This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.
Image Load Event Properties
The following event properties can be used with image load events in uAQL queries (event type Image.Load
). In addition to the properties listed here, the common properties are applicable, too.
Property name | uAQL Data Type | Description |
---|---|---|
Image.Name |
String | The image’s file name (e.g., userenv.dll ) |
Image.Path |
String | The image’s full path including the image file name |
Image.Hash.MD5 |
String | MD5 hash of the image |
Image.Hash.SHA1 |
String | SHA1 hash of the image |
Image.Hash.SHA256 |
String | SHA256 hash of the image |
Image.Hash.IMP |
String | Import-table hash of the image |
Image.IsSigned |
Boolean | Is the image signed? This evaluates to true even if the certificate was revoked or is expired. |
Image.Signature |
String | The signer name. |
Image.SignatureStatus |
String | Evaluates to Valid for a valid certificate and Invalid for an invalid certificate. It is empty if the image is not signed. |