Automated string de-gobfuscation

Last week the Network Security Research Lab at 360 released a blog post on an obfuscated backdoor written in Go named Blackrota. They claim that the Blackrota backdoor is available for both x86/x86-64 architectures which is no surprise given how capable Golang’s cross compilation is. For the last 4 years we have been using Golang for our internal services, and I can definitely see the allure that Golang has for malware authors: