracted through the method for detecting viruses, the viruses cannot be missed easily, the universality can be improved when the antivirus software uses the features for detecting the viruses, and the speed of target PE file feature extracting can be increased.