home

beservice.exe

BattlEye Innovations e.K.

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from www.battleye.com and multiple other hosts.
Publisher:
BattlEye Innovations e.K.  (signed and verified)

MD5:
b02ff978d11586a1c63a83246c1a3c83

SHA-1:
d7e8e45016ac38907506ff29170b22975f5fd7c5

SHA-256:
a693c845e4b9a7302f7d30ed53e7a09f3798933e2faba31c0cc744a579319e72

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 6:14:51 AM UTC  (today)

File size:
1.8 MB (1,863,688 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:
BattlEye Innovations e.K.

Authority:
DigiCert Inc

Valid from:
11/10/2015 7:00:00 AM

Valid to:
11/14/2018 7:00:00 PM

Subject:
CN=BattlEye Innovations e.K., O=BattlEye Innovations e.K., L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F5A57726999506B6F93FD9A150B88FA

File PE Metadata
Compilation timestamp:
4/7/2016 5:37:50 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
14.0

CTPH (ssdeep):
49152:I0F+302kbaVrIVUuZnB4Tp9KByPCs978j0waztHlp3G+hWtN:I0FaWapIGcY0bs974MllhrAH

Entry address:
0xE9E6D

Entry point:
E9, 4D, 36, 00, 00, F5, 85, D7, 80, 3F, 23, E9, 4B, 49, 00, 00, E9, D2, 77, FF, FF, 0D, DA, 67, A1, F4, 56, 87, DA, 48, 4D, 35, 0B, 46, 79, BE, EB, 82, 0A, 3F, 79, 24, 5C, E1, 1B, 0E, 46, BB, F5, D0, 08, 05, 3F, 82, E4, 8D, 17, 2A, 62, 6F, 29, D8, 60, BB, 77, 7E, 06, B1, 6D, C0, F8, 85, BF, 9A, 52, 7D, 4F, 28, BB, 60, 8B, 1E, FC, F3, F2, B3, 97, D7, 63, 67, 76, E5, 97, 38, 7B, 25, 66, 68, D3, D8, 1E, 15, 82, 79, E6, 01, 30, E8, 60, D9, 18, 52, AF, 28, 25, 2B, A4, 3A, 86, 7F, 9F, A9, E4, A6, 1B, E7, AD, 50...
 
[+]

Entropy:
7.8401

Packer / compiler:
Xtreme-Protector v1.05

Code size:
121 KB (123,904 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following 3 URLs.

https://www.battleye.com/downloads/.../BEService_x64.exe

https://www.battleye.com/downloads/.../BEService_x64.exe

http://www.battleye.com/downloads/.../BEService_x64.exe

Scan beservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.