This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element FileObj:File
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The File object is intended to characterize a generic file.
<xs:element name="File" type="FileObj:FileObjectType"><xs:annotation><xs:documentation>The File object is intended to characterize a generic file.</xs:documentation></xs:annotation></xs:element>
The File_Name field specifies the base name of the file (including an extension, if present).
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The File_Name field specifies the base name of the file (including an extension, if present).</xs:documentation></xs:annotation></xs:element>
The File_Path field specifies the relative or fully-qualified path to the file, not including the path to the device where the file system containing the file resides. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute of this field. The File_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").
<xs:element name="File_Path" type="FileObj:FilePathType" minOccurs="0"><xs:annotation><xs:documentation>The File_Path field specifies the relative or fully-qualified path to the file, not including the path to the device where the file system containing the file resides. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute of this field. The File_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation></xs:annotation></xs:element>
The Device_Path field specifies the path to the physical device where the file system containing the file resides.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Device_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1"><xs:annotation><xs:documentation>The Device_Path field specifies the path to the physical device where the file system containing the file resides.</xs:documentation></xs:annotation></xs:element>
The Full_Path field specifies the complete path to the file, including the device path. It should contain the contents that would otherwise be in the Device_Path and File_Path fields, and can be used in case the producer is unable or does not wish to separate the Device_Path and File_Path fields. If the Full_Path field is specified along with the File_Path and/or Device_Path fields, it must not conflict with either. The Full_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Full_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Full_Path field specifies the complete path to the file, including the device path. It should contain the contents that would otherwise be in the Device_Path and File_Path fields, and can be used in case the producer is unable or does not wish to separate the Device_Path and File_Path fields. If the Full_Path field is specified along with the File_Path and/or Device_Path fields, it must not conflict with either. The Full_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation></xs:annotation></xs:element>
The File_Extension field specifies the extension of the name of the file. The File_Extension field must not conflict with the ending of the File_Name field. The File_Extension field should not begin with a "." character, but may contain a "." character in the case of a compound file extension, such as "tar.gz".
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="File_Extension" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The File_Extension field specifies the extension of the name of the file. The File_Extension field must not conflict with the ending of the File_Name field. The File_Extension field should not begin with a "." character, but may contain a "." character in the case of a compound file extension, such as "tar.gz".</xs:documentation></xs:annotation></xs:element>
The Size_In_Bytes field specifies the size of the file, in bytes.
Diagram
Type
UnsignedLongObjectPropertyType
Source
<xs:element name="Size_In_Bytes" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Size_In_Bytes field specifies the size of the file, in bytes.</xs:documentation></xs:annotation></xs:element>
The Magic_Number specifies the particular magic number (typically a hexadecimal constant used to identify a file format) corresponding to the file, if applicable.
Diagram
Type
HexBinaryObjectPropertyType
Source
<xs:element minOccurs="0" name="Magic_Number" type="cyboxCommon:HexBinaryObjectPropertyType"><xs:annotation><xs:documentation>The Magic_Number specifies the particular magic number (typically a hexadecimal constant used to identify a file format) corresponding to the file, if applicable.</xs:documentation></xs:annotation></xs:element>
The File_Format field specifies the particular file format of the file, most typically specified by a tool such as the UNIX file command.
Diagram
Type
StringObjectPropertyType
Source
<xs:element minOccurs="0" name="File_Format" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The File_Format field specifies the particular file format of the file, most typically specified by a tool such as the UNIX file command.</xs:documentation></xs:annotation></xs:element>
The Hashes field specifies any hashes of the file.
Diagram
Type
HashListType
Source
<xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>The Hashes field specifies any hashes of the file.</xs:documentation></xs:annotation></xs:element>
The Digital_Signatures field is optional and captures one or more digital signatures for the file.
Diagram
Type
DigitalSignaturesType
Source
<xs:element name="Digital_Signatures" type="cyboxCommon:DigitalSignaturesType" minOccurs="0"><xs:annotation><xs:documentation>The Digital_Signatures field is optional and captures one or more digital signatures for the file.</xs:documentation></xs:annotation></xs:element>
The Modified_Time field specifies the date/time the file was last modified.
Diagram
Type
DateTimeObjectPropertyType
Source
<xs:element name="Modified_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Modified_Time field specifies the date/time the file was last modified.</xs:documentation></xs:annotation></xs:element>
The Accessed_Time field specifies the date/time the file was last accessed.
Diagram
Type
DateTimeObjectPropertyType
Source
<xs:element name="Accessed_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Accessed_Time field specifies the date/time the file was last accessed.</xs:documentation></xs:annotation></xs:element>
The Created_Time field specifies the date/time the file was created.
Diagram
Type
DateTimeObjectPropertyType
Source
<xs:element name="Created_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Created_Time field specifies the date/time the file was created.</xs:documentation></xs:annotation></xs:element>
The File_Attributes_List field specifies the particular special attributes set for the file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.
<xs:element name="File_Attributes_List" type="FileObj:FileAttributeType" minOccurs="0"><xs:annotation><xs:documentation>The File_Attributes_List field specifies the particular special attributes set for the file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation></xs:annotation></xs:element>
The Permissions field specifies that particular permissions that a file may have. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.
<xs:element name="Permissions" type="FileObj:FilePermissionsType" minOccurs="0"><xs:annotation><xs:documentation>The Permissions field specifies that particular permissions that a file may have. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation></xs:annotation></xs:element>
The User_Owner field specifies the name of the user that owns the file.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="User_Owner" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The User_Owner field specifies the name of the user that owns the file.</xs:documentation></xs:annotation></xs:element>
The Packer_List field specifies any packers that the file may be packed with. The term 'packer' here refers to packers, as well as things like archivers and installers.
<xs:element name="Packer_List" type="FileObj:PackerListType" minOccurs="0"><xs:annotation><xs:documentation>The Packer_List field specifies any packers that the file may be packed with. The term 'packer' here refers to packers, as well as things like archivers and installers.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Packer" type="FileObj:PackerType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Packer field specifies a single file packer.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Name field specifies the name of the packer.</xs:documentation></xs:annotation></xs:element>
The Version field specifies the version of the packer.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Version field specifies the version of the packer.</xs:documentation></xs:annotation></xs:element>
The Entry_Point field specifies the entry point address of the packer, if applicable.
Diagram
Type
HexBinaryObjectPropertyType
Source
<xs:element minOccurs="0" name="Entry_Point" type="cyboxCommon:HexBinaryObjectPropertyType"><xs:annotation><xs:documentation>The Entry_Point field specifies the entry point address of the packer, if applicable.</xs:documentation></xs:annotation></xs:element>
The Signature field specifies the matching signature detected for the packer, if applicable.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Signature" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Signature field specifies the matching signature detected for the packer, if applicable.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Type" type="FileObj:PackerClassType" minOccurs="0"><xs:annotation><xs:documentation>The Type field specifies the type of packer being characterized.</xs:documentation></xs:annotation></xs:element>
<xs:element maxOccurs="1" minOccurs="0" name="Detected_Entrypoint_Signatures" type="FileObj:EntryPointSignatureListType"><xs:annotation><xs:documentation>The Detected_Entrypoint_Signatures field specifies the entrypoint signatures that were detected for the packer.</xs:documentation></xs:annotation></xs:element>
<xs:element maxOccurs="unbounded" name="Entry_Point_Signature" type="FileObj:EntryPointSignatureType"><xs:annotation><xs:documentation>Specifies a single field in a list of entry point signatures.</xs:documentation></xs:annotation></xs:element>
Specifies an executable that acts as an installer.
Source
<xs:element maxOccurs="1" minOccurs="0" name="Type" type="FileObj:DetectedTypeEnum"><xs:annotation><xs:documentation>Specifies the type of entry point detected (e.g., packer, compiled file).</xs:documentation></xs:annotation></xs:element>
<xs:element maxOccurs="1" minOccurs="0" name="EP_Jump_Codes" type="FileObj:EPJumpCodeType"><xs:annotation><xs:documentation>The EP_Jump_Codes field characterizes the entry point jump codes of the packer.</xs:documentation></xs:annotation></xs:element>
The frequency that a jump instruction is found to be immediately followed by another jump instruction within the PE(Portable Executable) entry point.
Diagram
Type
IntegerObjectPropertyType
Source
<xs:element maxOccurs="1" minOccurs="0" name="Depth" type="cyboxCommon:IntegerObjectPropertyType"><xs:annotation><xs:documentation>The frequency that a jump instruction is found to be immediately followed by another jump instruction within the PE(Portable Executable) entry point.</xs:documentation></xs:annotation></xs:element>
The hex value of the bytes located at the jump location for a relative jump identified in the PE(Portable Executable) entry point up to 10 bytes or the end of the RVA(Relative Virtual Address) section.
Diagram
Type
StringObjectPropertyType
Source
<xs:element maxOccurs="1" minOccurs="0" name="Opcodes" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The hex value of the bytes located at the jump location for a relative jump identified in the PE(Portable Executable) entry point up to 10 bytes or the end of the RVA(Relative Virtual Address) section.</xs:documentation></xs:annotation></xs:element>
The Peak_Entropy field specifies the calculated peak entropy of the file.
Diagram
Type
DoubleObjectPropertyType
Source
<xs:element name="Peak_Entropy" type="cyboxCommon:DoubleObjectPropertyType" minOccurs="0" maxOccurs="1"><xs:annotation><xs:documentation>The Peak_Entropy field specifies the calculated peak entropy of the file.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Sym_Links" type="FileObj:SymLinksListType" minOccurs="0"><xs:annotation><xs:documentation>The Sym_Links field specifies any symbolic links that may exist for the file.</xs:documentation></xs:annotation></xs:element>
The Sym_Link element specifies a single symbolic link.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Sym_Link" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Sym_Link element specifies a single symbolic link.</xs:documentation></xs:annotation></xs:element>
The Byte_Runs field contains a list of byte runs from the raw file or its storage medium.
Diagram
Type
ByteRunsType
Source
<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Runs field contains a list of byte runs from the raw file or its storage medium.</xs:documentation></xs:annotation></xs:element>
A description of features extracted from this file.
Diagram
Type
ExtractedFeaturesType
Source
<xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0"><xs:annotation><xs:documentation>A description of features extracted from this file.</xs:documentation></xs:annotation></xs:element>
The Encryption_Algorithm field specifies the algorithm used to encrypt the file.
Diagram
Type
CipherType
Source
<xs:element name="Encryption_Algorithm" type="cyboxCommon:CipherType" minOccurs="0"><xs:annotation><xs:documentation>The Encryption_Algorithm field specifies the algorithm used to encrypt the file.</xs:documentation></xs:annotation></xs:element>
The Decryption_Key field specifies the key used to decrypt the file.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Decryption_Key" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Decryption_Key field specifies the key used to decrypt the file.</xs:documentation></xs:annotation></xs:element>
The Compression_Method field specifies the method used to compress the file.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Compression_Method" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Compression_Method field specifies the method used to compress the file.</xs:documentation></xs:annotation></xs:element>
The Compression_Version field specifies the version of the compression method used to compress the file.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Compression_Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Compression_Version field specifies the version of the compression method used to compress the file.</xs:documentation></xs:annotation></xs:element>
The Compression_Comment field specifies the comment string associated with the compressed file.
Diagram
Type
StringObjectPropertyType
Source
<xs:element name="Compression_Comment" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Compression_Comment field specifies the comment string associated with the compressed file.</xs:documentation></xs:annotation></xs:element>
Complex Type FileObj:FileObjectType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The File_ObjectType type is intended to characterize generic files.
<xs:complexType name="FileObjectType" mixed="false"><xs:annotation><xs:documentation>The File_ObjectType type is intended to characterize generic files.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="cyboxCommon:ObjectPropertiesType"><xs:sequence minOccurs="1"><xs:element name="File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The File_Name field specifies the base name of the file (including an extension, if present).</xs:documentation></xs:annotation></xs:element><xs:element name="File_Path" type="FileObj:FilePathType" minOccurs="0"><xs:annotation><xs:documentation>The File_Path field specifies the relative or fully-qualified path to the file, not including the path to the device where the file system containing the file resides. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute of this field. The File_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation></xs:annotation></xs:element><xs:element name="Device_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1"><xs:annotation><xs:documentation>The Device_Path field specifies the path to the physical device where the file system containing the file resides.</xs:documentation></xs:annotation></xs:element><xs:element name="Full_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Full_Path field specifies the complete path to the file, including the device path. It should contain the contents that would otherwise be in the Device_Path and File_Path fields, and can be used in case the producer is unable or does not wish to separate the Device_Path and File_Path fields. If the Full_Path field is specified along with the File_Path and/or Device_Path fields, it must not conflict with either. The Full_Path field may include the name of the file; if so, it must not conflict with the File_Name field. If not, the File_Path field should contain the path of the directory containing the file, and should end with a terminating path separator("\" or "/").</xs:documentation></xs:annotation></xs:element><xs:element name="File_Extension" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The File_Extension field specifies the extension of the name of the file. The File_Extension field must not conflict with the ending of the File_Name field. The File_Extension field should not begin with a "." character, but may contain a "." character in the case of a compound file extension, such as "tar.gz".</xs:documentation></xs:annotation></xs:element><xs:element name="Size_In_Bytes" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Size_In_Bytes field specifies the size of the file, in bytes.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="Magic_Number" type="cyboxCommon:HexBinaryObjectPropertyType"><xs:annotation><xs:documentation>The Magic_Number specifies the particular magic number (typically a hexadecimal constant used to identify a file format) corresponding to the file, if applicable.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="File_Format" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The File_Format field specifies the particular file format of the file, most typically specified by a tool such as the UNIX file command.</xs:documentation></xs:annotation></xs:element><xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>The Hashes field specifies any hashes of the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Digital_Signatures" type="cyboxCommon:DigitalSignaturesType" minOccurs="0"><xs:annotation><xs:documentation>The Digital_Signatures field is optional and captures one or more digital signatures for the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Modified_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Modified_Time field specifies the date/time the file was last modified.</xs:documentation></xs:annotation></xs:element><xs:element name="Accessed_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Accessed_Time field specifies the date/time the file was last accessed.</xs:documentation></xs:annotation></xs:element><xs:element name="Created_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Created_Time field specifies the date/time the file was created.</xs:documentation></xs:annotation></xs:element><xs:element name="File_Attributes_List" type="FileObj:FileAttributeType" minOccurs="0"><xs:annotation><xs:documentation>The File_Attributes_List field specifies the particular special attributes set for the file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation></xs:annotation></xs:element><xs:element name="Permissions" type="FileObj:FilePermissionsType" minOccurs="0"><xs:annotation><xs:documentation>The Permissions field specifies that particular permissions that a file may have. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation></xs:annotation></xs:element><xs:element name="User_Owner" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The User_Owner field specifies the name of the user that owns the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Packer_List" type="FileObj:PackerListType" minOccurs="0"><xs:annotation><xs:documentation>The Packer_List field specifies any packers that the file may be packed with. The term 'packer' here refers to packers, as well as things like archivers and installers.</xs:documentation></xs:annotation></xs:element><xs:element name="Peak_Entropy" type="cyboxCommon:DoubleObjectPropertyType" minOccurs="0" maxOccurs="1"><xs:annotation><xs:documentation>The Peak_Entropy field specifies the calculated peak entropy of the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Sym_Links" type="FileObj:SymLinksListType" minOccurs="0"><xs:annotation><xs:documentation>The Sym_Links field specifies any symbolic links that may exist for the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Runs field contains a list of byte runs from the raw file or its storage medium.</xs:documentation></xs:annotation></xs:element><xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0"><xs:annotation><xs:documentation>A description of features extracted from this file.</xs:documentation></xs:annotation></xs:element><xs:element name="Encryption_Algorithm" type="cyboxCommon:CipherType" minOccurs="0"><xs:annotation><xs:documentation>The Encryption_Algorithm field specifies the algorithm used to encrypt the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Decryption_Key" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Decryption_Key field specifies the key used to decrypt the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Compression_Method" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Compression_Method field specifies the method used to compress the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Compression_Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Compression_Version field specifies the version of the compression method used to compress the file.</xs:documentation></xs:annotation></xs:element><xs:element name="Compression_Comment" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Compression_Comment field specifies the comment string associated with the compressed file.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="is_packed" type="xs:boolean"><xs:annotation><xs:documentation>The is_packed field is used to indicate whether the file is packed or not.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="is_masqueraded" type="xs:boolean"><xs:annotation><xs:documentation>The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:complexContent></xs:complexType>
Complex Type FileObj:FilePathType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The FilePathType type specifies the path to the file, not including the device. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute.
<xs:complexType name="FilePathType"><xs:annotation><xs:documentation>The FilePathType type specifies the path to the file, not including the device. Whether the path is relative or fully-qualified can be specified via the 'fully_qualified' attribute.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="cyboxCommon:StringObjectPropertyType"><xs:attribute name="fully_qualified" type="xs:boolean"><xs:annotation><xs:documentation>The fully_qualified field specifies whether the path is fully qualified.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:complexContent></xs:complexType>
Complex Type FileObj:FileAttributeType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The FileAttributeType type specifies attribute(s) of a file. Since this Object property(ies) is platform-specific, it is defined here as an abstract type.
<xs:complexType name="FileAttributeType" abstract="true"><xs:annotation><xs:documentation>The FileAttributeType type specifies attribute(s) of a file. Since this Object property(ies) is platform-specific, it is defined here as an abstract type.</xs:documentation></xs:annotation></xs:complexType>
Complex Type FileObj:FilePermissionsType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The FilePermissionsType type specifies a permission of a file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.
<xs:complexType name="FilePermissionsType" abstract="true"><xs:annotation><xs:documentation>The FilePermissionsType type specifies a permission of a file. Since this is a platform-specific Object property, it is defined here as an abstract type and then implemented in any platform specific derived file objects.</xs:documentation></xs:annotation></xs:complexType>
Complex Type FileObj:PackerListType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The PackerListType type specifies a list of file packers.
<xs:complexType name="PackerListType"><xs:annotation><xs:documentation>The PackerListType type specifies a list of file packers.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Packer" type="FileObj:PackerType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Packer field specifies a single file packer.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type FileObj:PackerType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The PackerType specifies the fields that characterize a particular file packer, such as name and version.
<xs:complexType name="PackerType"><xs:annotation><xs:documentation>The PackerType specifies the fields that characterize a particular file packer, such as name and version.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Name field specifies the name of the packer.</xs:documentation></xs:annotation></xs:element><xs:element name="Version" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Version field specifies the version of the packer.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="Entry_Point" type="cyboxCommon:HexBinaryObjectPropertyType"><xs:annotation><xs:documentation>The Entry_Point field specifies the entry point address of the packer, if applicable.</xs:documentation></xs:annotation></xs:element><xs:element name="Signature" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Signature field specifies the matching signature detected for the packer, if applicable.</xs:documentation></xs:annotation></xs:element><xs:element name="Type" type="FileObj:PackerClassType" minOccurs="0"><xs:annotation><xs:documentation>The Type field specifies the type of packer being characterized.</xs:documentation></xs:annotation></xs:element><xs:element maxOccurs="1" minOccurs="0" name="Detected_Entrypoint_Signatures" type="FileObj:EntryPointSignatureListType"><xs:annotation><xs:documentation>The Detected_Entrypoint_Signatures field specifies the entrypoint signatures that were detected for the packer.</xs:documentation></xs:annotation></xs:element><xs:element maxOccurs="1" minOccurs="0" name="EP_Jump_Codes" type="FileObj:EPJumpCodeType"><xs:annotation><xs:documentation>The EP_Jump_Codes field characterizes the entry point jump codes of the packer.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type FileObj:PackerClassType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
PackerCassType specifies packer classes, via a union of the PackerTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
<xs:complexType name="PackerClassType"><xs:annotation><xs:documentation>PackerCassType specifies packer classes, via a union of the PackerTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="FileObj:PackerClassEnum xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string"><xs:annotation><xs:documentation>This field is optional and specifies the expected type for the value of the specified field.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type FileObj:EntryPointSignatureListType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
Species a list of entry point signatures for a packer.
<xs:complexType name="EntryPointSignatureListType"><xs:annotation><xs:documentation>Species a list of entry point signatures for a packer.</xs:documentation></xs:annotation><xs:sequence><xs:element maxOccurs="unbounded" name="Entry_Point_Signature" type="FileObj:EntryPointSignatureType"><xs:annotation><xs:documentation>Specifies a single field in a list of entry point signatures.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="EntryPointSignatureType"><xs:annotation><xs:documentation>Specifies an entry point signature for a packer.</xs:documentation></xs:annotation><xs:sequence><xs:element maxOccurs="1" minOccurs="0" name="Name" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>Specifies the signature name.</xs:documentation></xs:annotation></xs:element><xs:element maxOccurs="1" minOccurs="0" name="Type" type="FileObj:DetectedTypeEnum"><xs:annotation><xs:documentation>Specifies the type of entry point detected (e.g., packer, compiled file).</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Simple Type FileObj:DetectedTypeEnum
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The DetectedTypeEnum is an enumeration of entry point signature detection types.
Diagram
Type
restriction of xs:string
Facets
enumeration
None
Specifies a type other than those listed.
enumeration
Compiler
Specifies an executable that acts as a compiler.
enumeration
Packer
Specifies an executable that acts as a packer.
enumeration
Installer
Specifies an executable that acts as an installer.
<xs:simpleType name="DetectedTypeEnum"><xs:annotation><xs:documentation>The DetectedTypeEnum is an enumeration of entry point signature detection types.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="None"><xs:annotation><xs:documentation>Specifies a type other than those listed.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Compiler"><xs:annotation><xs:documentation>Specifies an executable that acts as a compiler.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Packer"><xs:annotation><xs:documentation>Specifies an executable that acts as a packer.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Installer"><xs:annotation><xs:documentation>Specifies an executable that acts as an installer.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type FileObj:EPJumpCodeType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
Specifies an entry-point jump code used by a packer.
<xs:complexType name="EPJumpCodeType"><xs:annotation><xs:documentation>Specifies an entry-point jump code used by a packer.</xs:documentation></xs:annotation><xs:sequence><xs:element maxOccurs="1" minOccurs="0" name="Depth" type="cyboxCommon:IntegerObjectPropertyType"><xs:annotation><xs:documentation>The frequency that a jump instruction is found to be immediately followed by another jump instruction within the PE(Portable Executable) entry point.</xs:documentation></xs:annotation></xs:element><xs:element maxOccurs="1" minOccurs="0" name="Opcodes" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The hex value of the bytes located at the jump location for a relative jump identified in the PE(Portable Executable) entry point up to 10 bytes or the end of the RVA(Relative Virtual Address) section.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type FileObj:SymLinksListType
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The SymLinksListType specifies a list of symbolic links.
<xs:complexType name="SymLinksListType"><xs:annotation><xs:documentation>The SymLinksListType specifies a list of symbolic links.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Sym_Link" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Sym_Link element specifies a single symbolic link.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Simple Type FileObj:PackerClassEnum
Namespace
http://cybox.mitre.org/objects#FileObject-2
Annotations
The PackerTypeEnum type is a (non-exhaustive) enumeration of packer classes.
Diagram
Type
restriction of xs:string
Facets
enumeration
Archiver
Indicates that the packer is an archiver.
enumeration
Installer
Indicates that the packer is an installer.
enumeration
Self-Extracting Archiver
Indicates that the packer is a self-extracting archiver.
enumeration
Crypter
Indicates that the packer is a crypter.
enumeration
Packer
Indicates a packer.
enumeration
Protector
Indicates that the packer is a protector.
enumeration
Bundler
Indicates that the packer is a bundler.
enumeration
Other
Indicates a different type of packer from the ones listed.
Source
<xs:simpleType name="PackerClassEnum"><xs:annotation><xs:documentation>The PackerTypeEnum type is a (non-exhaustive) enumeration of packer classes.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Archiver"><xs:annotation><xs:documentation>Indicates that the packer is an archiver.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Installer"><xs:annotation><xs:documentation>Indicates that the packer is an installer.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Self-Extracting Archiver"><xs:annotation><xs:documentation>Indicates that the packer is a self-extracting archiver.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Crypter"><xs:annotation><xs:documentation>Indicates that the packer is a crypter.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Packer"><xs:annotation><xs:documentation>Indicates a packer.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Protector"><xs:annotation><xs:documentation>Indicates that the packer is a protector.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Bundler"><xs:annotation><xs:documentation>Indicates that the packer is a bundler.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Other"><xs:annotation><xs:documentation>Indicates a different type of packer from the ones listed.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
<xs:attribute name="fully_qualified" type="xs:boolean"><xs:annotation><xs:documentation>The fully_qualified field specifies whether the path is fully qualified.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string"><xs:annotation><xs:documentation>This field is optional and specifies the expected type for the value of the specified field.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="is_packed" type="xs:boolean"><xs:annotation><xs:documentation>The is_packed field is used to indicate whether the file is packed or not.</xs:documentation></xs:annotation></xs:attribute>
The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.
<xs:attribute name="is_masqueraded" type="xs:boolean"><xs:annotation><xs:documentation>The is_masqueraded field specifies whether the file is masqueraded as another type of file; e.g., a PDF file that has had its extension changed to TXT to masquerade itself as a text file.</xs:documentation></xs:annotation></xs:attribute>
