Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1, 2, 43, 0 2.50%
1, 2, 42, 1 7.50%
1, 2, 38, 2 2.50%
1, 2, 32, 1 5.00%
1, 2, 31, 4 15.00%
1, 2, 31, 3 2.50%
1, 2, 31, 1 2.50%
1, 2, 30, 0 7.50%
1, 2, 28, 0 2.50%
1, 2, 25, 2 2.50%
1, 2, 24, 0 2.50%
1, 2, 23, 7 12.50%
1, 2, 20, 3 7.50%
1, 2, 19, 6 2.50%
1, 2, 19, 4 7.50%
1, 2, 19, 3 2.50%
1, 2, 17, 6 2.50%
1, 2, 16, 7 10.00%
1, 2, 15, 3 2.50%

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegOpenKeyExW, RegSetValueExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegQueryValueExW, GetNamedSecurityInfoW, SetEntriesInAclW, SetNamedSecurityInfoW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, CreateWellKnownSid, RegQueryInfoKeyW, RegEnumKeyExW
comctl32.dll
InitCommonControlsEx
gdi32.dll
GetStockObject, DeleteObject, CreateDIBitmap, CreateFontIndirectW, GetObjectW, EnumFontFamiliesW
kernel32.dll
DllMain, GetFileSize, HeapFree, GetProcessHeap, ReadFile, CopyFileW, FindClose, FindNextFileW, FindFirstFileW, LocalFree, LocalAlloc, SetErrorMode, GetSystemInfo, ResetEvent, GetDriveTypeW, GetLogicalDrives, FindFirstFileExW, GetFileAttributesW, HeapAlloc, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, WritePrivateProfileStringW, WritePrivateProfileSectionW, GetPrivateProfileStringW, WritePrivateProfileStringA, SetFilePointer, GetVersionExW, FlushInstructionCache, GlobalUnlock, GlobalLock, GlobalAlloc, InterlockedCompareExchange, HeapReAlloc, WinExec, ExpandEnvironmentStringsW, lstrcatW, lstrcpyW, SetLastError, DuplicateHandle, ResumeThread, ReleaseSemaphore, WriteFile, FindResourceExW, LockResource, CreateThread, WaitForMultipleObjects, TerminateThread, CreateDirectoryW, CreateSemaphoreA, Sleep, lstrcpynW, WaitForSingleObject, GetTickCount, TlsFree, TlsAlloc, InterlockedExchangeAdd, GetFileTime, SetEvent, PostQueuedCompletionStatus, GetExitCodeThread, CreateEventW, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, InterlockedExchange, RemoveVectoredExceptionHandler, lstrcmpiW, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, lstrlenW, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, IsBadCodePtr, GetLocalTime, IsBadReadPtr, MapViewOfFileEx, FlushViewOfFile, OpenFileMappingW, QueryPerformanceCounter, UnhandledExceptionFilter, GetStartupInfoW, AreFileApisANSI, GetModuleHandleA, SetFileTime, GetFileAttributesExW, GetFileInformationByHandle, SetCurrentDirectoryW, GetCurrentDirectoryW, CreateDirectoryExW, DeviceIoControl, SetFilePointerEx, SetEndOfFile, GetFullPathNameW, RemoveDirectoryW, CreateWaitableTimerA, SetWaitableTimer, SystemTimeToFileTime, TlsSetValue, OpenEventA, TlsGetValue, LCMapStringW, LCMapStringA, GetStringTypeExW, GetStringTypeExA, GetUserDefaultLCID, FormatMessageA, HeapSize, HeapDestroy, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, lstrcmpA, CreateMutexW, OpenMutexW, ReleaseMutex, MoveFileExW, DeleteFileW, CreateEventA, GetSystemTimeAsFileTime, CreateFileW, IsDebuggerPresent, DebugBreak, InitializeCriticalSection, RaiseException, DeleteCriticalSection, EnterCriticalSection, AddVectoredExceptionHandler, LeaveCriticalSection, SetUnhandledExceptionFilter, TerminateProcess, GetModuleFileNameW, FreeLibrary, LoadLibraryW, GetCurrentProcess, GetCurrentThread, SetThreadPriority, GetTempPathW, GetModuleHandleW, GetProcAddress, UnmapViewOfFile, CreateFileMappingW, GetLastError, MapViewOfFile, CloseHandle, GetCurrentProcessId, GetCurrentThreadId
msvcp90.dll
DllMain
msvcr90.dll
DllMain
ole32.dll
CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoInitialize, CoUninitialize
shlwapi.dll
StrCmpW, PathRemoveFileSpecW, PathRemoveBackslashW, PathFindFileNameW
user32.dll
DefWindowProcW, SendMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, DestroyWindow, CharNextW, GetCursorPos, DestroyIcon, LoadIconW, CallWindowProcW, SetWindowLongW, GetWindowLongW, SetTimer, KillTimer, RegisterWindowMessageW, GetLastInputInfo, CreateWindowExW, IsWindow, SendNotifyMessageW, wsprintfW, RegisterHotKey, UnregisterHotKey, PostQuitMessage, UnregisterClassW, UnhookWindowsHookEx, CallNextHookEx, GetKeyState, SetWindowsHookExW, GetDC, ReleaseDC, MessageBoxA, MoveWindow, LoadStringW, LoadStringA, UnregisterClassA, GetWindowRect, PostMessageW, MessageBoxW, IsWindowVisible, SystemParametersInfoW, PtInRect, IsIconic, ShowWindow, SetWindowPos, SetForegroundWindow, RegisterClassExW, GetActiveWindow, GetClientRect, SetClipboardData, CloseClipboard, EmptyClipboard, OpenClipboard, SetClassLongW, RedrawWindow, IsZoomed, GetClassInfoExW, GetWindowPlacement, SetFocus, MonitorFromPoint, IsRectEmpty, IsClipboardFormatAvailable, GetParent, GetSystemMetrics, ClientToScreen, FlashWindow, GetForegroundWindow, keybd_event, BringWindowToTop, LoadCursorW, SetCursor, EnableWindow, IsDialogMessageW, WaitMessage, GetLastActivePopup, GetClassLongW, GetDesktopWindow

GarenaMessenger.exe

Garena Plus by Garena Online Pte Ltd (Signed)

Remove GarenaMessenger.exe
Version:   1, 2, 15, 3
MD5:   539656456e0c9b440adfe04803d63f40
SHA1:   e374649b0b7e984403c672f03fcb764c856ffd70
SHA256:   0c1ff8dd012c3a8d368feed0871e5b1c484ed7451ec8cfabe5d599e8d745d601

Overview

garenamessenger.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). This is typically installed with the program Garena Plus published by Garena Online Pte Ltd.. The file is digitally signed by Garena Online Pte Ltd which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:garenamessenger.exe
Product name:Garena Plus
Typical file path:C:\game\garena plus\garenamessenger.exe
File version:1, 2, 15, 3
Size:8.38 MB (8,790,904 bytes)
Certificate
Issued to:Garena Online Pte Ltd
Authority (CA):VeriSign
Effective date:Tuesday, October 18, 2011
Expiration date:Monday, November 3, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 9.0
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Garena Plus
 Garena Online Pte Ltd.
2% remove
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements. The Garena Plus game platform can be downloaded for free and it has an interface similar to instant messaging platforms. Gamers are also able to form groups or clans, and chat with multiple gamers simultaneously through public or private channels t...

BehaviorsBehaviors

Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'GarenaPlus' → "C:\game\garena plus\garenamessenger.exe" -autolaunch
Network connections
  • [TCP] d117158176.ppp117158.cyberway.com.sg (203.117.158.176:9100)
  • [UDP] listens on port 53771

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00042378%
    0.028634%
    Kernel CPU:0.00033472%
    0.013761%
    User CPU:0.00008906%
    0.014873%
    Kernel CPU time:1,700 ms/min
    100,923,805ms/min
    Context switches:37/sec
    284/sec
    Memory
    Private memory:32.87 MB
    21.59 MB
    Private (maximum):48.9 MB
    Private (minimum):4.13 MB
    Non-paged memory:32.87 MB
    21.59 MB
    Virtual memory:188.19 MB
    140.96 MB
    Virtual memory (peak):204.36 MB
    169.69 MB
    Working set:11.87 MB
    18.61 MB
    Working set (peak):54.5 MB
    37.95 MB
    Resource allocations
    Threads:24
    12
    Handles:567
    600
    GUI GDI count:119
    103
    GUI GDI peak:122
    142
    GUI USER count:26
    49
    GUI USER peak:30
    71

    BehaviorsProcess properties

    Integrety level:High
    Platform:64-bit
    Command line:"C:\Program Files\garena plus\garenamessenger.exe" -autolaunch
    Owner:User
    Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

    ResourcesThreads

    Averages
     
    GarenaMessenger.exe (main module)
    Total CPU:0.00068797%
    0.272967%
    Kernel CPU:0.00023483%
    0.107585%
    User CPU:0.00045314%
    0.165382%
    CPU cycles:89,139/sec
    5,741,424/sec
    Context switches:3/sec
    79/sec
    Memory:8.46 MB
    1.16 MB
    ntdll.dll
    Total CPU:0.00003055%
    Kernel CPU:0.00003055%
    User CPU:0.00000000%
    CPU cycles:607/sec
    Memory:1.66 MB
    wow64.dll
    Total CPU:0.00003055%
    Kernel CPU:0.00000000%
    User CPU:0.00003055%
    CPU cycles:13,342/sec
    Memory:252 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Ultimate 32.50%
    Microsoft Windows XP 30.00%
    Windows 8 12.50%
    Windows 7 Home Premium 12.50%
    Windows 8 Pro 7.50%
    Windows 8 Single Language 2.50%
    Windows 8 Enterprise 2.50%

    Distribution by countryDistribution by country

    Taiwan installs about 25.00% of Garena Plus.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 26.32%
    GIGABYTE 21.05%
    Acer 15.79%
    Hewlett-Packard 13.16%
    Toshiba 10.53%
    American Megatrends 7.89%
    Lenovo 5.26%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE