home

onair.exe

ON AIR

DJMASTER.COM

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ONAIR’.
Publisher:
DJMASTER.COM

Product:
ON AIR

Version:
4.0.0.923

MD5:
18e6b50b5538f021d2fe7782810ba476

SHA-1:
c5fda920603f4781806ecd247f68f516e8e39b1c

SHA-256:
593d407b561d1d2b1bc300fb06e797234821d1c27d3adb916cd4eaf9720da272

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/18/2024 10:33:57 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.TsCabk
1.3.0.4613

Comodo Security
Heur.Suspicious
16996

Trend Micro House Call
TROJ_GEN.F47V0925
7.2.3

File size:
2.5 MB (2,614,272 bytes)

Product version:
4

Copyright:
Sandro Cumerlato

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\onair\onair.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.71

CTPH (ssdeep):
49152:RJ+18KHrcyiaC1vtruwJ4HW4Kttghawgbv+7yD/VTH0vuIsm9w:Rc18ogzaC1vWaw+v+7yD5xm9w

Entry address:
0x16B1C0

Entry point:
C6, 05, F0, C4, 56, 00, 00, B9, 00, 10, 61, 00, BA, 04, 10, 61, 00, B8, 50, 9A, 57, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 30, 9A, 57, 00, E8, E6, 6F, EA, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 54, 00, 00, 00, 00, 00, 00, 00, 90, 25, 41, 00, 00, 00, 00, 00, 10, 28, 41, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 29, 41, 00, 00, 00, 00, 00, 10, 25, 47, 00, A0, FF, 42, 00, C0, FF, 42, 00, 40, 30, 43, 00, 70, 30, 43, 00, E0, 24, 47, 00, F0, 24, 47, 00...
 
[+]

Code size:
1.4 MB (1,483,264 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ONAIR

Command:
C:\Program Files\onair\onair.exe


Scan onair.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.