diff --git a/src/event.bif b/src/event.bif
index ae8ede439f..e43f979aa5 100644
--- a/src/event.bif
+++ b/src/event.bif
@@ -7060,6 +7060,7 @@ event file_hash%(f: fa_file, kind: string, hash: string%);
 
 
 event pe_dos_header%(f: fa_file, h: PE::DOSHeader%);
+event pe_dos_code%(f: fa_file, code: string%);
 event pe_file_header%(f: fa_file, h: PE::FileHeader%);
 event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%);
 event pe_section_header%(f: fa_file, h: PE::SectionHeader%);
diff --git a/src/file_analysis/analyzers/pe-analyzer.pac b/src/file_analysis/analyzers/pe-analyzer.pac
index e6a39ae1dc..341a3efbec 100644
--- a/src/file_analysis/analyzers/pe-analyzer.pac
+++ b/src/file_analysis/analyzers/pe-analyzer.pac
@@ -59,6 +59,17 @@ refine flow File += {
 		return true;
 		%}
 
+	function proc_dos_code(code: bytestring): bool
+		%{
+		if ( pe_dos_code )
+			{
+			BifEvent::generate_pe_dos_code((Analyzer *) connection()->bro_analyzer(), 
+			                               connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
+			                               new StringVal(code.length(), (const char*) code.data()));
+			}
+		return true;
+		%}
+
 	function proc_nt_headers(h: IMAGE_NT_HEADERS): bool
 		%{
 		if ( ${h.PESignature} != 17744 ) // Number is uint32 version of "PE\0\0"
@@ -171,6 +182,10 @@ refine typeattr DOS_Header += &let {
 	proc : bool = $context.flow.proc_dos_header(this);
 };
 
+refine typeattr DOS_Code += &let {
+	proc : bool = $context.flow.proc_dos_code(code);
+};
+
 refine typeattr IMAGE_NT_HEADERS += &let {
 	proc : bool = $context.flow.proc_nt_headers(this);
 };
diff --git a/src/file_analysis/analyzers/pe-file.pac b/src/file_analysis/analyzers/pe-file.pac
index 5c56775538..041f2bbdb4 100644
--- a/src/file_analysis/analyzers/pe-file.pac
+++ b/src/file_analysis/analyzers/pe-file.pac
@@ -1,7 +1,7 @@
 
 type TheFile = record {
 	dos_header     : DOS_Header;
-	dos_code       : bytestring &length=dos_code_len;
+	dos_code       : DOS_Code(dos_code_len);
 	pe_header      : IMAGE_NT_HEADERS;
 	sections_table : IMAGE_SECTION_HEADER[] &length=pe_header.file_header.NumberOfSections*40 &transient;
 	#pad            : bytestring &length=offsetof(pe_header.data_directories + pe_header.data_directories[1].virtual_address);
@@ -34,6 +34,10 @@ type DOS_Header = record {
 	AddressOfNewExeHeader    : uint32;
 } &byteorder=littleendian &length=64;
 
+type DOS_Code(len: uint32) = record {
+	code : bytestring &length=len;
+};
+
 type IMAGE_NT_HEADERS = record {
 	PESignature     : uint32;
 	file_header     : IMAGE_FILE_HEADER;