beservice.exe

Bastian Suter

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from www.battleye.com.
Publisher:
Bastian Suter  (signed and verified)

MD5:
b819c394857e907a95844a26dce164e7

SHA-1:
9cc4565872813614e6d06d754d7effbd6dbc3c76

SHA-256:
58140b9842d3b91d458979cc5ea9785eb6a579cfa7c5b96abc5b786e50aa29ed

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/17/2018 9:19:20 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
21137

McAfee
Generic Obfuscated.c
5600.6849

File size:
762.4 KB (780,672 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/5/2014 12:00:00 AM

Valid to:
5/13/2015 1:00:00 PM

Subject:
CN=Bastian Suter, O=Bastian Suter, L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F01D40307832B7F6747D7AB752213DC

File PE Metadata
Compilation timestamp:
1/14/2015 5:10:15 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:SO/BTj0jXgmh0JGSCfEupI16yNcLTKnW1/fWIZ1eXivn1KQ+aV7BvhzbLnc:NpTjMg7GS+ccB1/Ow1eytSaPpzbDc

Entry address:
0xC371B

Entry point:
E9, F5, D9, 07, 00, 48, 89, EC, E9, 1F, 95, 07, 00, C9, 0D, FB, D3, 79, FA, 68, 6E, 32, 31, 8E, 24, 0D, 46, D4, 0C, FA, E6, 9C, F4, 52, DE, C4, 5C, A2, 43, 91, FD, 73, 0B, D1, F2, 90, 08, DE, AA, F8, F9, A7, BF, 45, BD, 13, 3F, D5, 6D, 3B, 73, 71, E9, C7, 7F, 35, 8D, 7B, AB, 99, 9F, 77, 35, 3B, B5, 51, 74, 47, EB, D7, 6A, 97, 65, BF, 12, FB, CD, 57, 1B, 23, 91, 8F, 45, C1, 47, BF, BF, 55, C5, 0B, 63, 49, 4B, 63, FC, 0A, FF, FF, FF, FF, CD, D5, 80, B1, B6, FF, FF, FF, FC, 84, B8, A5, 06, F5, 1C, EA, 5A, 20...
 
[+]

Entropy:
7.8908

Packer / compiler:
Xtreme-Protector v1.05

Code size:
79 KB (80,896 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following URL.

Scan beservice.exe - Powered by Reason Core Security