Analyzing GOLANG compiled binaries not possible

[MikeHofmann]

Hi,

when uzing Nauz on a binary compiled from GOLANG, it fails to detect the language and the involved compiler. But when analyzing the same sample with DIE, at least the language is detected. (both using the CLI version)

Nauz output:

PE 32
    Unknown: Unknown

DIE output:

PE: compiler: Go(1.x)
PE: linker: unknown(3.0)[EXE32,console]

i prefer using Nauz over DIE, as Nauz seems to include build numbers from the tool chain involved. For example using it on a locky

Nauz:

PE 32
    Linker: Microsoft linker(14.00.23918)
    Compiler: Visual C/C++(19.00.23918)[C++]
    Tool: Microsoft Visual Studio(2015 Update 2)

vs

DIE:

PE: compiler: Microsoft Visual C/C++(2015 v.14.0)[-]
PE: linker: Microsoft Linker(14.0, Visual Studio 2015 14.0*)[EXE32]

so switching to DIE isn't an option for me.

[horsicq]

Hello, Thanks a lot for the bugreport. I'll add the "go lang" support ASAP.

[horsicq]

Fixed.
Are you using NFD compiled from sources? Or I should make binaries?

[MikeHofmann]

I'm compiling it myself (in Docker, i did the PR for the Dockerfile from my personal account, this is my business account).

and Nauz now gives:

PE 32
    Compiler: Go(1.X)

perfect, thx a lot.

[horsicq]

Nice to hear it. It should show full version(for example 1.14.3) for the last versions of Go. Sure if the file is not strong stripped/obfuscated.

I'm trying to transfer all the functionality of DiE to NFD, but it takes time.