The more sophisticated tools and methods used by attackers has forced the computer security industry to look for improved security controls. Malicious software is often used as a tool for frequent and costly computer attacks. Therefore, a challenge in the information security industry is to detect malicious software before they scan carry out their actions. The traditional approach has been to use signatures that look for known patterns in the binaries, which has proved challenging because malware authors often obfuscate and reorder their binaries to avoid detection. Machine learning has been proposed as an orthogonal detection approach, which learns from previous malicious ﬁles to learn generalizations about malicious or benign software. These machine learning approaches has also been shown to have their weaknesses, in the form of adversarial examples, which are carefullycraftedinputswhichmakestheclassiﬁerproduceawrongoutput.Thishasbeenshowntohave great consequences for image classiﬁers, where an attacker could make imperceptible changes to images that produces the wrong result. These attacks are however harder to carry out on malware, sincethe gradient-basedapproachesproposed willbreakthe interdependenciesbetweenbytes, preventing the malware from running. This thesis investigates how feature selection methods can be used to select the most important features and investigate how an adversary has to change them in order to change the prediction of a machine learning-based PE malware classiﬁer. In the process we ﬁnd how some sources of bias in datasets, testing methods of the accuracy of models. In the dataset used, PE header features and metadata extracted inﬂuence the accuracy the most.