Description:
What I did
I was checking my pc's active connections with my AVG Firewall's Active Connections Viewer.
I found that mysqld.exe (digitally signed by Oracle) was listening on ports 3306, 33060, all on 127.0.0.1, that's ok.

The binary mysqld.exe had (and has) permanent established connections:
INBOUND from 127.0.0.1:49700 to 127.0.0.1:49699
OUTBOUND from 127.0.0.1:49699 to 127.0.0.49700
INBOUND from 127.0.0.1:49697 to 127.0.0.1:49698
OUTBOUND from 127.0.0.1:49698 to 127.0.0.49697

No other process is using those ports (49697, 49698, 49699 and 49700) and not other visible process is connected to the database server.

I also executed windows netstat:
 TCP    0.0.0.0:33060          0.0.0.0:0              LISTENING       6168
 [mysqld.exe]
 ... 
 TCP    127.0.0.1:3306         0.0.0.0:0              LISTENING       6168
 [mysqld.exe]
 ...
  TCP    127.0.0.1:49697        127.0.0.1:49698        ESTABLISHED     6168
 [mysqld.exe]
  TCP    127.0.0.1:49698        127.0.0.1:49697        ESTABLISHED     6168
 [mysqld.exe]
  TCP    127.0.0.1:49699        127.0.0.1:49700        ESTABLISHED     6168
 [mysqld.exe]
  TCP    127.0.0.1:49700        127.0.0.1:49699        ESTABLISHED     6168
 [mysqld.exe]
 ...

So, I checked my.ini and those ports weren't on that file.
After that, I created a rule in said Firewall for mysqld.exe, that inbound rule just accepts connections on 127.0.0.1:3306.

What I wanted to happen
I wanted those connections unrelated to 3306 and 33060 listening ports dissapear.

What what actually happened
After that rule was set, I restarted MySql80 service and mysqld.exe was again listening on those four high numbered ports (don't remember if port numbers was different from said ones) and not on 3306 nor 33060.

Is this a bug or malware?

Thanks for reading.

How to repeat:
Run an active connections viewer like netstat.
Look for listening ports and established connections by mysqld.exe
Now, look what processes are using ports that mysqld.exe uses and you'll see that mysqld.exe internally uses that ports. Is this normal, a bug or malware?

Suggested fix:
I don't have a clue.

Thank you for the bug report. Probably a documentation issue.

I was curious about this so checked in debugger.  The follow code is responsible for creating these 127.0.0.1 connections.

/*
	 * Our signal handler is going to write to one end of the socket
	 * pair to wake up our event loop.  The event loop then scans for
	 * signals that got delivered.
	 */
	if (evutil_make_internal_pipe_(base->sig.ev_signal_pair) == -1) {

at call stack

 	ws2_32.dll!bind()	Unknown
>	mysqld-debug.exe!evutil_ersatz_socketpair_(int family, int type, int protocol, __int64 * fd) Line 254	C
 	mysqld-debug.exe!evutil_socketpair(int family, int type, int protocol, __int64 * fd) Line 205	C
 	mysqld-debug.exe!evutil_make_internal_pipe_(__int64 * fd) Line 2663	C
 	mysqld-debug.exe!evsig_init_(event_base * base) Line 183	C
 	mysqld-debug.exe!win32_init(event_base * base) Line 203	C
 	mysqld-debug.exe!event_base_new_with_config(const event_config * cfg) Line 694	C
 	mysqld-debug.exe!event_base_new() Line 525	C
 	mysqld-debug.exe!ngs::Socket_events::Socket_events() Line 138	C++
 	[External Code]	
 	mysqld-debug.exe!ngs::allocate_shared<ngs::Socket_events>() Line 83	C++
 	mysqld-debug.exe!xpl::Server_builder::Server_builder(void * plugin_handle) Line 47	C++
 	mysqld-debug.exe!modules::Module_mysqlx::initialize(void * plugin_handle) Line 146	C++
 	mysqld-debug.exe!plugin_initialize(st_plugin_int * plugin) Line 1304	C++
 	mysqld-debug.exe!plugin_init_initialize_and_reap() Line 1444	C++
 	mysqld-debug.exe!plugin_register_dynamic_and_init_all(int * argc, char * * argv, int flags) Line 1761	C++
 	mysqld-debug.exe!init_server_components() Line 6124	C++
 	mysqld-debug.exe!win_main(int argc, char * * argv) Line 7205	C++
 	mysqld-debug.exe!mysql_service(void * p) Line 7728	C++
 	mysqld-debug.exe!mysqld_main(int argc, char * * argv) Line 7944	C++
 	mysqld-debug.exe!main(int argc, char * * argv) Line 25	C++