1. Home
  2. Entities
  3. Classes
  4. observable:WindowsPEBinaryFileFacet

observable:WindowsPEBinaryFileFacet leaf node

URI

https://ontology.unifiedcyberontology.org/uco/observable/WindowsPEBinaryFileFacet

Label

WindowsPEBinaryFileFacet

Description

A Windows PE binary file facet is a grouping of characteristics unique to a Windows portable executable (PE) file.

Superclasses (3)

  • core:Facet
  • core:UcoInherentCharacterizationThing
  • core:UcoThing

    • Shapes (1)

  • observable:WindowsPEBinaryFileFacet

    • Usage

    Instances of observable:WindowsPEBinaryFileFacet can have the following properties:

    PROPERTYTYPEDESCRIPTIONRANGE
    From class owl:Thing
    types:threadNextItem owl:ObjectProperty The link to a next item in a thread. owl:Thing
    types:threadPreviousItem owl:ObjectProperty A direct link to a previous item in a thread. owl:Thing

    Property Shapes

    By the associated SHACL property shapes, instances of observable:WindowsPEBinaryFileFacet can have the following properties:

    PROPERTY

    PROPERTY TYPE

    DESCRIPTION

    MIN COUNT

    MAX COUNT

    LOCAL RANGE
    (type range for property on this class)

    GLOBAL RANGE
    (type range for property globally)
    observable:WindowsPEBinaryFileFacet
    observable:characteristics owl:DatatypeProperty Specifies the flags that indicate the file’s characteristics.
    		xsd:unsignedShort
    		xsd:unsignedShort
    observable:fileHeaderHashes owl:ObjectProperty Specifies any hashes that were computed for the file header.
    		types:Hash
    		types:Hash
    observable:impHash owl:DatatypeProperty Specifies the special import hash, or ‘imphash’, calculated for the PE Binary based on its imported libraries and functions.
    		1 xsd:string
    		xsd:string
    observable:machine owl:DatatypeProperty Specifies the type of target machine.
    		xsd:string
    		xsd:string
    observable:numberOfSections owl:DatatypeProperty Specifies the number of sections in the PE binary, as a non-negative integer.
    		1 xsd:integer
    		xsd:integer
    observable:numberOfSymbols owl:DatatypeProperty Specifies the number of entries in the symbol table of the PE binary, as a non-negative integer.
    		1 xsd:integer
    		xsd:integer
    observable:optionalHeader owl:ObjectProperty Specifies the PE optional header of the PE binary.
    		1 observable:WindowsPEOptionalHeader
    		observable:WindowsPEOptionalHeader
    observable:peType owl:DatatypeProperty Specifies the type of the PE binary.
    		1 xsd:string
    		xsd:string
    observable:pointerToSymbolTable owl:DatatypeProperty Specifies the file offset of the COFF symbol table.
    		xsd:hexBinary
    		xsd:hexBinary
    observable:sections owl:ObjectProperty Specifies metadata about the sections in the PE file.
    		observable:WindowsPESection
    		observable:WindowsPESection
    observable:sizeOfOptionalHeader owl:DatatypeProperty Specifies the size of the optional header of the PE binary.
    		1 xsd:integer
    		xsd:integer
    observable:timeDateStamp owl:DatatypeProperty Specifies the time when the PE binary was created.
    		1 xsd:dateTime
    		xsd:dateTime

    Implementation

    @prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix observable: <https://ontology.unifiedcyberontology.org/uco/observable/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix types: <https://ontology.unifiedcyberontology.org/uco/types/> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

observable:WindowsPEBinaryFileFacet a owl:Class,
        sh:NodeShape ;
    rdfs:label "WindowsPEBinaryFileFacet"@en ;
    rdfs:comment "A Windows PE binary file facet is a grouping of characteristics unique to a Windows portable executable (PE) file."@en ;
    rdfs:subClassOf core:Facet ;
    sh:property [ sh:class observable:WindowsPEOptionalHeader ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:optionalHeader ],
        [ sh:class observable:WindowsPESection ;
            sh:nodeKind sh:IRI ;
            sh:path observable:sections ],
        [ sh:class types:Hash ;
            sh:nodeKind sh:IRI ;
            sh:path observable:fileHeaderHashes ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:timeDateStamp ],
        [ sh:datatype xsd:hexBinary ;
            sh:nodeKind sh:Literal ;
            sh:path observable:pointerToSymbolTable ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:numberOfSections ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:numberOfSymbols ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:sizeOfOptionalHeader ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:impHash ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:peType ],
        [ sh:datatype xsd:string ;
            sh:nodeKind sh:Literal ;
            sh:path observable:machine ],
        [ sh:datatype xsd:unsignedShort ;
            sh:nodeKind sh:Literal ;
            sh:path observable:characteristics ] ;
    sh:targetClass observable:WindowsPEBinaryFileFacet .