ggdllhost.exe
RUNDLL32 by Garena Online Pte Ltd (Signed)
Version: | 1, 0, 0, 1 |
MD5: | 2d31dbd23c198bc2a9f356daa07d42ac |
SHA1: | e7c5a4aa3dbf760461081a409f290bcea1af030e |
Overview
ggdllhost.exe executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including Garena Plus published by Garena Online Pte Ltd. and Garena - League of Legends published by Garena Online Pte Ltd..
Details
File name: | ggdllhost.exe |
Product name: | RUNDLL32 |
Description: | Windows host process (Rundll32) |
Typical file path: | C:\Program Files\garena plus\ggdllhost.exe |
Original name: | RUNDLL32.EXE |
File version: | 1, 0, 0, 1 |
Size: | 48.3 KB (49,456 bytes) |
Build date: | 7/17/2013 4:27 PM |
Certificate |
Issued to: | Garena Online Pte Ltd |
Authority (CA): | VeriSign |
Effective date: | Monday, October 17, 2011 |
Expiration date: | Sunday, November 2, 2014 |
Digital DNA |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following programs will install this file
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements. The Garena Plus game platform can be downloaded for free and it has an interface similar to instant messaging platforms. Gamers are also able to form groups or clans, and chat with multiple gamers simultaneously through public or private channels t...
League of Legends is a multiplayer online battle arena video game where players are formed into two teams of five Champions. League of Legends is a session-based game. Matchmaking creates teams with even average MMR (Matchmaking Rating) of the constituent players. Each player begins at opposing sides of a map near a building called a Nexus. A match is won when either team's Nexus is destroyed.
Behaviors
Scheduled tasks
- The task 'gg_uac_daemon_son' runs on logon in the path '\gg_uac_daemon_son'
- The job 'gg_uac_daemon_Visson' runs on logon in the path '\gg_uac_daemon_Visson'
- The job 'gg_uac_daemon_Ray' runs on logon in the path '\gg_uac_daemon_Ray'
- The task 'gg_uac_daemon_SIMON' runs on logon in the path '\gg_uac_daemon_SIMON'
- The job 'gg_uac_daemon_user' runs on logon in the path '\gg_uac_daemon_user'
- The task 'gg_uac_daemon_Administrator' runs on logon in the path '\gg_uac_daemon_Administrator'
- The task 'gg_uac_daemon_NOVA' runs on logon in the path '\gg_uac_daemon_NOVA'
- The job 'gg_uac_daemon_Rojo' runs on logon in the path '\gg_uac_daemon_Rojo'
- The task 'gg_uac_daemon_Marites' runs on logon in the path '\gg_uac_daemon_Marites'
- The job 'gg_uac_daemon_Chinchan' runs on logon in the path '\gg_uac_daemon_Chinchan'
- The task 'gg_uac_daemon_nguyenhiep' runs on logon in the path '\gg_uac_daemon_nguyenhiep'
- The job 'gg_uac_daemon_hero2588' runs on logon in the path '\gg_uac_daemon_hero2588'
- The job 'gg_uac_daemon_icheng' runs on logon in the path '\gg_uac_daemon_icheng'
- The job 'gg_uac_daemon_john' runs on logon in the path '\gg_uac_daemon_john'
- The job 'gg_uac_daemon_Paolo' runs on logon in the path '\gg_uac_daemon_Paolo'
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\Garena Plus\ggdllhost.exe'
- Firewall exception for 'C:\hon\GarenaHoN\GameData\ggdllhost.exe'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\gg_uac_daemon_son'
- Login entry path '\gg_uac_daemon_user'
- Login entry path '\gg_uac_daemon_NOVA'
- Login entry path '\gg_uac_daemon_Rojo'
- Login entry path '\gg_uac_daemon_Marites'
- Login entry path '\gg_uac_daemon_Chinchan'
- Login entry path '\gg_uac_daemon_nguyenhiep'
- Login entry path '\gg_uac_daemon_hero2588'
- Login entry path '\gg_uac_daemon_icheng'
- Login entry path '\gg_uac_daemon_john'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 64107
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00013175% | |
Kernel CPU: | 0.00003670% | |
User CPU: | 0.00009505% | |
Kernel CPU time: | 78 ms/min | |
Memory |
Private memory: | 3.58 MB | |
Private (maximum): | 7.89 MB | |
Private (minimum): | 1.83 MB | |
Non-paged memory: | 3.58 MB | |
Virtual memory: | 72.51 MB | |
Virtual memory (peak): | 75.51 MB | |
Working set: | 2.02 MB | |
Working set (peak): | 7.89 MB | |
Resource allocations |
Threads: | 14 | |
Handles: | 153 | |
GUI GDI count: | 9 | |
GUI GDI peak: | 9 | |
GUI USER count: | 2 | |
GUI USER peak: | 2 | |
Process properties
Threads
Averages
ggspawn.dll |
Total CPU: | 0.00023482% | |
Kernel CPU: | 0.00004403% | |
User CPU: | 0.00019079% | |
CPU cycles: | 398,474/sec | |
Context switches: | 2/sec | |
Memory: | 564 KB | |
ggdllhost.exe (main module) |
Total CPU: | 0.00002935% | |
Kernel CPU: | 0.00002935% | |
User CPU: | 0.00000000% | |
CPU cycles: | 536/sec | |
Memory: | 56 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
34.62% |
|
Windows 7 Ultimate |
25.00% |
|
Windows 8 |
15.38% |
|
Microsoft Windows XP |
9.62% |
|
Windows 8.1 Single Language |
5.77% |
|
Windows 8 Enterprise |
5.77% |
|
Windows Vista Home Premium |
1.92% |
|
Windows 8 Single Language |
1.92% |
|
Distribution by country
Taiwan installs about 38.46% of RUNDLL32.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Toshiba |
48.57% |
|
ASUS |
20.00% |
|
Acer |
17.14% |
|
GIGABYTE |
8.57% |
|
Hewlett-Packard |
2.86% |
|
Lenovo |
2.86% |
|