Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

PEImportTypeWin Executable File Object Schema

The PEImportType type is intended as container for the properties relevant to PE binary imports.


Fields

Field Name Type Description
@delay_loadoptional boolean

The delay_load field is a boolean value that is intended to describe whether a PE binary import is delay-load or not.

@initially_visibleoptional boolean

The initially_visible field refers to whether the import is initially visible, with regards to being initially visible or hidden in relation to PE binary packing. A packed binary will typically have few initially visible imports, and thus it is necessary to make the distinction between those that are visible initially or only after the binary is unpacked.

File_Name0..1 StringObjectPropertyType

The File_Name field specifies the name of the library (file) that the PE binary imports.

Imported_Functions0..1 PEImportedFunctionsType

The Imported_Functions field is used to enumerate any functions imported from a particular library.

Virtual_Address0..1 HexBinaryObjectPropertyType

The Virtual_Address field specifies the relative virtual address (RVA) of the PE binary library import.