Open mlodic opened 1 year ago
Hey! @mlodic Any suggestions on the approach to check if the file is go-compiled?
I would go with the first option: We can do it after the analyzer has started and check it directly inside the analyzer.
cause we do the same for other similar cases.
Any suggestions on the approach to check if the file is go-compiled?
Maybe the tool itself checks it. Idk. You can try with some test files.
Name
GoReSym
Link
https://github.com/mandiant/GoReSym
Type of analyzer
docker analyzer, to insert in the malware_analysis_tools image
Why should we use it
This allows to extract useful info when analyzing go binaries. This should be executed only after having detected that the file is go-compiled
Possible implementation
Follow the Usage tips in the official repo: https://github.com/mandiant/GoReSym