home

beservice.exe

BattlEye Innovations e.K.

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from www.battleye.com and multiple other hosts.
Publisher:
BattlEye Innovations e.K.  (signed and verified)

MD5:
ce4deb0464915a50371d1fcdd22be6d0

SHA-1:
88601da19fdbb00a801d926cff2f6c557fae2cd2

SHA-256:
8cfdc981605de5ed22dc07e892108445bdae84fcacfaf2eb5e4417e0757b623d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:00:38 PM UTC  (today)

File size:
1.8 MB (1,860,616 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:
BattlEye Innovations e.K.

Authority:
DigiCert Inc

Valid from:
11/10/2015 8:00:00 AM

Valid to:
11/14/2018 8:00:00 PM

Subject:
CN=BattlEye Innovations e.K., O=BattlEye Innovations e.K., L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F5A57726999506B6F93FD9A150B88FA

File PE Metadata
Compilation timestamp:
4/4/2016 5:00:42 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
14.0

CTPH (ssdeep):
49152:48N+WO7oMo7lXNycybajK1fIVFMl6g9ye5qzCkXI0ao3G+hWtN:vYh2R9ycy+m1fK666yaUrAH

Entry address:
0x198707

Entry point:
E9, 60, 6D, F4, FF, E9, A8, 42, FF, FF, BD, 7D, 6B, 35, C2, C2, 7D, 01, 3E, 5C, E5, F3, 0E, 02, 6F, 39, C5, AD, 44, FC, D5, CB, C6, 42, 7C, DE, 40, 5A, 44, 8E, 80, 42, 4F, F9, E8, C8, 46, 5C, 52, 18, 26, 0C, C2, D0, 61, D7, EA, D6, 58, 0A, 4B, E8, 0B, F9, ED, D9, E8, 5B, D8, E8, 25, 95, EC, F4, A1, BA, A6, 9A, F2, 60, 12, 9E, D7, 56, 00, 61, 69, 17, F7, 31, 69, A0, 1A, 4A, 43, 72, 28, E1, 3E, 20, 0F, A9, 18, A0, A5, 8E, 92, 9E, 0F, 4C, 6E, 9B, 9D, C6, B4, 8E, 03, 25, CB, 75, B2, 32, CA, 9D, D7, 56, 00, 77...
 
[+]

Entropy:
7.8365

Packer / compiler:
Xtreme-Protector v1.05

Code size:
121 KB (123,904 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following 2 URLs.

http://www.battleye.com/downloads/.../BEService_x64.exe

https://www.battleye.com/downloads/.../BEService_x64.exe

Scan beservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.