2.1.2. Overview of the Goasm engine
This analysis engine enables detecting and analysing shellcodes.
It enables identifying certain encodings and provides details of the system calls made.
This engine assigns a score to the potential danger and names the shellcode detected.
This data is displayed in the detailed report, more specifically in the TOP and Shellcode sections (see Detailed report).
Maximum file size |
50 MB |
Analysis timeout |
4- 6 minutes |
Type |
rapid |
Goasm can be deemed fast for small files (< 5MB).
In the case of large text files (> 5MB), detection takes time because the binary must be scanned for shellcode patterns.
Goasm's internal analysis timeout can therefore be reached: 4 min.
The external engine timeout is set at 6 min.
In the event of an internal timeout:
There is an error message in the
`Shellcode`section of the reportThe engine simply stops scanning the file byte by byte.
In the event of an external timeout (error occurred or Goasm blocked), an error is present in the report mentioning a timeout. In this case, restart the analysis.
2.1.2.1. Viewing of the Goasm current state
The current state of the engine is shown in the `Analysers` screen of the Web UI.
2.1.2.2. Update Goasm
The engine is updated with each new version of the GBox.
2.1.2.3. Configuring Goasm
The engine is not configurable.