binary object NXQL (classic)

A binary is an executable binary file identified by its hash code.

Name
Type
Operating systems
Properties

application_category

string

Windows | macOS

SE

Indicates the category of the application:

  • '-': Not yet tagged;

  • Unknown: Not categorized by Nexthink Library.

application_company

string

Windows | macOS

Application company

application_name

string

Windows | macOS

Application name

architecture

enum

Windows | macOS

Executable architecture (32/64 bit)

average_cpu_usage

permill

Windows

Average CPU usage for the binary

average_memory_usage

byte

Windows

NU

Average memory usage for the binary

average_number_of_graphical_handles

integer

Windows

NU

Average number of graphical handles (GDI)

company

string

Windows | macOS

Executable company

database_usage

permill

Windows | macOS

Percentage of the database used by information related with the binary.

description

string

Windows

Description as it appears in the binary file.

executable_name

string

Windows | macOS

Executable name

file_size

byte

Windows | macOS

Binary file size

first_seen

datetime

Windows | macOS

NU

First time activity of the binary was recorded on any device.

hash

md5

Windows | macOS

Hash code of the binary (MD5)

id

identifier

Windows | macOS

Unique binary identifier

last_seen

datetime

Windows | macOS

NU

Last time activity of the binary was recorded on any device.

paths

path

Windows | macOS

List of paths of the binary

platform

enum

Windows | macOS

The platform (operating system family) on which the binary is running.

sha1

sha1

Windows | macOS

SHA-1 hash code of the binary

sha256

sha256

Windows | macOS

SHA-256 hash code of the binary

storage_policy

enum

Windows | macOS

Event storage policy for the binary (connection and execution, execution-only or none)

threat_level

enum

Windows | macOS

SE

Indicates the threat level of the binary:

  • '-': Not yet tagged;

  • none detected: No known threat;

  • low: low threat;

  • intermediate: Intermediate threat;

  • high: high threat.

total_active_days

day

Windows | macOS

Total number of days the binary was active.

user_interface

boolean

Windows

Application has interactive user interface

version

version

Windows | macOS

Version of the binary

Last updated