With pehash you can calculate checksums of PE pieces and not only whole PE files. You can for example compare two malwares by similarity using ssdeep. Have a look:
$
pehash -s CODE ComentarioDeVoz_.cpl sections section section_name: CODE md5: 67b498c232dfbe4f5cc0cabc5e78ac42 sha1: 32b5df9aaa201bc8cbfed37344aaa77bf842c1d4 sha256: 8f5b794da7fdbbc13f1abaae0949b4eb98935c99e7387c7e0dfef5d4f01ea298 ssdeep: 6144:2QrIKt9jjmVG0xcpcZTcLexXqS1XGtbNwI/4p3RLjD0OVG:2QrD3mVG0xcpcZTEexvXENv/e3RD0W$
pehash -s CODE comentario.cpl sections section section_name: CODE md5: 973d11759194c14071aa6963de8f55c7 sha1: 1934e0085c8776e3243bf658e95b8943d4f91bc9 sha256: e68349bfcb04b20c11973ce27770570ebb22c8c7750133d073f15f7ec9eeda38 ssdeep: 6144:FQrIKt9jjmVG0xcpcZTcLexXqS1XGtbNwI/4p3Zv60G4:FQrD3mVG0xcpcZTEexvXENv/e3J6V
Although the CODE section hashes of each files are different, their ssdeep checksum matches. So, you could probably infer that these are variants.
You can also have the hash for each part using pehash without any option:
$
pehash -a putty.exe
file
filepath: /home/user/putty.exe
md5: 33c9d1e56152e212367e9c5b01671e45
sha1: 9ded3ce2ae09c37ca173bbd3dcb57258b72cdbd5
sha256: b10922648f6ad71f3f20b9acdfacf9aeff706cad6c52737cdc426307ccfa51d9
ssdeep: 12288:ApoNd4D7aVwSn8nW+nGQZZcLYX4RXwWLJQ6LU:UoNde7aVT8WvQ3O+4NzLu6w
imphash: dae4485dd029c5e0256f477eda4797a4
headers
header
header_name: IMAGE_DOS_HEADER
md5: 5084c5d5cfe99932e67450023c068941
sha1: 856558429bb575486a46a92ba2684eaab8578cef
sha256: 52ea4dd296abe995cc1052a3a29325a8306fc888b3d6fea352d2cebdd83e6eaa
ssdeep: 3:WlWUqt/vllPln:idqH
header
header_name: IMAGE_COFF_HEADER
md5: c29db8cff4c151279ea0f3e1e122bb92
sha1: 5df76c71b2fcb937b98d566dad7d353f23f23418
sha256: 4dc37a0d8a47d3c713b891a86b92acb28126729da2b7a6a5f3656d23fd8c1a9c
ssdeep: 3:OHwkn:wwk
header
header_name: IMAGE_OPTIONAL_HEADER
md5: 0de919344c187babea80d66adc2b0d9e
sha1: 4bdec527003b46348d8f9a1594f39f064e9dd680
sha256: 97e834e37ee922bca8a9388b2b1663491ddf0d3b20c6d37782aa4f2d1d9ebf64
ssdeep: 3:2H2l0lvl9gXH9lhtllrll3lll/ldt1l9tllH:NGlvA3
sections
section
section_name: .text
md5: 67b498c232dfbe4f5cc0cabc5e78ac42
sha1: 32b5df9aaa201bc8cbfed37344aaa77bf842c1d4
sha256: 8f5b794da7fdbbc13f1abaae0949b4eb98935c99e7387c7e0dfef5d4f01ea298
ssdeep: 6144:6poNd4D7aeaNqZs+iDpnRKnWDX/ZcnGs9BDT7JjZnZZGN+FAFtt6Xa//lrXwW:6poNd4D7aVwSn8nW+nGQZZcLYX4RXwW
section
section_name: .rdata
md5: 6087c2ffc1a7d69f82696a4f2d3aca75
sha1: d69529b6402c520bdbee855c34ce4455112bd1eb
sha256: 30b49d20acb96827857ca125ce0d49838fafafe9d7e49523982b2ff1afe54283
ssdeep: 3072:mDBKmaes7rlYhoAw/Jt8Lr6hx3bO6ta/4gRul:mS+oAw/Jt836L3bA/
section
section_name: .data
md5: 5578c6fd3e5a0b764a7f2bcde00f9a16
sha1: b71d5142594f56e896e79e12abf729e94512b9e0
sha256: edd88e6b2ccf3dd5624ebd07b8911e2fa51f4ddc7912d4699ed111d28a2a53e5
ssdeep: 96:j/1HpvU2Ro26mTfOkf14dBPBgtbAgUhoSkb/:9o26sN2dJ9rIb/
section
section_name: .rsrc
md5: 24b45ea2b1620870730382fb7308a074
sha1: bca5bc464c261f05751c24dce49d70458647e75c
sha256: 695707a6f3385838f6e5b58ab45584acb716bec2a2a953327dcb40314f0c0908
ssdeep: 192:Icgh8G2PnHGaAnkTjVDBY5disWxDgPWDSL73oqEnngLg:I5SG2vHi4jVDBKjPfL730ng0
The OpenSSL library used by pev supports a wider range of hashing algorithms and you can extend pehash to use them by recompiling its source code.