C:\Jenkins\workspace\Renoise_Package_Windows7_64bit\Temp\x64\Release\XRenoise\Renoise.pdb
Behavioral task
behavioral1
Sample
Renoise 3.2.1-20240630T030515Z-001.zip
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Renoise 3.2.1/Installer.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral3
Sample
Renoise 3.2.1/Portable/Renoise.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
13 signatures
150 seconds
Behavioral task
behavioral4
Sample
Renoise 3.2.1/Renoise_Reg.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
16 signatures
150 seconds
General
-
Target
Renoise 3.2.1-20240630T030515Z-001.zip
-
Size
245.6MB
-
MD5
0e5e2fe5a18030f93047d1cf527c15c3
-
SHA1
813bbca50aceca92ed8da83b5fd38aa1de1d5a72
-
SHA256
33572af76adcd8b752c09adc4cf6b17ab905b6d4d0ed4747edf67bb3bc06ae60
-
SHA512
193d4a3ff392d2be9b00f36ecd7cb8bff3a990cf1f10518fff87219a3e87fb1c27bf270e6875d50aab586dbb3526fbaa61e9a81a51693651d1ac0eeb4e2fdfe3
-
SSDEEP
6291456:zxuQhGbrrNk21lqwQesXWpgrNvhrnBPbJ17r1q6j:z74bNk2jqwQ7g2NJBPbPZqE
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
Processes:
resource yara_rule static1/unpack001/Renoise 3.2.1/Portable/Renoise.exe pdf_with_link_action -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Renoise 3.2.1/Installer.dat unpack001/Renoise 3.2.1/Portable/Renoise.exe
Files
-
Renoise 3.2.1-20240630T030515Z-001.zip.zip
-
Renoise 3.2.1/Installer.dat.exe windows:6 windows x64 arch:x64
bffde986c5df74d26a1b3d78995e3c08
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
advapi32
GetUserNameW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
RegEnumValueW
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
user32
LoadBitmapW
SetWindowPos
DestroyWindow
CreateWindowExW
UnregisterClassW
SetRect
DefWindowProcW
SetForegroundWindow
IsIconic
IsWindowVisible
AdjustWindowRectEx
InvalidateRect
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
SendMessageW
CallWindowProcW
GetWindowPlacement
SetFocus
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
ShowWindow
IsWindow
SendMessageTimeoutW
DrawTextW
GetSystemMetrics
RegisterClassW
EnableWindow
CharLowerBuffA
LoadCursorW
GetCursor
SetCursor
SetCursorPos
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
MapVirtualKeyExW
GetAsyncKeyState
GetKeyboardLayout
ToUnicodeEx
MonitorFromPoint
FindWindowW
MsgWaitForMultipleObjectsEx
GetMonitorInfoW
MonitorFromWindow
LoadImageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassNameW
SetParent
GetParent
GetDesktopWindow
SetWindowLongW
ChildWindowFromPoint
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
GetWindowRect
SetWindowTextW
ValidateRect
GetUpdateRect
SetActiveWindow
ModifyMenuW
GetSubMenu
EnableMenuItem
CheckMenuItem
GetSystemMenu
DrawMenuBar
GetMenu
GetFocus
KillTimer
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
keybd_event
GetKeyState
BringWindowToTop
AnimateWindow
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetMessageW
GetWindow
MessageBoxW
LockSetForegroundWindow
AllowSetForegroundWindow
GetForegroundWindow
GetKeyboardLayoutNameW
IsWindowEnabled
GetActiveWindow
LoadStringW
LoadIconW
EnumChildWindows
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
GetClientRect
SetTimer
gdi32
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
SetBkMode
StretchBlt
SetTextColor
GetObjectW
SetStretchBltMode
GetStockObject
BitBlt
EnumFontFamiliesExW
ole32
CoInitializeEx
CoInitialize
CLSIDFromString
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
PropVariantClear
CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
kernel32
GetUserDefaultLCID
IsValidLocale
SetStdHandle
CreateProcessA
GetTimeFormatW
GetModuleHandleExW
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
EnumSystemLocalesW
SetFilePointerEx
GetDateFormatW
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetStdHandle
GetModuleHandleW
PeekNamedPipe
GetFileType
MoveFileExW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetDriveTypeW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
GetCurrentDirectoryA
SetCurrentDirectoryA
GetACP
AreFileApisANSI
GetTempPathA
GetSystemTime
ReadConsoleW
HeapSize
GetTimeZoneInformation
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
UnlockFile
SetFilePointer
GetEnvironmentStringsW
ReadFile
LockFileEx
LockFile
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesA
FlushFileBuffers
DeleteFileA
CreateFileA
OpenFile
LoadLibraryA
FormatMessageA
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WaitForSingleObjectEx
InitializeSListHead
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GlobalFree
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalLock
GetProcessHeaps
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
TryEnterCriticalSection
SetCriticalSectionSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
OpenEventW
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThreadId
CreateThread
GetModuleFileNameA
DuplicateHandle
RtlCaptureContext
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetWindowsDirectoryW
GetCurrentProcessId
DeviceIoControl
SetErrorMode
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetLogicalDrives
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
LocalFree
GetModuleFileNameW
GetVersionExW
OpenProcess
FreeEnvironmentStringsW
CreatePipe
WriteConsoleW
SetEndOfFile
CreateProcessW
GetExitCodeProcess
TerminateProcess
CloseHandle
IsDebuggerPresent
GetSystemInfo
FindResourceW
LoadLibraryExW
FreeLibrary
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
SetLastError
GetLastError
MulDiv
LoadLibraryW
GetProcAddress
Sleep
CreateEventW
WaitForSingleObject
dsound
ord8
ord6
ord3
ord1
dinput8
DirectInput8Create
imagehlp
SymLoadModule64
SymGetSymFromAddr64
StackWalk64
SymSetOptions
SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize
ddraw
DirectDrawCreateEx
imm32
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
winmm
timeGetTime
midiInReset
midiInStop
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiInOpen
midiOutLongMsg
midiOutShortMsg
midiOutUnprepareHeader
midiOutPrepareHeader
midiOutClose
midiOutOpen
midiInGetDevCapsW
midiInGetNumDevs
midiOutGetDevCapsW
midiOutGetNumDevs
shell32
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHBrowseForFolderW
DragQueryFileW
DragAcceptFiles
SHGetSpecialFolderPathA
SHFileOperationW
ShellExecuteW
SHGetSettings
comdlg32
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
ws2_32
getsockopt
htonl
htons
inet_ntoa
listen
ntohs
recv
recvfrom
select
send
setsockopt
gethostbyname
WSAStartup
WSACleanup
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSASocketW
WSAGetLastError
getpeername
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
mfplat
MFCreateWaveFormatExFromMFMediaType
MFShutdown
MFCreateMediaType
MFStartup
mfreadwrite
MFCreateSourceReaderFromURL
Exports
Exports
e9_ippsCos_64f_A50
e9_ippsLn_32f_A21
e9_ippsSin_64f_A50
l9_ippsCos_64f_A50
l9_ippsLn_32f_A21
l9_ippsSin_64f_A50
m7_ippsCos_64f_A50
m7_ippsLn_32f_A21
m7_ippsSin_64f_A50
mx_ippsCos_64f_A50
mx_ippsSin_64f_A50
n8_ippsCos_64f_A50
n8_ippsLn_32f_A21
n8_ippsSin_64f_A50
own_ipps_dCos_E7_ctab
own_ipps_dCos_E7_ttab
own_ipps_dCos_E9_ctab
own_ipps_dCos_E9_ttab
own_ipps_dCos_EX_ctab
own_ipps_dCos_EX_ttab
own_ipps_dCos_L9_ctab
own_ipps_dCos_L9_ttab
own_ipps_dCos_U8_ctab
own_ipps_dCos_U8_ttab
own_ipps_dCos_Y8_ctab
own_ipps_dCos_Y8_ttab
own_ipps_dSin_E7_ctab
own_ipps_dSin_E7_ttab
own_ipps_dSin_E9_ctab
own_ipps_dSin_E9_ttab
own_ipps_dSin_EX_ctab
own_ipps_dSin_EX_ttab
own_ipps_dSin_L9_ctab
own_ipps_dSin_L9_ttab
own_ipps_dSin_U8_ctab
own_ipps_dSin_U8_ttab
own_ipps_dSin_Y8_ctab
own_ipps_dSin_Y8_ttab
own_ipps_sLn_E7_ctab
own_ipps_sLn_E7_ttab
own_ipps_sLn_E9_ctab
own_ipps_sLn_E9_ttab
own_ipps_sLn_L9_ctab
own_ipps_sLn_L9_ttab
own_ipps_sLn_U8_ctab
own_ipps_sLn_U8_ttab
own_ipps_sLn_Y8_ctab
own_ipps_sLn_Y8_ttab
u8_ippsCos_64f_A50
u8_ippsSin_64f_A50
y8_ippsCos_64f_A50
y8_ippsLn_32f_A21
y8_ippsSin_64f_A50
Sections
.text Size: 17.4MB - Virtual size: 17.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7.3MB - Virtual size: 7.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 682KB - Virtual size: 15.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 839KB - Virtual size: 839KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.shr Size: 1024B - Virtual size: 528B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Renoise 3.2.1/Portable/Renoise.exe.exe windows:5 windows x64 arch:x64
92f694988deed85a7cb067c901f32a93
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
GetModuleHandleW
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
OpenProcess
GetLastError
DuplicateHandle
GetCommandLineW
OpenFileMappingW
MapViewOfFile
SetEvent
UnmapViewOfFile
CloseHandle
GetVersionExW
GetSystemInfo
VirtualQuery
GetCommandLineA
CreateFileW
CreateFileMappingW
GetFileSizeEx
VirtualAlloc
VirtualFree
LoadLibraryW
ExitProcess
GetModuleHandleA
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xcpad Size: - Virtual size: 42.8MB
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 917KB - Virtual size: 916KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Renoise 3.2.1/Renoise_Reg.exe.exe windows:1 windows x86 arch:x86
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07-06-2005 08:09Not After30-05-2020 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before27-04-2011 00:00Not After30-05-2020 10:48SubjectCN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate
IssuerCN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02-05-2019 00:00Not After30-05-2020 10:48SubjectCN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
93:14:d3:75:46:eb:ca:2c:0d:19:a6:f9:7c:88:d3:e9Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before08-04-2019 00:00Not After07-04-2020 23:59SubjectCN=Eduard Müller,O=Eduard Müller,POSTALCODE=10318,STREET=Wallensteinstr. 39A,L=Berlin,ST=Deutschland,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before30-05-2000 10:48Not After30-05-2020 10:48SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-11-2018 00:00Not After31-12-2030 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
34:9d:b3:a5:2d:5d:95:20:bd:8c:db:81:45:54:ff:31:49:dc:c4:4bSigner
Actual PE Digest34:9d:b3:a5:2d:5d:95:20:bd:8c:db:81:45:54:ff:31:49:dc:c4:4bDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ