home

beservice.exe

Bastian Suter

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from www.battleye.com and multiple other hosts.
Publisher:
Bastian Suter  (signed and verified)

MD5:
56805606d40b1ec96ae8442e21318c13

SHA-1:
a23f353bd1ff51d2f1a1e00d7a6aa6d3cc7ab063

SHA-256:
3cbcb50ea8d2124b5e322d38f721670b4997f5f6865d3c7d5f819b9ef9620394

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/14/2025 11:33:28 AM UTC  (today)

File size:
1.1 MB (1,125,888 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:
Bastian Suter

Authority:
DigiCert Inc

Valid from:
7/14/2015 8:00:00 PM

Valid to:
12/30/2016 7:00:00 AM

Subject:
CN=Bastian Suter, O=Bastian Suter, L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
036EEE651CB75C856158F1A4B933288B

File PE Metadata
Compilation timestamp:
7/20/2015 9:53:33 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
24576:73tJwFM4yS9iIfzdQJ4XoJ0dZ8Y+CpKuLi3qsyDwPIGk04:rtoM4yS9tfk4YJAZ8Y+CpKP3TYWC

Entry address:
0xC9172

Entry point:
E9, C1, EA, 0A, 00, E9, 72, 82, 0F, 00, 0F, 86, 44, 56, 0F, 00, 0F, 87, F4, 29, 00, 00, F5, F9, 84, E2, 48, 0F, A3, C6, 48, 29, FB, 66, F7, DF, 81, E7, 9F, 29, 67, 2F, 48, 01, E3, 48, 8D, BA, 78, 0F, 4E, 72, 0F, CF, 48, 89, DF, E9, EA, 1D, 00, 00, F9, F8, 56, 66, 0F, B6, F2, 48, 89, FE, 80, FF, 37, E9, E6, 08, 00, 00, 66, 0F, BA, E4, 0C, 84, E4, E9, 7D, 75, 0A, 00, 5A, E5, EE, 50, 7E, 2A, A2, 01, E9, 95, 34, F0, 34, 8F, 27, A4, 5F, 9F, 17, 53, EF, D0, 57, C4, FF, 5B, C6, 62, 19, B5, D5, B1, 5D, 2E, CD, 99...
 
[+]

Entropy:
7.8702

Packer / compiler:
Xtreme-Protector v1.05

Code size:
110.5 KB (113,152 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following 2 URLs.

http://www.battleye.com/downloads/.../BEService_x64.exe

http://www.battleye.com/downloads/.../BEService_x64.exe

Scan beservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.