Heuristic detection based on suspicious behavior patterns, not a confirmed malware match
This generic/heuristic detection flags a suspicious Go (Golang) program that exhibits capabilities for remote port forwarding, SOCKS proxy services, and TCP forwarding. While these functions can be legitimate, they are commonly exploited by malware for command and control, data exfiltration, or proxying malicious traffic.
Relevant strings associated with this threat: - RportFwdStopListenerReq). (PEHSTR_EXT) - RportFwdStartListenerReq). (PEHSTR_EXT) - RportFwdListener). (PEHSTR_EXT) - RportFwdListeners). (PEHSTR_EXT) - RportFwdListenersReq). (PEHSTR_EXT) - RPortfwd). (PEHSTR_EXT) - RPortfwdReq). (PEHSTR_EXT) - ChmodReq). (PEHSTR_EXT) Relevant strings associated with this threat: - WGSocksServer). (PEHSTR_EXT) - WGSocksServers). (PEHSTR_EXT) - WGTCPForwarders). (PEHSTR_EXT) - ReconfigureReq). (PEHSTR_EXT) - Reconfigure). (PEHSTR_EXT) - PollIntervalReq). (PEHSTR_EXT) - ).LocalAddr (PEHSTR_EXT) - ).RemoteAddr (PEHSTR_EXT) - ).SetDeadline (PEHSTR_EXT) - ).SetReadDeadline (PEHSTR_EXT)
Isolate the affected system, perform a full antivirus scan, and thoroughly investigate the detected file's origin to distinguish between a legitimate network utility and actual malware. If confirmed malicious, remove the file and monitor for further suspicious activity.