`dissect.target.loaders.phobos`¶

Module Contents¶

Classes¶

Load Phobos Ransomware files.

Functions¶

Attributes¶

`BLOCK_SIZE`
`NTFS_NEEDLE`
`EXTFS_NEEDLE`
`EXTFS_NEEDLE_OFFSET`
`FS_NEEDLES`

dissect.target.loaders.phobos.BLOCK_SIZE¶

dissect.target.loaders.phobos.NTFS_NEEDLE = b'\xebR\x90NTFS \x00'¶

dissect.target.loaders.phobos.EXTFS_NEEDLE = b'\xff\xffS\xef'¶

dissect.target.loaders.phobos.EXTFS_NEEDLE_OFFSET¶

dissect.target.loaders.phobos.FS_NEEDLES¶

dissect.target.loaders.phobos.scrape_pos(fp: BinaryIO, needles: list[bytes], block_size: int = BLOCK_SIZE) → Iterator[tuple[bytes, int]]¶

class dissect.target.loaders.phobos.PhobosLoader(path: pathlib.Path, **kwargs)¶

Bases: dissect.target.loader.Loader

Load Phobos Ransomware files.

References

https://www.hhs.gov/sites/default/files/overview-phobos-ransomware.pdf

static detect(path: pathlib.Path) → bool¶

Detects wether this Loader class can load this specific path.

Parameters:: path – The target path to check.
Returns:: True if the path can be loaded by a Loader instance. False otherwise.

map(target: dissect.target.Target) → None¶

Maps the loaded path into a Target.

Parameters:: target – The target that we’re mapping into.