» originthinsetup.exe
Overview
Analysis
File Details
Downloads (95)

originthinsetup.exe

Origin

Electronic Arts, Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.dm.origin.com and multiple other hosts.

File name:

originthinsetup.exe

Publisher:

Electronic Arts, Inc. (signed and verified)

Product:

Origin

Version:

9.11.6.18139

MD5:

a4179bbdc6dd604291fc7de2e6d94fd2

SHA-1:

c753b272176dd33203ae3c7718d34f4b95e60b3f

SHA-256:

5b14549ba6e344ebe6b36c32e73a14a3b3e167e28f831ae77dddedeb016f3177

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 1:03:28 AM UTC (today)

File size:

29.9 MB (31,334,856 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\originthinsetup.exe

Digital Signature

Signed by:

Electronic Arts, Inc.

Authority:

Symantec Corporation

Valid from:

5/13/2015 5:00:00 PM

Valid to:

7/22/2017 4:59:59 PM

Subject:

CN="Electronic Arts, Inc.", OU=EAC, O="Electronic Arts, Inc.", L=Burnaby, S=British Columbia, C=CA

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

4EE1C2D93B3CFBBD8450108A58A64F76

File PE Metadata

Compilation timestamp:

2/1/2012 9:12:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

786432:zofoxbS8Bz3x22KrY6QUxoTSlVwVW7obE9nU:EwJzctePV4oo9nU

Entry address:

0x33E2

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 88, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B4, 82, 40, 00, 6A, 08, A3, D8, B5, 42, 00, E8, 4B, 29, 00, 00, 55, 68, B4, 02, 00, 00, A3, E0, B4, 42, 00, 8D, 44, 24, 38, 50, 55, 68, 84, 85, 40, 00, FF, 15, 84, 81, 40, 00, 68, 6C, 85, 40, 00, 68, E0, A4, 42, 00, E8, 1B, 28, 00, 00, FF, 15, B0, 80, 40, 00, 50, BB, 00, 60, 43, 00, 53, E8, 09, 28, 00, 00... 
[+]

Entropy:

7.9992

Packer / compiler:

Nullsoft install system v2.x

Code size:

25.5 KB (26,112 bytes)

The file originthinsetup.exe has been seen being distributed by the following 50 URLs.

http://www.dm.origin.com/download?_ga=1.143155121.50307472.1458469383

http://www.dm.origin.com/download?_ga=1.124391619.87531356.1461348351

http://www.dm.origin.com/download?_ga=1.123815434.1661587266.1457732217

http://www.dm.origin.com/download?_ga=1.239590019.1292998985.1461582406

http://ea-origin.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiLp6Okkpg=

http://www.dm.origin.com/download?_ga=1.77398677.1802398147.1457662172

https://secure.innodl.com/.../ea-origin.exe

http://www.dm.origin.com/download?_ga=1.194986093.196823913.1459300606

http://www.dm.origin.com/download?_ga=1.77461649.565635028.1461446800

http://www.dm.origin.com/download?_ga=1.44065828.1861795967.1459283265

http://www.dm.origin.com/download?_ga=1.243208450.1878083742.1450232174

http://www.funclearconcepts.com/A6BlAYk6O_890wr4HeeoibTUVP2qVSaZYkw65JoVxOHXbv4HJ7LHnVasPG8C95 eUdPGLFbKvnYzrUmzdfgJ733n1 u4aeip8SPGbxyWOLPf3Ed_kFuWrly ONan8idMmMHcdiM_3MGuedTnY_FMHw3j1jp51_3ZljTURzvCbxM_gXQki70uArPQKSisiaG9F4D8FW4KxaqLDtzWQcV _Gi9rQTEF4mAUQRoTNHzbAV9AEBesN2jV5wIIdMqyS0sVnqgiGmchO Wd9gNL07kde9cZSB6JrfvwOFtsB HSaSWhKWZQz46RT2iHRZ8SpcVTF QRbIWutbjs9YstH 5DNHzneWLxCTgpR4i Zky3qKyA3ePb10wUHsMd1MDdxbALtEOFFEqqFjHd1REA4P3vwXfgE2k6mNigDHfaXJIzuYQZj0kFrqAhTsrXzXg6xVQHMQWP_zNrlGKxd05lN7bjAbu06csGmDZNjJRvDt8WckFG7ToTjE9Y4xDS_b O96 T5De55si-G1AAAGRgnq2tQWpSs3_YgAOXiAJtQDq37HN4nmMJ8oXGbdubRTRxCLclyHpB7b V70e0T9rBSI2mWddJ29Ge6qLXVaAVUYJBGGRg-e

http://ea-origin.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaSQp6GflZk=

http://www.dm.origin.com/download?_ga=1.81927318.1019377406.1460570112

http://www.bitsfarmclean.com/Iy6BC6DMDh 6u 3sf rHGdFUteFUPfasZr8PSSocb1UL3im4UqKmCDYJ_0MXSJ8ppp2cMMDuY7D3wWHylfDgxtKfk7EaET6qu03tjp47m2EHwLqKZi415pqj obRDRjKh0OWjJBxnrzUpkuospIVV_Eg9CQ5 _YLUPgCMqZJKtnbjAy5vstvK aLuvQzxKIzoxGpNdFG-G1AAAGRgnq2tQWxCMw_YgAOXiAJtQDq37HN4nmMJ8oXGbdubRTRxCLclyHpC7a V70fs2rzGPNX1Cyzs_iTOPIFpqEArogTNEDRLkyw=

http://ea-origin.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiIpJyjmpg=

http://dl.cdn.chip.de/downloads/.../OriginThinSetup_9.12.0.34172.exe

http://www.dm.origin.com/download?_ga=1.149059186.515755591.1458346265

http://ea-origin.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaOMoZ6mk5k=

http://www.dm.origin.com/download?_ga=1.113361863.1145388641.1460983764

http://srwtck.com/get?key=b11e8793cade0a4fedc9f17323b20200&ref=https://www.origin.com/en-ie/download&uid=75103920&out=http://.../download

http://ea-origin.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaaOnqKgk5g=

http://www.dm.origin.com/download?_ga=1.46816679.1641969911.1458765211

http://www.dm.origin.com/download?_ga=1.75155538.1983450337.1459167108

http://ea-origin.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaaOpKShmpU=

http://ea-origin.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiOp6OolJc=

http://www.dm.origin.com/download?_ga=1.208054555.882266119.1458411471

http://www.dm.origin.com/download?_ga=1.92361822.21192476.1457649479

http://www.dm.origin.com/download?_ga=1.255384584.141591344.1410207947

http://www.dm.origin.com/download?_ga=1.267039822.1957236323.1457450942

Latest 30 of 95 download URLs

Scan originthinsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.