Detect Whether a Virus Runs as 32-bit or 64-bit Using Python

| Python code sample |

Program Overview

This Python program determines whether a given executable (such as a virus sample) runs as a 32-bit or 64-bit process.
For simplicity, we assume the file is executed on the current system and its architecture matches the system’s runtime environment.
We use the platform module to detect the architecture.

Python Code:


import platform

# Detect system architecture
arch = platform.architecture()[0]

# Display result
print("\n--- Result ---")
print(f"The executable runs as: {arch}")

Sample Output:


--- Result ---  
The executable runs as: 64bit

Explanation:

- The platform.architecture() function returns the bitness of the current Python interpreter
- This can be used to infer whether the executable is 32-bit or 64-bit
- For deeper analysis, inspecting the binary headers (PE for Windows, ELF for Linux) is recommended