Class: WindowsPEBinaryFileFacet

"A Windows PE binary file facet is a grouping of characteristics unique to a Windows portable executable (PE) file."

URI: observable:WindowsPEBinaryFileFacet

classDiagram class WindowsPEBinaryFileFacet Facet <|-- WindowsPEBinaryFileFacet WindowsPEBinaryFileFacet : characteristics WindowsPEBinaryFileFacet : fileHeaderHashes WindowsPEBinaryFileFacet ..> Hash : fileHeaderHashes WindowsPEBinaryFileFacet : impHash WindowsPEBinaryFileFacet ..> string : impHash WindowsPEBinaryFileFacet : machine WindowsPEBinaryFileFacet ..> string : machine WindowsPEBinaryFileFacet : numberOfSections WindowsPEBinaryFileFacet ..> integer : numberOfSections WindowsPEBinaryFileFacet : numberOfSymbols WindowsPEBinaryFileFacet ..> integer : numberOfSymbols WindowsPEBinaryFileFacet : optionalHeader WindowsPEBinaryFileFacet ..> WindowsPEOptionalHeader : optionalHeader WindowsPEBinaryFileFacet : peType WindowsPEBinaryFileFacet ..> string : peType WindowsPEBinaryFileFacet : pointerToSymbolTable WindowsPEBinaryFileFacet ..> hex binary type : pointerToSymbolTable WindowsPEBinaryFileFacet : sections WindowsPEBinaryFileFacet ..> WindowsPESection : sections WindowsPEBinaryFileFacet : sizeOfOptionalHeader WindowsPEBinaryFileFacet ..> integer : sizeOfOptionalHeader WindowsPEBinaryFileFacet : timeDateStamp WindowsPEBinaryFileFacet ..> datetime : timeDateStamp

Inheritance

UcoThing
- UcoInherentCharacterizationThing
  - Facet
    - WindowsPEBinaryFileFacet

Slots

Name	Cardinality and Range	Description	Inheritance
optionalHeader	0..1 WindowsPEOptionalHeader	"Specifies the PE optional header of the PE binary	direct
sections	0..1 WindowsPESection	"Specifies metadata about the sections in the PE file	direct
fileHeaderHashes	0..1 Hash	"Specifies any hashes that were computed for the file header	direct
timeDateStamp	0..1 xsd:dateTime	"Specifies the time when the PE binary was created	direct
pointerToSymbolTable	0..1 HexBinaryType	"Specifies the file offset of the COFF symbol table	direct
numberOfSections	0..1 xsd:integer	"Specifies the numberOfSections in the PE binary, as a non-negative integer	direct
numberOfSymbols	0..1 xsd:integer	"Specifies the number of entries in the symbol table of the PE binary, as a n...	direct
sizeOfOptionalHeader	0..1 xsd:integer	"Specifies the size of the optionalHeader of the PE binary	direct
impHash	0..1 xsd:string	"Specifies the special import hash, or â€˜imphashâ€™, calculated for the PE B...	direct
peType	0..1 xsd:string	"Specifies the type of the PE binary	direct
machine	0..1 xsd:string	"Specifies the type of target machine	direct
characteristics	0..1 UnsignedShortType	"Specifies the flags that indicate the fileâ€™s characteristics	direct

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/uco-observable

Mappings

Mapping Type	Mapped Value
self	observable:WindowsPEBinaryFileFacet
native	observable:WindowsPEBinaryFileFacet

LinkML Source

Direct

name: WindowsPEBinaryFileFacet
description: '"A Windows PE binary file facet is a grouping of characteristics unique
  to a Windows portable executable (PE) file."'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
slots:
- optionalHeader
- sections
- fileHeaderHashes
- timeDateStamp
- pointerToSymbolTable
- numberOfSections
- numberOfSymbols
- sizeOfOptionalHeader
- impHash
- peType
- machine
- characteristics
slot_usage:
  sections:
    name: sections
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  fileHeaderHashes:
    name: fileHeaderHashes
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  pointerToSymbolTable:
    name: pointerToSymbolTable
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  machine:
    name: machine
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  characteristics:
    name: characteristics
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet

Induced

name: WindowsPEBinaryFileFacet
description: '"A Windows PE binary file facet is a grouping of characteristics unique
  to a Windows portable executable (PE) file."'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
slot_usage:
  sections:
    name: sections
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  fileHeaderHashes:
    name: fileHeaderHashes
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  pointerToSymbolTable:
    name: pointerToSymbolTable
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  machine:
    name: machine
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
  characteristics:
    name: characteristics
    multivalued: true
    domain_of:
    - WindowsPEBinaryFileFacet
attributes:
  optionalHeader:
    name: optionalHeader
    description: '"Specifies the PE optional header of the PE binary."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: optionalHeader
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: WindowsPEOptionalHeader
  sections:
    name: sections
    description: '"Specifies metadata about the sections in the PE file."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    multivalued: true
    alias: sections
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: WindowsPESection
  fileHeaderHashes:
    name: fileHeaderHashes
    description: '"Specifies any hashes that were computed for the file header."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    multivalued: true
    alias: fileHeaderHashes
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: Hash
  timeDateStamp:
    name: timeDateStamp
    description: '"Specifies the time when the PE binary was created."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: timeDateStamp
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    - WindowsPEFileHheader
    range: datetime
  pointerToSymbolTable:
    name: pointerToSymbolTable
    description: '"Specifies the file offset of the COFF symbol table."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    multivalued: true
    alias: pointerToSymbolTable
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: hex binary type
  numberOfSections:
    name: numberOfSections
    description: '"Specifies the numberOfSections in the PE binary, as a non-negative
      integer."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: numberOfSections
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: integer
  numberOfSymbols:
    name: numberOfSymbols
    description: '"Specifies the number of entries in the symbol table of the PE binary,
      as a non-negative integer."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: numberOfSymbols
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: integer
  sizeOfOptionalHeader:
    name: sizeOfOptionalHeader
    description: '"Specifies the size of the optionalHeader of the PE binary."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: sizeOfOptionalHeader
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: integer
  impHash:
    name: impHash
    description: '"Specifies the special import hash, or â€˜imphashâ€™, calculated
      for the PE Binary based on its imported libraries and functions."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: impHash
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: string
  peType:
    name: peType
    description: '"Specifies the type of the PE binary."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: peType
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: string
  machine:
    name: machine
    description: '"Specifies the type of target machine."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    multivalued: true
    alias: machine
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: string
  characteristics:
    name: characteristics
    description: '"Specifies the flags that indicate the fileâ€™s characteristics."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    multivalued: true
    alias: characteristics
    owner: WindowsPEBinaryFileFacet
    domain_of:
    - WindowsPEBinaryFileFacet
    range: unsigned short type