home

beservice.exe

Bastian Suter

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from battleye.com.
Publisher:
Bastian Suter  (signed and verified)

MD5:
e65f7cea53a17adef17549bda47254aa

SHA-1:
b61b9f0354180030bc23622590df2ca2ac5a83b1

SHA-256:
c337f1c84e398586b59f22df0e9f223bdd56e408319375b81e378846d4efa972

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 12:07:46 AM UTC  (today)

File size:
746.9 KB (764,800 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:
Bastian Suter

Authority:
DigiCert Inc

Valid from:
3/5/2014 10:00:00 AM

Valid to:
5/13/2015 10:00:00 PM

Subject:
CN=Bastian Suter, O=Bastian Suter, L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F01D40307832B7F6747D7AB752213DC

File PE Metadata
Compilation timestamp:
1/7/2015 5:54:48 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:oUPPszc01d4BxZYSwyxvEhLyHDJ8NyCd5rbyjuQ7Q8XxZLZiNu5StVoxtN5odD:oc01d4rZJwqshGdCvd5rby6C/XbZiNga

Entry address:
0x12790B

Entry point:
0F, 87, D4, 4A, F6, FF, 68, C1, 92, 7F, 78, E9, A0, D7, FC, FF, 80, 7F, FF, 00, E9, 8E, 69, F6, FF, E9, 06, F8, FF, FF, 3C, A8, C3, 55, F3, 26, CE, 2A, D4, B4, F1, 9F, C4, AF, A0, DC, AB, D1, 47, 24, AD, CB, 6F, 0D, 8D, F7, AF, D1, AD, CA, 5E, 28, 2B, 46, 5F, 22, 65, 1C, BF, F6, E5, 93, A7, DF, 4C, 29, 2D, A0, 89, E6, 94, DD, DA, 00, 2D, 2A, D0, 3B, FC, 88, 8E, EB, E7, 63, 9E, D8, 9B, 3A, 66, 79, 03, 00, 00, C1, 89, ED, 7A, 98, FF, 96, 92, FE, 4D, AD, 1C, 25, 92, E2, 60, 67, F4, EA, 48, 5A, 1A, A9, 13, 35...
 
[+]

Entropy:
7.8859  (probably packed)

Code size:
76 KB (77,824 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following URL.

http://battleye.com/downloads/.../BEService_x64.exe

Scan beservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.