2017-03-09 14:14:36 +01:00
{
"attributes" : {
2021-01-19 15:38:31 +01:00
"authentihash" : {
"description" : "Authenticode executable signature hash (sha256)" ,
"misp-attribute" : "authentihash" ,
"ui-priority" : 1
} ,
2024-04-02 21:21:38 +02:00
"characteristics" : {
"description" : "The characteristics that indicate the attributes of the file" ,
"disable_correlation" : true ,
2024-04-03 11:19:16 +02:00
"misp-attribute" : "text" ,
"multiple" : true ,
2024-04-03 14:29:36 +02:00
"sane_default" : [
2024-04-03 11:19:16 +02:00
"AGGRESSIVE_WS_TRIM" ,
"BYTES_REVERSED_HI" ,
"BYTES_REVERSED_LO" ,
"DEBUG_STRIPPED" ,
"DLL" ,
"EXECUTABLE_IMAGE" ,
"LARGE_ADDRESS_AWARE" ,
"LINE_NUMS_STRIPPED" ,
"LOCAL_SYMS_STRIPPED" ,
"NEED_32BIT_MACHINE" ,
"NET_RUN_FROM_SWAP" ,
"RELOCS_STRIPPED" ,
"REMOVABLE_RUN_FROM_SWAP" ,
"SYSTEM" ,
"UP_SYSTEM_ONLY"
] ,
"ui-priority" : 0
} ,
"characteristics_hex" : {
"description" : "The characteristics in a single hex value" ,
"disable_correlation" : true ,
2024-04-02 21:21:38 +02:00
"misp-attribute" : "hex" ,
"ui-priority" : 0
} ,
2020-04-26 02:10:02 +02:00
"company-name" : {
"description" : "CompanyName in the resources" ,
"disable_correlation" : true ,
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-03-15 11:30:54 +01:00
} ,
2020-04-26 02:10:02 +02:00
"compilation-timestamp" : {
"description" : "Compilation timestamp defined in the PE header" ,
"misp-attribute" : "datetime" ,
"ui-priority" : 1
2017-07-03 12:17:46 +02:00
} ,
2020-04-26 02:10:02 +02:00
"entrypoint-address" : {
"description" : "Address of the entry point" ,
"disable_correlation" : true ,
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-07-03 12:17:46 +02:00
} ,
2020-04-26 02:10:02 +02:00
"entrypoint-section-at-position" : {
"description" : "Name of the section and position of the section in the PE" ,
2017-03-14 15:57:05 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-07-03 12:17:46 +02:00
} ,
2020-04-26 02:10:02 +02:00
"file-description" : {
"description" : "FileDescription in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2017-08-29 13:25:58 +02:00
"misp-attribute" : "text" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
2017-07-03 12:17:46 +02:00
} ,
2020-04-26 02:10:02 +02:00
"file-version" : {
"description" : "FileVersion in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 0
} ,
"impfuzzy" : {
"description" : "Fuzzy Hash (ssdeep) calculated from the import table" ,
"misp-attribute" : "impfuzzy" ,
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
2017-07-03 12:17:46 +02:00
"imphash" : {
2017-08-29 13:25:58 +02:00
"description" : "Hash (md5) calculated from the import table" ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "imphash" ,
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
2020-04-26 02:10:02 +02:00
"internal-filename" : {
"description" : "InternalFilename in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "filename" ,
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
2020-04-26 02:10:02 +02:00
"lang-id" : {
"description" : "Lang ID in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
2020-04-26 02:10:02 +02:00
"legal-copyright" : {
"description" : "LegalCopyright in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
2024-04-02 21:21:38 +02:00
"machine-type" : {
"description" : "Type of machine" ,
"disable_correlation" : true ,
2024-04-03 11:19:16 +02:00
"misp-attribute" : "text" ,
"sane_default" : [
"AM33" ,
"AMD64" ,
"ARM" ,
"ARM64" ,
"ARMNT" ,
"EBC" ,
"I386" ,
"IA64" ,
"M32R" ,
"MIPS16" ,
"MIPSFPU" ,
"MIPSFPU16" ,
"POWERPC" ,
"POWERPCFP" ,
"R4000" ,
"SH3" ,
"SH3DSP" ,
"SH4" ,
"SH5" ,
"THUMB" ,
"UNKNOWN" ,
"WCEMIPSV2"
] ,
2024-04-02 21:21:38 +02:00
"ui-priority" : 0
} ,
"number-of-symbols" : {
"description" : "Number of entries in the symbol table" ,
"disable_correlation" : true ,
2024-04-03 14:08:17 +02:00
"misp-attribute" : "counter" ,
2024-04-02 21:21:38 +02:00
"ui-priority" : 0
} ,
2020-04-26 02:10:02 +02:00
"number-sections" : {
"description" : "Number of sections" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2024-04-03 14:08:17 +02:00
"misp-attribute" : "counter" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
2020-04-26 02:10:02 +02:00
"original-filename" : {
"description" : "OriginalFilename in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "filename" ,
"ui-priority" : 1
} ,
"pehash" : {
"description" : "Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/" ,
"misp-attribute" : "pehash" ,
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
2024-04-02 21:21:38 +02:00
"pointer-to-symbol-table" : {
"description" : "The file offset of the COFF symbol table." ,
"disable_correlation" : true ,
"misp-attribute" : "hex" ,
"ui-priority" : 0
} ,
2017-03-09 14:14:36 +01:00
"product-name" : {
2017-08-29 13:25:58 +02:00
"description" : "ProductName in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-03-09 14:14:36 +01:00
} ,
"product-version" : {
2017-08-29 13:25:58 +02:00
"description" : "ProductVersion in the resources" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-03-12 23:06:39 +01:00
} ,
2020-08-20 10:39:49 +02:00
"richpe" : {
"description" : "RichPE metadata hash" ,
"misp-attribute" : "md5" ,
2020-08-20 10:44:41 +02:00
"multiple" : true ,
2020-08-20 10:39:49 +02:00
"ui-priority" : 0
} ,
2024-04-02 21:21:38 +02:00
"size-of-optional-header" : {
"description" : "Size of the optional header and the data directories which follow this header" ,
2024-04-03 14:37:55 +02:00
"misp-attribute" : "size-in-bytes" ,
2024-04-02 21:21:38 +02:00
"ui-priority" : 0
} ,
2020-04-26 02:10:02 +02:00
"text" : {
"description" : "Free text value to attach to the PE" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"recommended" : false ,
"ui-priority" : 1
2017-03-12 23:06:39 +01:00
} ,
2020-04-26 02:10:02 +02:00
"type" : {
"description" : "Type of PE" ,
2017-07-03 12:17:46 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"sane_default" : [
"exe" ,
"dll" ,
"driver" ,
"unknown"
] ,
"ui-priority" : 1
2017-03-09 14:14:36 +01:00
}
} ,
2017-07-03 12:17:46 +02:00
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
2020-04-26 02:10:02 +02:00
"name" : "pe" ,
"requiredOneOf" : [
"text" ,
"type" ,
"original-filename" ,
"internal-filename" ,
"entrypoint-address" ,
"imphash" ,
"impfuzzy"
] ,
2017-07-03 12:17:46 +02:00
"uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
2024-04-03 14:29:36 +02:00
"version" : 9
2020-08-20 10:53:06 +02:00
}