{
  "requiredOneOf": [
    "text",
    "original-filename",
    "internal-filename",
    "entrypoint-address"
  ],
  "attributes": {
    "pehash": {
      "description": "Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/",
      "ui-priority": 0,
      "misp-attribute": "pehash"
    },
    "impfuzzy": {
      "description": "Fuzzy Hash (ssdeep) calculated from the import table",
      "ui-priority": 0,
      "misp-attribute": "impfuzzy"
    },
    "internal-filename": {
      "description": "InternalFilename in the resources",
      "ui-priority": 0,
      "misp-attribute": "filename",
      "disable_correlation": true
    },
    "original-filename": {
      "description": "OriginalFilename in the resources",
      "ui-priority": 1,
      "misp-attribute": "filename",
      "disable_correlation": true
    },
    "number-sections": {
      "description": "Number of sections",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "text": {
      "description": "Free text value to attach to the PE",
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text",
      "recommended": false
    },
    "type": {
      "description": "Type of PE",
      "sane_default": [
        "exe",
        "dll",
        "driver",
        "unknown"
      ],
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "imphash": {
      "description": "Hash (md5) calculated from the import table",
      "ui-priority": 0,
      "misp-attribute": "imphash"
    },
    "compilation-timestamp": {
      "description": "Compilation timestamp defined in the PE header",
      "ui-priority": 1,
      "misp-attribute": "datetime"
    },
    "entrypoint-section-at-position": {
      "description": "Name of the section and position of the section in the PE",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "entrypoint-address": {
      "description": "Address of the entry point",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "file-description": {
      "description": "FileDescription in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "file-version": {
      "description": "FileVersion in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "lang-id": {
      "description": "Lang ID in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "product-name": {
      "description": "ProductName in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "product-version": {
      "description": "ProductVersion in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "company-name": {
      "description": "CompanyName in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "legal-copyright": {
      "description": "LegalCopyright in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    }
  },
  "version": 3,
  "description": "Object describing a Portable Executable",
  "meta-category": "file",
  "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
  "name": "pe"
}