Rubberband plugin - Password Stealer?

Just got an update for the Rubberband pitch shift plugin and it got detected as a password stealer by Windows Defender.

File in case: file:C:\Users\Johan\AppData\Roaming\Renoise\V3.0.0\Scripts\Tools\com.renoise.Rubberband.xrnx\bin\win32\rubberband.exe

Detected as: PWS:Win32/Lineage.gen!C.dam

Other AVs clears the file except Bkav that lists this as W32.HfsPikanver.40bb, so it’s probably a false positive.

It’s almost certainly a false positive, unless something else on your system has actually modified the .exe

If in doubt, you can grab the original Rubberband binary and check it with your AV software:

I checked it with Comodo antivirus and it seems ok. What i did notice though is Rubberband.exe is packed with UPX. This helps keep the file size down and also adds a little protection against reverse engineering. Packers always give false positives. Look on Google for upx false positives. It’s not just UPX though it seems other packers/protecters have the same problem.