https://unifiedcyberontology.org/ontology/uco/observable#WindowsPEOptionalHeader
Instances of observable:WindowsPEOptionalHeader can have the following properties:
PROPERTY |
PROPERTY TYPE |
DESCRIPTION |
MIN COUNT |
MAX COUNT |
VALUE CONSTRAINTS |
LOCAL TYPE |
GLOBAL RANGE |
|---|---|---|---|---|---|---|---|
| observable:WindowsPEOptionalHeader | |||||||
| observable:addressOfEntryPoint | owl:DatatypeProperty |
Specifies the address of the entry point relative to the image base when the executable is loaded into memory.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:baseOfCode | owl:DatatypeProperty |
Specifies the address that is relative to the image base of the beginning-of-code section when it is loaded into memory.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:checksum | owl:DatatypeProperty |
Specifies the checksum of the PE binary.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:dllCharacteristics | owl:DatatypeProperty |
Specifies the flags that characterize the PE binary.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:fileAlignment | owl:DatatypeProperty |
Specifies the factor (in bytes) that is used to align the raw data of sections in the image file.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:imageBase | owl:DatatypeProperty |
Specifies the address that is relative to the image base of the beginning-of-data section when it is loaded into memory.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:loaderFlags | owl:DatatypeProperty |
Specifies the reserved loader flags
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:magic | owl:DatatypeProperty |
Specifies the value that indicates the type of the PE binary.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:majorImageVersion | owl:DatatypeProperty |
Specifies the major version number of the image.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:majorLinkerVersion | owl:DatatypeProperty |
Specifies the linker major version number.
|
0 | * |
|
xsd:byte
|
xsd:byte
|
| observable:majorOSVersion | owl:DatatypeProperty |
Specifies the major version number of the required operating system.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:majorSubsystemVersion | owl:DatatypeProperty |
Specifies the major version number of the subsystem.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:minorImageVersion | owl:DatatypeProperty |
Specifies the minor version number of the image.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:minorLinkerVersion | owl:DatatypeProperty |
Specifies the linker minor version number.
|
0 | * |
|
xsd:byte
|
xsd:byte
|
| observable:minorOSVersion | owl:DatatypeProperty |
Specifies the minor version number of the required operating system.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:minorSubsystemVersion | owl:DatatypeProperty |
Specifies the minor version number of the subsystem.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:numberOfRVAAndSizes | owl:DatatypeProperty |
Specifies the number of data-directory entries in the remainder of the optional header.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sectionAlignment | owl:DatatypeProperty |
Specifies the alignment (in bytes) of PE sections when they are loaded into memory.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfCode | owl:DatatypeProperty |
Specifies the size of the code (text) section. If there are multiple such sections, this refers to the sum of the sizes of each section.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfHeaders | owl:DatatypeProperty |
Specifies the combined size of the MS-DOS, PE header, and section headers, rounded up a multiple of the value specified in the file_alignment header.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfHeapCommit | owl:DatatypeProperty |
Specifies the size of the local heap space to commit.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfHeapReserve | owl:DatatypeProperty |
Specifies the size of the local heap space to reserve.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfImage | owl:DatatypeProperty |
Specifies the size, in bytes, of the image, including all headers, as the image is loaded in memory.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfInitializedData | owl:DatatypeProperty |
Specifies the size of the initialized data section. If there are multiple such sections, this refers to the sum of the sizes of each section.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfStackCommit | owl:DatatypeProperty |
Specifies the size of the stack to commit.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfStackReserve | owl:DatatypeProperty |
Specifies the size of the stack to reserve.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:sizeOfUninitializedData | owl:DatatypeProperty |
Specifies the size of the uninitialized data section. If there are multiple such sections, this refers to the sum of the sizes of each section.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
| observable:subsystem | owl:DatatypeProperty |
Specifies the subsystem (e.g., GUI, device driver, etc.) that is required to run this image.
|
0 | * |
|
xsd:unsignedShort
|
xsd:unsignedShort
|
| observable:win32VersionValue | owl:DatatypeProperty |
Specifies the reserved win32 version value.
|
0 | * |
|
xsd:unsignedInt
|
xsd:unsignedInt
|
@prefix observable: <https://unifiedcyberontology.org/ontology/uco/observable#> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
observable:WindowsPEOptionalHeader a owl:Class,
sh:NodeShape ;
rdfs:label "WindowsPEOptionalHeader"@en ;
rdfs:comment "A Windows PE optional header is a grouping of characteristics unique to the 'optional header' of a Windows PE (Portable Executable) file, consisting of a collection of metadata about the executable code structure of the file."@en ;
sh:property [ sh:datatype xsd:byte ;
sh:nodeKind sh:Literal ;
sh:path observable:majorLinkerVersion ],
[ sh:datatype xsd:byte ;
sh:nodeKind sh:Literal ;
sh:path observable:minorLinkerVersion ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:addressOfEntryPoint ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:baseOfCode ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:checksum ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:fileAlignment ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:imageBase ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:loaderFlags ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:numberOfRVAAndSizes ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sectionAlignment ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfCode ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfHeaders ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfHeapCommit ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfHeapReserve ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfImage ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfInitializedData ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfStackCommit ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfStackReserve ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:sizeOfUninitializedData ],
[ sh:datatype xsd:unsignedInt ;
sh:nodeKind sh:Literal ;
sh:path observable:win32VersionValue ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:dllCharacteristics ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:magic ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:majorImageVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:majorOSVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:majorSubsystemVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:minorImageVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:minorOSVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:minorSubsystemVersion ],
[ sh:datatype xsd:unsignedShort ;
sh:nodeKind sh:Literal ;
sh:path observable:subsystem ] ;
sh:targetClass observable:WindowsPEOptionalHeader .