Expand description
These fields contain Linux Executable Linkable Format (ELF) metadata.
Constants§
- ELF_
ARCHITECTURE - Machine architecture of the ELF file.
- ELF_
BYTE_ ORDER - Byte sequence of ELF file.
- ELF_
CPU_ TYPE - CPU type of the ELF file.
- ELF_
CREATION_ DATE - Extracted when possible from the file’s metadata. Indicates when it was built or compiled. It can also be faked by malware creators.
- ELF_
EXPORTS - List of exported element names and types.
- ELF_
GO_ IMPORTS - List of imported Go language element names and types.
- ELF_
GO_ IMPORTS_ NAMES_ ENTROPY - Shannon entropy calculation from the list of Go imports.
- ELF_
GO_ IMPORTS_ NAMES_ VAR_ ENTROPY - Variance for Shannon entropy calculation from the list of Go imports.
- ELF_
GO_ IMPORT_ HASH - A hash of the Go language imports in an ELF file excluding standard library imports. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. The algorithm used to calculate the Go symbol hash and a reference implementation are available here.
- ELF_
GO_ STRIPPED - Set to true if the file is a Go executable that has had its symbols stripped or obfuscated and false if an unobfuscated Go executable.
- ELF_
HEADER_ ABI_ VERSION - Version of the ELF Application Binary Interface (ABI).
- ELF_
HEADER_ CLASS - Header class of the ELF file.
- ELF_
HEADER_ DATA - Data table of the ELF header.
- ELF_
HEADER_ ENTRYPOINT - Header entrypoint of the ELF file.
- ELF_
HEADER_ OBJECT_ VERSION - “0x1” for original ELF files.
- ELF_
HEADER_ OS_ ABI - Application Binary Interface (ABI) of the Linux OS.
- ELF_
HEADER_ TYPE - Header type of the ELF file.
- ELF_
HEADER_ VERSION - Version of the ELF header.
- ELF_
IMPORTS - List of imported element names and types.
- ELF_
IMPORTS_ NAMES_ ENTROPY - Shannon entropy calculation from the list of imported element names and types.
- ELF_
IMPORTS_ NAMES_ VAR_ ENTROPY - Variance for Shannon entropy calculation from the list of imported element names and types.
- ELF_
IMPORT_ HASH - A hash of the imports in an ELF file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. This is an ELF implementation of the Windows PE imphash.
- ELF_
SECTIONS - An array containing an object for each section of the ELF file.
The keys that should be present in these objects are defined by sub-fields underneath
elf.sections.*. - ELF_
SECTIONS_ CHI2 - Chi-square probability distribution of the section.
- ELF_
SECTIONS_ ENTROPY - Shannon entropy calculation from the section.
- ELF_
SECTIONS_ FLAGS - ELF Section List flags.
- ELF_
SECTIONS_ NAME - ELF Section List name.
- ELF_
SECTIONS_ PHYSICAL_ OFFSET - ELF Section List offset.
- ELF_
SECTIONS_ PHYSICAL_ SIZE - ELF Section List physical size.
- ELF_
SECTIONS_ TYPE - ELF Section List type.
- ELF_
SECTIONS_ VAR_ ENTROPY - Variance for Shannon entropy calculation from the section.
- ELF_
SECTIONS_ VIRTUAL_ ADDRESS - ELF Section List virtual address.
- ELF_
SECTIONS_ VIRTUAL_ SIZE - ELF Section List virtual size.
- ELF_
SEGMENTS - An array containing an object for each segment of the ELF file.
The keys that should be present in these objects are defined by sub-fields underneath
elf.segments.*. - ELF_
SEGMENTS_ SECTIONS - ELF object segment sections.
- ELF_
SEGMENTS_ TYPE - ELF object segment type.
- ELF_
SHARED_ LIBRARIES - List of shared libraries used by this ELF object.
- ELF_
TELFHASH - telfhash symbol hash for ELF file.