Class: WindowsPESection
The Windows PE Section type specifies metadata about a PE file section.
classDiagram
class WindowsPESection
click WindowsPESection href "../WindowsPESection/"
CommonSchemaComponent <|-- WindowsPESection
click CommonSchemaComponent href "../CommonSchemaComponent/"
WindowsPESection : description
WindowsPESection : entropy
WindowsPESection : id
WindowsPESection : name
WindowsPESection : pe_section_hashes
WindowsPESection --> "0..1" HashesType : pe_section_hashes
click HashesType href "../HashesType/"
WindowsPESection : pe_section_name
WindowsPESection : pe_section_size
WindowsPESection : type
Inheritance
- StixEntity
- CommonSchemaComponent
- WindowsPESection
- CommonSchemaComponent
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| pe_section_name | 1 String |
Specifies the name of the PE section | direct |
| pe_section_size | 0..1 Integer |
Specifies the size of the PE section, in bytes | direct |
| entropy | 0..1 Float |
Specifies the calculated entropy for the section, as calculated using the Sha... | direct |
| pe_section_hashes | 0..1 HashesType |
Specifies any hashes computed over the section | direct |
| id | 0..1 StixIdentifier |
STIX object identifier | StixEntity |
| type | 0..1 StixTypeName |
STIX object type | StixEntity |
| name | 0..1 String |
Human-readable name | StixEntity |
| description | 0..1 String |
Human-readable description | StixEntity |
Usages
| used by | used in | type | used |
|---|---|---|---|
| PEBinaryExt | sections | range | WindowsPESection |
In Subsets
Comments
- jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json#/definitions/windows-pe-section
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | attack:WindowsPESection |
| native | attack:WindowsPESection |
LinkML Source
Direct
name: WindowsPESection
description: The Windows PE Section type specifies metadata about a PE file section.
comments:
- 'jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json#/definitions/windows-pe-section'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CommonSchemaComponent
slots:
- pe_section_name
- pe_section_size
- entropy
- pe_section_hashes
slot_usage:
pe_section_name:
name: pe_section_name
required: true
Induced
name: WindowsPESection
description: The Windows PE Section type specifies metadata about a PE file section.
comments:
- 'jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json#/definitions/windows-pe-section'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CommonSchemaComponent
slot_usage:
pe_section_name:
name: pe_section_name
required: true
attributes:
pe_section_name:
name: pe_section_name
description: Specifies the name of the PE section.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: pe_section_name
owner: WindowsPESection
domain_of:
- WindowsPESection
range: string
required: true
pe_section_size:
name: pe_section_size
description: Specifies the size of the PE section, in bytes.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: pe_section_size
owner: WindowsPESection
domain_of:
- WindowsPESection
range: integer
minimum_value: 0
entropy:
name: entropy
description: Specifies the calculated entropy for the section, as calculated using
the Shannon algorithm.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: entropy
owner: WindowsPESection
domain_of:
- WindowsPESection
range: float
pe_section_hashes:
name: pe_section_hashes
description: Specifies any hashes computed over the section.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: pe_section_hashes
owner: WindowsPESection
domain_of:
- WindowsPESection
range: HashesType
id:
name: id
description: STIX object identifier.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:externalReference
rank: 1000
alias: id
owner: WindowsPESection
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_identifier
type:
name: type
description: STIX object type.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:state
rank: 1000
alias: type
owner: WindowsPESection
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_type_name
name:
name: name
description: Human-readable name.
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:name
rank: 1000
alias: name
owner: WindowsPESection
domain_of:
- RelatedAsset
- StixEntity
- ExtensionDefinition
- MarkingDefinition
- AutonomousSystem
- File
range: string
description:
name: description
description: Human-readable description.
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:description
rank: 1000
alias: description
owner: WindowsPESection
domain_of:
- RelatedAsset
- MutableElement
- StixEntity
- ExtensionDefinition
- ExternalReference
range: string