dissect.target.loaders.phobos#

Module Contents#

Classes#

PhobosLoader

Load Phobos Ransomware files.

Functions#

Attributes#

dissect.target.loaders.phobos.BLOCK_SIZE#
dissect.target.loaders.phobos.NTFS_NEEDLE = b'\xebR\x90NTFS    \x00'#
dissect.target.loaders.phobos.EXTFS_NEEDLE = b'\xff\xffS\xef'#
dissect.target.loaders.phobos.EXTFS_NEEDLE_OFFSET#
dissect.target.loaders.phobos.FS_NEEDLES#
dissect.target.loaders.phobos.scrape_pos(fp: BinaryIO, needles: list[bytes], block_size: int = BLOCK_SIZE) Iterator[tuple[bytes, int]]#
class dissect.target.loaders.phobos.PhobosLoader(path: pathlib.Path, **kwargs)#

Bases: dissect.target.loader.Loader

Load Phobos Ransomware files.

References

static detect(path: pathlib.Path) bool#

Detects wether this Loader class can load this specific path.

Parameters:

path – The target path to check.

Returns:

True if the path can be loaded by a Loader instance. False otherwise.

map(target: dissect.target.Target) None#

Maps the loaded path into a Target.

Parameters:

target – The target that we’re mapping into.