home

beservice.exe

Bastian Suter

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “BattlEye Service”. The file has been seen being downloaded from www.battleye.com.
Publisher:
Bastian Suter  (signed and verified)

MD5:
74563d53e49bc5e7ddefd6412f92b026

SHA-1:
e1ee1cd4ce0e3ea017b8bd551ea2894aad9e272b

SHA-256:
c57123539a2cbd333ee7c751134c940b9e2da90ae6780b4012ecd0571f78b215

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/14/2025 11:23:50 AM UTC  (today)

File size:
907.5 KB (929,280 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\battleye\beservice.exe

Digital Signature
Signed by:
Bastian Suter

Authority:
DigiCert Inc

Valid from:
4/20/2015 3:00:00 AM

Valid to:
6/13/2018 3:00:00 PM

Subject:
CN=Bastian Suter, O=Bastian Suter, L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0CEC25760619513A72214FB3C86C376D

File PE Metadata
Compilation timestamp:
6/21/2015 9:38:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:hHX1DYdlQDDJssH2BEhx26dfkeLpRe2UGHzXJpEM7BQGGQioKHXStwTRQXuqgGz+:pl8dIfhk6d/LpgZGTRcOKCtwFqrz0bl

Entry address:
0xA58DC

Entry point:
E8, AB, 08, 0A, 00, 01, F8, 38, D1, 39, D0, 9C, 9C, 68, 62, AE, CD, 9E, 8D, 64, 24, 30, 0F, 82, BA, 3F, 0A, 00, 66, 0F, A3, F1, 0F, BA, E5, 0A, 3B, 45, F0, E8, 70, FF, 09, 00, F8, F5, C7, 04, 24, E3, 9B, FC, 97, 01, C7, 66, C7, 04, 24, 81, 7D, 8B, 3C, 8F, 66, 0F, A3, D3, 85, FF, E8, 72, 99, 0D, 00, DC, D7, E0, 22, B8, B7, 4F, 47, 5F, E5, A6, A3, 2D, AB, 2B, 41, 36, AA, 51, A0, E9, 57, E7, 98, 81, 6F, 16, 0B, 9E, A9, DE, 06, CD, 05, 3A, 4E, EE, B7, D7, 2A, EF, C6, 53, 5B, E1, 59, 6D, C4, 87, 72, 6B, B4, 75...
 
[+]

Code size:
96 KB (98,304 bytes)

Service
Display name:
BattlEye Service

Service name:
BEService

Type:
Win32OwnProcess


The file beservice.exe has been seen being distributed by the following URL.

http://www.battleye.com/downloads/.../BEService.exe

Scan beservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.