The package contains system call related YARA matches and an embedded executable in testdata, but it's likely legitimate due to the package's purpose.
No verification record available.
The package golang.org/x/sys version 0.40.0 contains several YARA rule matches related to system calls and shell execution, as well as an embedded executable. Specifically, js_hex_obfuscation matched a go file, go_memfd_create matched in two files and shell32_ShellExecuteW matched in another file. It also contains an embedded executable file ev-signed-file.exe. While these findings raise concerns, golang.org/x/sys is a low-level package that interacts directly with the operating system. Therefore, the detected system calls and shell execution capabilities are likely legitimate for its intended purpose. The embedded executable is located in the testdata directory, suggesting it's used for testing purposes. Given the context and the absence of stronger evidence, it's more likely that these are legitimate functionalities rather than malicious activities. Therefore, the package is not classified as malware.
