Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

PEHeadersTypeWin Executable File Object Schema

The PEHeadersType specifies the headers found in PE and COFF files.


Fields

Field Name Type Description
DOS_Header0..1 DOSHeaderType

The DOS_Header field refers to the MS-DOS PE header and its associated characteristics.

Signature0..1 HexBinaryObjectPropertyType

The Signature field specifies the 4-bytes sugnature that identifies the file as a PE file.

File_Header0..1 PEFileHeaderType

The File_Header field refers to the PE file header (sometimes referred to as the COFF header) and its associated characteristics.

Optional_Header0..1 PEOptionalHeaderType

The Optional_Header field refers to the PE optional header and its associated characteristics. The Optional Header is required for executable (PE) files, but optional for object (COFF) files.

Entropy0..1 EntropyType

The Entropy field specifies the calculated entropy of the PE file header.

Hashes0..1 HashListType

The Hashes field is used to include any hash values computed using the specified PE binary file header as input.