Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at

This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.

Image Load Event Properties

The following event properties can be used with image load events in uAQL queries (event type Image.Load). In addition to the properties listed here, the common properties are applicable, too.

Property name uAQL Data Type Description
Image.Name String The image’s file name (e.g., userenv.dll)
Image.Path String The image’s full path including the image file name
Image.Hash.MD5 String MD5 hash of the image
Image.Hash.SHA1 String SHA1 hash of the image
Image.Hash.SHA256 String SHA256 hash of the image
Image.Hash.IMP String Import-table hash of the image
Image.IsSigned Boolean Is the image signed? This evaluates to true even if the certificate was revoked or is expired.
Image.Signature String The signer name.
Image.SignatureStatus String Evaluates to Valid for a valid certificate and Invalid for an invalid certificate. It is empty if the image is not signed.


Your email address will not be published. Required fields are marked *