IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard

Published 20 hours ago verified publisher icon intelowlproject

[Analyzer] GoReSym

Open mlodic opened this issue 2 years ago • 2 comments

Name

GoReSym

Link

https://github.com/mandiant/GoReSym

Type of analyzer

docker analyzer, to insert in the malware_analysis_tools image

Why should we use it

This allows to extract useful info when analyzing go binaries. This should be executed only after having detected that the file is go-compiled

Possible implementation

Follow the Usage tips in the official repo: https://github.com/mandiant/GoReSym

mlodic avatar Jan 26 '23 16:01 mlodic

Hey! @mlodic Any suggestions on the approach to check if the file is go-compiled?

  • We can do it after the analyzer has started and check it directly inside the analyzer. OR
  • We can integrate it into the framework to automatically identify it as soon as uploaded, like the other files.

g4ze avatar Jun 15 '24 05:06 g4ze

I would go with the first option: We can do it after the analyzer has started and check it directly inside the analyzer. cause we do the same for other similar cases.

Any suggestions on the approach to check if the file is go-compiled?

Maybe the tool itself checks it. Idk. You can try with some test files.

mlodic avatar Jun 24 '24 12:06 mlodic