home

beservice.exe

BattlEye Innovations e.K.

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from www.battleye.com.
Publisher:
BattlEye Innovations e.K.  (signed and verified)

MD5:
c92b1b6d82ca7c093478eefcd96ad153

SHA-1:
d94f56216ccba520e59f7b6050847ec491b017c6

SHA-256:
4f1556bfdcc8f3c1c7753791a38621ba109a6ff839290411d6188b969162dabc

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 5:58:51 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win64:Evo-gen [Susp]
151004-0

Qihoo 360 Security
Win32/Trojan.7be
1.0.0.1077

File size:
1.2 MB (1,257,504 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:
BattlEye Innovations e.K.

Authority:
DigiCert Inc

Valid from:
11/10/2015 3:00:00 AM

Valid to:
11/14/2018 3:00:00 PM

Subject:
CN=BattlEye Innovations e.K., O=BattlEye Innovations e.K., L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F5A57726999506B6F93FD9A150B88FA

File PE Metadata
Compilation timestamp:
11/23/2015 12:22:43 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
24576:LepEtXxRNh5OwnRI5ZageZnloJ+RfvBWQggKaduSfqOE5O4RulTLQ76Bz:LeSXrnRImgeZnqYOgKzSd8ulPQ76d

Entry address:
0x1FD5FB

Entry point:
E9, 88, 23, F5, FF, DB, EC, 7E, 0E, 35, A7, 97, 37, 6D, 12, 45, 2A, 9E, F4, 4B, 10, 72, 27, 65, 5C, 73, 18, 43, 3C, 42, 73, 97, AD, E2, A5, 69, 07, A4, E7, E4, 87, E4, AF, 94, A7, 34, 2F, 8D, C8, 80, F2, 65, 4A, ED, BE, 7B, 6A, 79, 69, 63, BA, 4A, 8A, F9, F0, A6, E7, A6, 5A, A3, ED, 92, 1D, 8A, AA, 00, 00, 00, 9F, 38, 83, B4, E8, D3, 9E, 14, 1D, 4C, 8A, 89, 3D, F6, 6A, 98, 97, 85, FF, 31, B4, D0, FB, AB, 00, 00, 00, 40, 34, 4C, F8, 85, 57, 00, 00, 00, BD, 31, 22, D8, 7A, D2, 35, 81, EF, EB, 99, 44, 4B, 8A...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
113.5 KB (116,224 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following URL.

http://www.battleye.com/downloads/.../BEService_x64.exe

Scan beservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.