why this software detected W64.AIDetectMalware

[hoangsoft90]

Why this software detected virus W64.AIDetectMalware
you can check:
https://www.virustotal.com/gui/file/6f90867cbf82e0c8c3cb6bb8e340ac1a2a0829838f628137b9317c3d750e713c?nocache=1

[burntcarrot]

@hoangsoft90 This is explained in the official Go docs, specifically inside the FAQ section:

This is a common occurrence, especially on Windows machines, and is almost always a false positive. Commercial virus scanning programs are often confused by the structure of Go binaries, which they don't see as often as those compiled from other languages.
If you've just installed the Go distribution and the system reports it is infected, that's certainly a mistake.

https://go.dev/doc/faq#virus

Go is sometimes used by bad actors to build malware, and anti-viruses store a "signature" extracted from the malware to detect other possible matches (malware). However, sometimes the "signature" contains a part of the Go runtime which is a part of every Go program. Some anti-viruses using this approach will flag normal Go programs as malware incorrectly.

The real reason for the match is due to how Go embeds/stores the runtime inside the binary. So, anti-viruses using simple scanning algorithms will do a "lazy" match based on the fact that both binaries have the runtime attached to it, and report it as malware. However, modern anti-viruses like Kaspersky, MalwareBytes, Bitdefender, etc. have improved their algorithms to correctly identify malware inside Go binaries using different algorithms.

I've tried binary signing and other approaches from my end, but some anti-viruses still report it as malware. Please let me know if this information helps!