Aiming at the problem of insufficient accuracy of current static classification method of malicious code, this study maps the malicious code into uncompressed gray-scale image. Then the image is transformed into a constant-size image according to the image transformation method, and the direction gradient histogram is used to extract the features of the image. Finally, a kind of malicious code classification method based on deep forest is proposed. Experiments on malicious code samples from different families verify the effectiveness of the proposed method and the results are superior to the recently proposed SPAM-GIST method.