Similar to import hashing, section hashing can also help in identifying related samples. When an executable is loaded in pestudio, it calculates the MD5 of each section (.text, .data, .rdata, and so on.). To view the section hashes, click on sections as shown here:
In Python, pefile module can be used to determine the sections hashes as shown here:
>>> import pefile
>>> pe = pefile.PE("5340.exe")
>>> for section in pe.sections:
... print "%s %s" % (section.Name, section.get_hash_md5())
...
.text b1b56e7a97ec95ed093fd6cfdd594f6c
.rdata a7dc36d3f527ff2e1ff7bec3241abf51
.data 8ec812e17cccb062515746a7336c654a
.rsrc 405d2a82e6429de8637869c5514b489c
When you are analyzing a malware sample, you should consider generating the fuzzy hash, imphash, and section hashes for the malicious binary and store them in a repository; that way, when you come across a new sample, it can be compared with these hashes to determine similarity.