----- File: input_file.bin -----
Field         Value
------------  ----------------------------------------------------------------
Parser        FooParser
File Path     C:/input_file.bin
Description   SuperMalware Implant
Architecture
MD5           1e50210a0202497fb79bc38b6ade6c34
SHA1          baf34551fecb48acc3da868eb85e1b6dac9de356
SHA256        1307990e6ba5ca145eb35e99182a9bec46531bc54ddf656a602c780fa0240dee
Compile Time

---- Alphabet ----
Alphabet                                                             Base
-----------------------------------------------------------------  ------
0123456789ABCDEF                                                       16
ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=                                      32
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=      64

---- Credential ----
Username    Password
----------  ----------
admin       123456
mruser
            secrets
admin       pass

---- Decoded String ----
Value       Key     Algorithm
----------  ------  -----------
GetProcess
badstring   0xffff  xor

---- Email Address ----
Value
-------------
email@bad.com

---- Encryption Key ----
Key                     Algorithm    Mode    Iv
----------------------  -----------  ------  ----------
0x68656c6c6f ("hello")  rc4
0xffffffff              aes          ecb     0x00000000
0xffff                  xor

---- Event ----
Value
--------------
MicrosoftExist

---- Injection Process ----
Value
-------
svchost

---- Interval ----
  Value
-------
      3

---- Mission ID ----
Value
-------
target4

---- Mutex ----
Value
----------------
ithinkimalonenow

---- Path ----
Path                             Directory Path         Name         Is Dir
-------------------------------  ---------------------  -----------  --------
C:\windows\temp\1\log\keydb.txt  C:\windows\temp\1\log  keydb.txt    False
%APPDATA%\foo                    %APPDATA%              foo          True
C:\foo\bar.txt                   C:\foo                 bar.txt      False
                                                        malware.exe  False
%System%\svohost.exe             %System%               svohost.exe  False

---- Pipe ----
Value
-----------------
\.\pipe\namedpipe

---- RSA Private Key ----
Value
---------------------
Modulus (n):
    187 (0xbb)
Public Exponent (e):
    7 (0x7)
Private Exponent (d):
    23 (0x17)
p:
    17 (0x11)
q:
    11 (0xb)
d mod (p-1):
    7 (0x7)
d mod (q-1):
    3 (0x3)
(inverse of q) mod p:
    14 (0xe)

---- RSA Public Key ----
Value
--------------------
Modulus (n):
    187 (0xbb)
Public Exponent (e):
    7 (0x7)

---- Registry ----
Tags    Path                                                        Key                                                 Value    Data
------  ----------------------------------------------------------  --------------------------------------------------  -------  -------------
        HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Updater  HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Updater  c:\update.exe
                                                                    HKLM\Foo\Bar
tag2                                                                                                                    Baz

---- Service ----
Name                   Display Name             Description                                                             Image
---------------------  -----------------------  ----------------------------------------------------------------------  --------------------
WindowsUserManagement  Windows User Management  Provides a common management to access information about windows user.  %System%\svohost.exe

---- Socket ----
Address        Port  Network Protocol    Listen
-----------  ------  ------------------  --------
bad.com          21  tcp
               1635  udp
               4568  tcp                 True
10.11.10.13     443
192.168.1.1      80  tcp
badhost.com      21

---- URL ----
Tags    Url                                       Address        Port  Path               Application Protocol    Network Protocol    Username    Password
------  ----------------------------------------  -----------  ------  -----------------  ----------------------  ------------------  ----------  ----------
        https://10.11.10.13:443/images/baner.jpg  10.11.10.13     443  /images/baner.jpg  https
proxy                                             192.168.1.1      80                                             tcp                 admin       pass
        ftp://badhost.com:21                      badhost.com      21                     ftp                                         admin       pass

---- UUID ----
Value
------------------------------------
654e5cff-817c-4e3d-8b01-47a6f45ae09a

---- User Agent ----
Value
--------------------------------------------------
Mozilla/4.0 (compatible; MISE 6.0; Windows NT 5.2)

---- Version ----
  Value
-------
    3.1

---- Miscellaneous ----
Tags    Key           Value
------  ------------  -----------------------
        misc_info     some miscellaneous info
        random_data   b'\xde\xad\xbe\xef'
        keylogger     True
tag1    misc_integer  432

---- Residual Files ----
Filename    Description                         MD5                               Arch    Compile Time
----------  ----------------------------------  --------------------------------  ------  --------------
config.xml  Extracted backdoor Foo config file  8c41f2802904e53469390845cfeb2b28

----- File Tree -----
<input_file.bin (1e50210a0202497fb79bc38b6ade6c34) : SuperMalware Implant>

