home

beservice.exe

Bastian Suter

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from www.battleye.com.
Publisher:
Bastian Suter  (signed and verified)

MD5:
342e37f010e900d24d3f6e3cebd1b24f

SHA-1:
2b7180ce7586e65a2563632355b15dd168486755

SHA-256:
b4a0e54836a2ef35b11f63ee3a158bc2301acb702808bf32d963aecabd49bd7e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/14/2025 11:49:59 AM UTC  (today)

File size:
1.1 MB (1,137,152 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:
Bastian Suter

Authority:
DigiCert Inc

Valid from:
4/20/2015 2:00:00 AM

Valid to:
6/13/2018 2:00:00 PM

Subject:
CN=Bastian Suter, O=Bastian Suter, L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0CEC25760619513A72214FB3C86C376D

File PE Metadata
Compilation timestamp:
6/21/2015 8:38:28 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
24576:lamN3ZwItR5NDbUCO9tu1z+c8mBIcqbB5HVObSqu:cwlpQH9Yl+bcMB5QC

Entry address:
0xD31B5

Entry point:
E9, BA, F9, FF, FF, 48, F7, C4, 08, 00, 00, 00, E9, 29, F8, 05, 00, 48, 39, D0, E9, F4, AD, 10, 00, E9, FC, 62, 04, 00, 2C, 30, 85, FB, F5, 66, 0F, BA, E4, 08, 3C, 09, E9, 0C, 3B, 06, 00, 74, 11, C7, 87, D9, A0, B3, 29, DB, E2, AD, 00, 74, 61, 2E, 47, 48, FD, 92, 13, 7C, 11, 7C, 51, 24, 49, 46, 6F, 20, 1D, 57, FE, 8F, 2E, 47, 1E, 71, B4, C0, D5, BA, 23, 6C, C1, CC, D1, BC, C1, CC, F9, 63, 6A, C4, 29, 7E, B1, C5, CB, 7D, 48, 47, 7E, DE, E7, 7F, 5E, 81, 4E, 39, BE, F7, 62, EE, 8D, 5F, 5B, D2, CF, 81, 4C, 28...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
110.5 KB (113,152 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following URL.

http://www.battleye.com/downloads/.../BEService_x64.exe

Scan beservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.