Class: WindowsPEOptionalHeaderType
The Windows PE Optional Header type represents the properties of the PE optional header. At least one property from this type MUST be included.
URI: attack:WindowsPEOptionalHeaderType
classDiagram
class WindowsPEOptionalHeaderType
click WindowsPEOptionalHeaderType href "../WindowsPEOptionalHeaderType/"
CommonSchemaComponent <|-- WindowsPEOptionalHeaderType
click CommonSchemaComponent href "../CommonSchemaComponent/"
WindowsPEOptionalHeaderType : address_of_entry_point
WindowsPEOptionalHeaderType : base_of_code
WindowsPEOptionalHeaderType : base_of_data
WindowsPEOptionalHeaderType : checksum_hex
WindowsPEOptionalHeaderType : description
WindowsPEOptionalHeaderType : dll_characteristics_hex
WindowsPEOptionalHeaderType : file_alignment
WindowsPEOptionalHeaderType : id
WindowsPEOptionalHeaderType : image_base
WindowsPEOptionalHeaderType : loader_flags_hex
WindowsPEOptionalHeaderType : magic_hex
WindowsPEOptionalHeaderType : major_image_version
WindowsPEOptionalHeaderType : major_linker_version
WindowsPEOptionalHeaderType : major_os_version
WindowsPEOptionalHeaderType : major_subsystem_version
WindowsPEOptionalHeaderType : minor_image_version
WindowsPEOptionalHeaderType : minor_linker_version
WindowsPEOptionalHeaderType : minor_os_version
WindowsPEOptionalHeaderType : minor_subsystem_version
WindowsPEOptionalHeaderType : name
WindowsPEOptionalHeaderType : number_of_rva_and_sizes
WindowsPEOptionalHeaderType : section_alignment
WindowsPEOptionalHeaderType : size_of_code
WindowsPEOptionalHeaderType : size_of_headers
WindowsPEOptionalHeaderType : size_of_heap_commit
WindowsPEOptionalHeaderType : size_of_heap_reserve
WindowsPEOptionalHeaderType : size_of_image
WindowsPEOptionalHeaderType : size_of_initialized_data
WindowsPEOptionalHeaderType : size_of_stack_commit
WindowsPEOptionalHeaderType : size_of_stack_reserve
WindowsPEOptionalHeaderType : size_of_uninitialized_data
WindowsPEOptionalHeaderType : subsystem_hex
WindowsPEOptionalHeaderType : type
WindowsPEOptionalHeaderType : win32_version_value_hex
Inheritance
- StixEntity
- CommonSchemaComponent
- WindowsPEOptionalHeaderType
- CommonSchemaComponent
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| magic_hex | 0..1 String |
Specifies the unsigned integer that indicates the type of the PE binary (e | direct |
| major_linker_version | 0..1 Integer |
Specifies the linker major version number | direct |
| minor_linker_version | 0..1 Integer |
Specifies the linker minor version number | direct |
| size_of_code | 0..1 Integer |
Specifies the size of the code (text) section | direct |
| size_of_initialized_data | 0..1 Integer |
Specifies the size of the initialized data section | direct |
| size_of_uninitialized_data | 0..1 Integer |
Specifies the size of the uninitialized data section | direct |
| address_of_entry_point | 0..1 Integer |
Specifies the address of the entry point relative to the image base when the ... | direct |
| base_of_code | 0..1 Integer |
Specifies the address that is relative to the image base of the beginning-of-... | direct |
| base_of_data | 0..1 Integer |
Specifies the address that is relative to the image base of the beginning-of-... | direct |
| image_base | 0..1 Integer |
Specifies the preferred address of the first byte of the image when it is loa... | direct |
| section_alignment | 0..1 Integer |
Specifies the alignment (in bytes) of PE sections when they are loaded into m... | direct |
| file_alignment | 0..1 Integer |
Specifies the factor (in bytes) that is used to align the raw data of section... | direct |
| major_os_version | 0..1 Integer |
Specifies the major version number of the required operating system | direct |
| minor_os_version | 0..1 Integer |
Specifies the minor version number of the required operating system | direct |
| major_image_version | 0..1 Integer |
Specifies the major version number of the image | direct |
| minor_image_version | 0..1 Integer |
Specifies the minor version number of the image | direct |
| major_subsystem_version | 0..1 Integer |
Specifies the major version number of the subsystem | direct |
| minor_subsystem_version | 0..1 Integer |
Specifies the minor version number of the subsystem | direct |
| win32_version_value_hex | 0..1 String |
Specifies the reserved win32 version value | direct |
| size_of_image | 0..1 Integer |
Specifies the size, in bytes, of the image, including all headers, as the ima... | direct |
| size_of_headers | 0..1 Integer |
Specifies the combined size of the MS-DOS, PE header, and section headers, ro... | direct |
| checksum_hex | 0..1 String |
Specifies the checksum of the PE binary | direct |
| subsystem_hex | 0..1 String |
Specifies the subsystem (e | direct |
| dll_characteristics_hex | 0..1 String |
Specifies the flags that characterize the PE binary | direct |
| size_of_stack_reserve | 0..1 Integer |
Specifies the size of the stack to reserve | direct |
| size_of_stack_commit | 0..1 Integer |
Specifies the size of the stack to commit | direct |
| size_of_heap_reserve | 0..1 Integer |
Specifies the size of the local heap space to reserve | direct |
| size_of_heap_commit | 0..1 Integer |
Specifies the size of the local heap space to commit | direct |
| loader_flags_hex | 0..1 String |
Specifies the reserved loader flags | direct |
| number_of_rva_and_sizes | 0..1 Integer |
Specifies the number of data-directory entries in the remainder of the option... | direct |
| id | 0..1 StixIdentifier |
STIX object identifier | StixEntity |
| type | 0..1 StixTypeName |
STIX object type | StixEntity |
| name | 0..1 String |
Human-readable name | StixEntity |
| description | 0..1 String |
Human-readable description | StixEntity |
Usages
| used by | used in | type | used |
|---|---|---|---|
| PEBinaryExt | optional_header | range | WindowsPEOptionalHeaderType |
In Subsets
Comments
- jsonschema_rule: minProperties=1 jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json#/definitions/windows-pe-optional-header-type
Notes
- JSON Schema requires at least one property (minProperties=1).
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | attack:WindowsPEOptionalHeaderType |
| native | attack:WindowsPEOptionalHeaderType |
LinkML Source
Direct
name: WindowsPEOptionalHeaderType
description: The Windows PE Optional Header type represents the properties of the
PE optional header. At least one property from this type MUST be included.
notes:
- JSON Schema requires at least one property (minProperties=1).
comments:
- 'jsonschema_rule: minProperties=1 jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json#/definitions/windows-pe-optional-header-type'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CommonSchemaComponent
slots:
- magic_hex
- major_linker_version
- minor_linker_version
- size_of_code
- size_of_initialized_data
- size_of_uninitialized_data
- address_of_entry_point
- base_of_code
- base_of_data
- image_base
- section_alignment
- file_alignment
- major_os_version
- minor_os_version
- major_image_version
- minor_image_version
- major_subsystem_version
- minor_subsystem_version
- win32_version_value_hex
- size_of_image
- size_of_headers
- checksum_hex
- subsystem_hex
- dll_characteristics_hex
- size_of_stack_reserve
- size_of_stack_commit
- size_of_heap_reserve
- size_of_heap_commit
- loader_flags_hex
- number_of_rva_and_sizes
Induced
name: WindowsPEOptionalHeaderType
description: The Windows PE Optional Header type represents the properties of the
PE optional header. At least one property from this type MUST be included.
notes:
- JSON Schema requires at least one property (minProperties=1).
comments:
- 'jsonschema_rule: minProperties=1 jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json#/definitions/windows-pe-optional-header-type'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CommonSchemaComponent
attributes:
magic_hex:
name: magic_hex
description: Specifies the unsigned integer that indicates the type of the PE
binary (e.g. PE32 or PE32+).
comments:
- 'jsonschema_format: hex'
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: magic_hex
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: string
major_linker_version:
name: major_linker_version
description: Specifies the linker major version number.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: major_linker_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minor_linker_version:
name: minor_linker_version
description: Specifies the linker minor version number.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: minor_linker_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
size_of_code:
name: size_of_code
description: Specifies the size of the code (text) section. If there are multiple
such sections, this refers to the sum of the sizes of each section.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_code
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
size_of_initialized_data:
name: size_of_initialized_data
description: Specifies the size of the initialized data section. If there are
multiple such sections, this refers to the sum of the sizes of each section.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_initialized_data
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
size_of_uninitialized_data:
name: size_of_uninitialized_data
description: Specifies the size of the uninitialized data section. If there are
multiple such sections, this refers to the sum of the sizes of each section.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_uninitialized_data
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
address_of_entry_point:
name: address_of_entry_point
description: Specifies the address of the entry point relative to the image base
when the executable is loaded into memory.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: address_of_entry_point
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
base_of_code:
name: base_of_code
description: Specifies the address that is relative to the image base of the beginning-of-code
section when it is loaded into memory.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: base_of_code
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
base_of_data:
name: base_of_data
description: Specifies the address that is relative to the image base of the beginning-of-data
section when it is loaded into memory.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: base_of_data
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
image_base:
name: image_base
description: Specifies the preferred address of the first byte of the image when
it is loaded into memory.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: image_base
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
section_alignment:
name: section_alignment
description: Specifies the alignment (in bytes) of PE sections when they are loaded
into memory.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: section_alignment
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
file_alignment:
name: file_alignment
description: Specifies the factor (in bytes) that is used to align the raw data
of sections in the image file.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: file_alignment
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
major_os_version:
name: major_os_version
description: Specifies the major version number of the required operating system.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: major_os_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minor_os_version:
name: minor_os_version
description: Specifies the minor version number of the required operating system.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: minor_os_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
major_image_version:
name: major_image_version
description: Specifies the major version number of the image.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: major_image_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minor_image_version:
name: minor_image_version
description: Specifies the minor version number of the image.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: minor_image_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
major_subsystem_version:
name: major_subsystem_version
description: Specifies the major version number of the subsystem.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: major_subsystem_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minor_subsystem_version:
name: minor_subsystem_version
description: Specifies the minor version number of the subsystem.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: minor_subsystem_version
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
win32_version_value_hex:
name: win32_version_value_hex
description: Specifies the reserved win32 version value.
comments:
- 'jsonschema_format: hex'
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: win32_version_value_hex
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: string
size_of_image:
name: size_of_image
description: Specifies the size, in bytes, of the image, including all headers,
as the image is loaded in memory.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_image
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
size_of_headers:
name: size_of_headers
description: Specifies the combined size of the MS-DOS, PE header, and section
headers, rounded to a multiple of the value specified in file_alignment.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_headers
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
checksum_hex:
name: checksum_hex
description: Specifies the checksum of the PE binary.
comments:
- 'jsonschema_format: hex'
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: checksum_hex
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: string
subsystem_hex:
name: subsystem_hex
description: Specifies the subsystem (e.g., GUI, device driver, etc.) that is
required to run this image.
comments:
- 'jsonschema_format: hex'
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: subsystem_hex
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: string
dll_characteristics_hex:
name: dll_characteristics_hex
description: Specifies the flags that characterize the PE binary.
comments:
- 'jsonschema_format: hex'
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: dll_characteristics_hex
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: string
size_of_stack_reserve:
name: size_of_stack_reserve
description: Specifies the size of the stack to reserve.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_stack_reserve
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
size_of_stack_commit:
name: size_of_stack_commit
description: Specifies the size of the stack to commit.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_stack_commit
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
size_of_heap_reserve:
name: size_of_heap_reserve
description: Specifies the size of the local heap space to reserve.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_heap_reserve
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
size_of_heap_commit:
name: size_of_heap_commit
description: Specifies the size of the local heap space to commit.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size_of_heap_commit
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
loader_flags_hex:
name: loader_flags_hex
description: Specifies the reserved loader flags.
comments:
- 'jsonschema_format: hex'
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: loader_flags_hex
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: string
number_of_rva_and_sizes:
name: number_of_rva_and_sizes
description: Specifies the number of data-directory entries in the remainder of
the optional header.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: number_of_rva_and_sizes
owner: WindowsPEOptionalHeaderType
domain_of:
- WindowsPEOptionalHeaderType
range: integer
minimum_value: 0
id:
name: id
description: STIX object identifier.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:externalReference
rank: 1000
alias: id
owner: WindowsPEOptionalHeaderType
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_identifier
type:
name: type
description: STIX object type.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:state
rank: 1000
alias: type
owner: WindowsPEOptionalHeaderType
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_type_name
name:
name: name
description: Human-readable name.
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:name
rank: 1000
alias: name
owner: WindowsPEOptionalHeaderType
domain_of:
- RelatedAsset
- StixEntity
- ExtensionDefinition
- MarkingDefinition
- AutonomousSystem
- File
range: string
description:
name: description
description: Human-readable description.
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:description
rank: 1000
alias: description
owner: WindowsPEOptionalHeaderType
domain_of:
- RelatedAsset
- MutableElement
- StixEntity
- ExtensionDefinition
- ExternalReference
range: string