GoResolver - A New Tool to Analyze Golang Malware

Security researchers consistently encounter malicious binaries written in Golang that deliberately employ obfuscation tools like Garble to hinder analysis. The tool represents a significant advancement in the ongoing arms race between malware developers and security researchers, providing a powerful countermeasure against obfuscation techniques that have previously complicated analysis efforts. By generating clean template Golang samples and comparing them against obfuscated binaries, GoResolver can effectively match randomized symbols to their original form. As malware authors increasingly turn to Golang for its cross-platform capabilities and obfuscation-friendly features, tools like GoResolver become essential components in the security researcher’s arsenal. Developed by Volexity, this innovative solution employs control-flow graph similarity techniques to recover obfuscated function names, significantly enhancing reverse engineers’ ability to analyze increasingly common Golang-based malicious code. While previous solutions like Mandiant’s GoReSym extracted symbol information from Golang’s internal runtime structures, GoResolver takes recovery a step further by comparing the structural patterns of functions across binaries. “Binaries written in Golang are often challenging to analyze because of the embedded libraries and the sheer size of the resulting binaries”, notes Volexity in their official announcement. The tool first identified the malware’s Golang version by fingerprinting runtime characteristics, then computed binary similarities to resolve obfuscated symbols. These obfuscated samples present formidable obstacles for reverse engineers due to embedded libraries, large binary sizes, and stripped symbol information. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Even partially resolved symbols provided significant context about package names, helping analysts focus on core malware logic rather than runtime libraries. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 09:40:18 +0000

Cyber News related to GoResolver - A New Tool to Analyze Golang Malware

GoResolver - A New Tool to Analyze Golang Malware - Security researchers consistently encounter malicious binaries written in Golang that deliberately employ obfuscation tools like Garble to hinder analysis. The tool represents a significant advancement in the ongoing arms race between malware ...
20 hours ago Cybersecuritynews.com

Chinese Hackers Turn To Golang For Malware - Chinese hackers are increasingly turning to the open-source programming language Golang to maliciously code and launch new cyberattacks. According to the latest analysis by The Hacker News, this has resulted in an increase in the number of cyber ...
2 years ago Thehackernews.com BlackTech Carbanak

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
1 month ago Cybersecuritynews.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
1 year ago Gbhackers.com

How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
11 months ago Pandasecurity.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
9 months ago Pandasecurity.com

Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com

Any.RUN Sandbox Now Expanded to Analyze Linux Malware - The ANY.RUN sandbox has now been updated with support for Linux, further enhancing its ability to provide an isolated and secure environment for malware analysis and threat hunting. ANY.RUN allows malware analysts, SOC members, and DFIR team members ...
1 year ago Gbhackers.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
10 months ago Cybersecurity-insiders.com