Security Research Team fox-srt
fox-srt
/ defender-1.c
Created
November 10, 2023 16:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct QuarantineEntrySection1 { | |
| CHAR Id[16]; | |
| CHAR ScanId[16]; | |
| QWORD Timestamp; | |
| QWORD ThreatId; | |
| DWORD One; | |
| CHAR DetectionName[]; | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from dissect.cstruct import cstruct | |
| defender_def= """ | |
| struct QuarantineEntryFileHeader { | |
| CHAR MagicHeader[4]; | |
| CHAR Unknown[4]; | |
| CHAR _Padding[32]; | |
| DWORD Section1Size; | |
| DWORD Section2Size; | |
| DWORD Section1CRC; |
OlderNewer