@volexity recently released GoResolver v1.4! This release brings significant updates to our #opensource tool for recovering symbol data from obfuscated Go binaries. This release is available on GitHub: https://github.com/volexity/GoResolver.

Go remains one of the most popular languages among #malware developers thanks to its cross-OS portability. GoResolver is designed to help analysts navigate obfuscated Go binaries by recovering lost symbol data using control-flow graph similarity analysis. You can read more about GoResolver in our blog posts last year (April 2025: https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/, August 2025: https://www.volexity.com/blog/2025/08/11/go-get-em-updates-to-volexity-golang-tooling/)

What’s New in GoResolver v1.4!

Go Version Management:
GoResolver now automatically detects the Go version a binary was compiled with and selects the most accurate version for analysis. A dedicated "manage" CLI command lets you list, install, and remove Go versions without interrupting your workflow.

Type Recovery:
The new "-y" flag extracts Go type information directly from obfuscated binaries, and includes new capabilities to extract type names, structures, and kinds from obfuscated binaries. Browsing the binary’s types is now much easier and works with your SRE’s cross-referencing feature.

In-SRE Analysis:
Both IDA Pro and Ghidra plugins now support full binary analysis without leaving your SRE. The IDA Pro plugin is available on Hex-Rays’s plugin repository (https://plugins.hex-rays.com/volexity/GoResolver/GoResolver), making GoResolver easier to install through the HCLI tool. Ghidra users gain a new ANALYZE mode that automatically imports recovered symbols and types on completion.

- - - -

Acknowledgements
Special thanks to Killian Raimbaud for his work on this & Ivan Maldenov for his work on type recovery during his Volexity internship.

@volexity Volcano Server & Volcano One v25.12.18 adds 300+ YARA rules, full parsing of Windows prefetch and Linux cron jobs, inline syscall hooking detection, and 5-level page table support. This release also adds cross-account s3 bucket monitoring, automated health check alerts, SAML role mappings, and increased auditing.

Contact us for more information: https://volexity.com/company/contact/.