IndexError: list index out of range (RuntimeError: Failed to parse chunk header)

Question

IndexError: list index out of range (RuntimeError: Failed to parse chunk header)

net21u opened this issue a year ago · 1 comments

Hi,

I found that analysis for thses two files occours error;

Target Files:
opt/wineventlogs/Microsoft-Windows-PowerShell%4Operational.evtx
opt/wineventlogs/Microsoft-Windows-SMBServer%4Operational.evtx

Process Process-4:
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/lib/python3.10/multiprocessing/pool.py", line 125, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.10/multiprocessing/pool.py", line 48, in mapstar
return list(map(*args))
File "/root/APT-Hunter-main/lib/EvtxDetection.py", line 3381, in detect_events_powershell_operational_log
Event_desc = "Found User (" + User[
IndexError: list index out of range
"""

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/lib/python3.10/multiprocessing/process.py", line 314, in _bootstrap
self.run()
File "/usr/lib/python3.10/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/root/APT-Hunter-main/lib/EvtxDetection.py", line 6731, in multiprocess
pool.map(function,file_name )
File "/usr/lib/python3.10/multiprocessing/pool.py", line 367, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/lib/python3.10/multiprocessing/pool.py", line 774, in get
raise self._value
IndexError: list index out of range
Process Process-13:
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/lib/python3.10/multiprocessing/pool.py", line 125, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.10/multiprocessing/pool.py", line 48, in mapstar
return list(map(*args))
File "/root/APT-Hunter-main/lib/EvtxDetection.py", line 2613, in detect_events_SMB_Server_log
for record in parser.records():
RuntimeError: Failed to parse chunk header
"""

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/lib/python3.10/multiprocessing/process.py", line 314, in _bootstrap
self.run()
File "/usr/lib/python3.10/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/root/APT-Hunter-main/lib/EvtxDetection.py", line 6731, in multiprocess
pool.map(function,file_name )
File "/usr/lib/python3.10/multiprocessing/pool.py", line 367, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/lib/python3.10/multiprocessing/pool.py", line 774, in get
raise self._value
RuntimeError: Failed to parse chunk header

Answer 1 · 2024-02-06T18:32:46.000Z

Thank you for reporting , Fixed in 3.2 .

I found that analysis for thses two files occours error;

Target Files: opt/wineventlogs/Microsoft-Windows-PowerShell%4Operational.evtx opt/wineventlogs/Microsoft-Windows-SMBServer%4Operational.evtx

Target Files:
opt/wineventlogs/Microsoft-Windows-PowerShell%4Operational.evtx
opt/wineventlogs/Microsoft-Windows-SMBServer%4Operational.evtx