» beservice.exe
Overview
Analysis
File Details
Behaviors (1)

beservice.exe

Bastian Suter

It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”.

File name:

beservice.exe

Publisher:

Bastian Suter (signed and verified)

MD5:

1cc99e379329c2eea3e1da28aaa51bb3

SHA-1:

8a19e22057a551d0f95ffea59bf606b4e87f2dbc

SHA-256:

c5830bdc3a7f2d0f019c5a8f12f6f7e63e8171a3c6b4fcb47678e89c4691b545

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 3:45:59 AM UTC (today)

Scan engine

Detection

Engine version

McAfee

Generic Obfuscated.c

5600.6691

Trend Micro House Call

Suspicious_GEN.F47V0113

7.2.208

File size:

765.9 KB (784,256 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\common files\battleye\beservice.exe

Digital Signature

Signed by:

Bastian Suter

Authority:

DigiCert Inc

Valid from:

3/4/2014 4:00:00 PM

Valid to:

5/13/2015 5:00:00 AM

Subject:

CN=Bastian Suter, O=Bastian Suter, L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F01D40307832B7F6747D7AB752213DC

File PE Metadata

Compilation timestamp:

1/12/2015 6:16:43 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

12288:hcVe9m8X7vhzntPH+mgeI+nqvZmV2h4+tLd8sFwDS9SpGvS0oN3ZaKEIe2BL65YE:hcK7pzntPemNImpr+tLd/FmTpGvBM+U2

Entry address:

0x13C8D0

Entry point:

E9, 55, F1, FF, FF, F8, F9, 0F, BA, E2, 18, C0, C0, 05, F5, F8, 84, DC, 38, F2, 34, 61, E9, E5, B2, F4, FF, E9, BD, 37, 00, 00, E9, 03, A9, FE, FF, 66, 87, 03, E9, 65, DE, FF, FF, 48, F7, C4, 08, 00, 00, 00, E9, 62, F1, F4, FF, 26, 2D, DA, 9A, 42, B5, BE, F4, E4, F0, 10, F3, D7, 01, 4E, 0E, 8B, 4B, D0, 90, D9, 9D, F2, B2, 27, E7, 7C, 3C, F4, 67, AC, 6C, F9, B9, 6E, 2E, D3, 93, FC, C0, 2D, ED, EA, AA, 22, 95, 7B, 55, 1B, F5, F3, CD, AA, 6A, 0C, B3, 6D, C3, C0, 7A, 6D, 20, 99, 67, E8, CD, C0, C9, F9, 52, BE... 
[+]

Entropy:

7.8820

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

77.5 KB (79,360 bytes)

Service

Display name:

BattlEye Service

Service name:

BEService

Type:

Win32OwnProcess

Scan beservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.