Static feature extraction from structured files

What is claimed is: 1. A computer-implemented method comprising: receiving or accessing data comprising a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file; iteratively identifying code and data regions in the structured file for parsing and disassembly by: discovering a structure of the structured file; analyzing and checking a first header located at a root of the structure; analyzing and checking a second header in the structure referenced by the first header in response to the checking of the first header; and looping through remaining portions of the structure other than the first header and the second header to extract code start points until all code start points for analysis and disassembly are identified; statically extracting at least one feature from the structured file by disassembling the code in the structured file using the code start points and analyzing the identified-code and data regions, wherein the at least one feature indicates whether a collection of import names in the structured file is ordered lexicographically; classifying the structured file by applying the extracted features to a machine learning model to determine if the structured file is either malicious or safe; and preventing access or execution of the structured file if it is classified as malicious; or accessing or executing the structured file if it is classified as safe. 2. The method of claim 1 , wherein the structured file is selected from a group consisting of: Portable Executable (PE) format files, disk operating system (DOS) executable files, New Executable (NE) files, Linear Executable (LE) files, Executable and Linkable Format (ELF) files, JAVA Archive (JAR) files, and SHOCKWAVE/FLASH (SWF) files. 3. The method of claim 1 , wherein the execution environment is an operating system or a virtual machine. 4. The method of claim 1 further comprising: determining that the structured file is valid by examining the first header or the second header within the structured file to determine whether it encapsulates a valid signature. 5. The method of claim 1 , wherein the extracted at least one feature is a first order feature. 6. The method of claim 5 further comprising: deriving the extracted at least one first order feature into a higher-order feature. 7. The method of claim 1 further comprising: analyzing negative space within the structured file to extract at least one additional feature, the negative space being different from the identified code and data regions. 8. The method of claim 1 further comprising: transforming the extracted at least one feature. 9. The method of claim 8 , wherein the transforming comprises: sanitizing the extracted at least one feature by encoding associated data in an unambiguously reversible way. 10. The method of claim 9 , wherein the transforming comprises: truncating the extracted at least one feature when a size of such at least one feature exceeds a predetermined amount; and generating an additional feature noting a reason for the truncating. 11. The method of claim 1 , wherein data within the structured file is arranged hierarchically and the structured file comprises a top level header encapsulating a first data structure that encapsulates a second data structure. 12. The method of claim 1 further comprising: providing the extracted at least one feature to a machine learning model. 13. The method of claim 1 , wherein the first header is a disk operating system (DOS) header and the second header is a Portable Executable (PE) header. 14. The method of claim 1 further comprising: inputting the at least one extracted feature into a machine learning model trained to classify the structured file as malicious or benign; and providing, by the machine learning model, output characterizing the classification of the structured file. 15. A computer-implemented method for extraction of features from a structured file, the method comprising: receiving or accessing data comprising a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file; determining that the structured file is valid; iteratively disassembling and analyzing code and data within the structured file to identify and extract first order features including at least one feature indicating whether a collection of import names in the structured file is ordered lexicographically, the extracting occurring statically while the structured file is not being executed; analyzing negative space within the structured file to identify and extract additional first order features; transforming the extracted first order features into higher order features using one or more transformation techniques; inputting the transformed higher order features into a machine learning model trained to classify the structured file as malicious or benign; and providing, by the machine learning model, output characterizing the classification of the structured file. 16. The method of claim 15 , wherein the iteratively analyzing code and data within the structured file to identify and extract first order features comprises: discovering a structure of the structured file; analyzing and checking a first header located at a root of the structure; analyzing and checking a second header in the structure referenced by the first header in response to the checking of the first header; and looping through remaining portions of the structure other than the first header and the second header until all code start points for analysis are identified, wherein the identified code start points are used as disassembly starting points as part of the extracting. 17. A system comprising: at least one data processor; and memory storing instructions which, when executed by the at least one data processor, result in operations comprising: receiving or accessing data comprising a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file; iteratively identifying code and data regions in the structured file for parsing and disassembly by: discovering a structure of the structured file; analyzing and checking a first header located at a root of the structure; analyzing and checking a second header in the structure referenced by the first header in response to the checking of the first header; and looping through remaining portions of the structure other than the first header and the second header to extract code start points until all code start points for analysis and disassembly are identified; statically extracting at least one feature from the structured file by disassembling the code in the structured file using the code start points and analyzing the identified code and data regions, wherein the at least one feature indicates whether a collection of import names in the structured file is ordered lexicographically; classifying the structured file by applying the extracted features to a machine learning model to determine if the structured file is either malicious or safe; and preventing access or execution of the structured file if it is classified as malicious; or accessing or executing the structured file if it is classified as safe. 18. The system of claim 17 , wherein the classifying comprises: inputting the at least one extracted feature into a machine learning model trained to classify the structured file as malicious or benign; a