ggdllhost.exe
RUNDLL32 by Garena Online Pte Ltd (Signed)
| Version: | 1, 0, 0, 1 |
| MD5: | 925175a0ec575566cd2c0b585a5fbc22 |
| SHA1: | acfa391fcfe52a465f2eded09f3225fcf7e8acc4 |
Overview
ggdllhost.exe executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This is typically installed with the program Garena+ published by Garena Online Pte Ltd.. The file is digitally signed by Garena Online Pte Ltd which was issued by the VeriSign certificate authority (CA).
Details
| File name: | ggdllhost.exe |
| Product name: | RUNDLL32 |
| Description: | Windows host process (Rundll32) |
| Typical file path: | C:\Program Files\garena plus\ggdllhost.exe |
| Original name: | RUNDLL32.EXE |
| File version: | 1, 0, 0, 1 |
| Size: | 45.63 KB (46,728 bytes) |
| Build date: | 8/22/2013 4:30 PM |
| Certificate |
| Issued to: | Garena Online Pte Ltd |
| Authority (CA): | VeriSign |
| Effective date: | Monday, October 17, 2011 |
| Expiration date: | Sunday, November 2, 2014 |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following program will install this file
“Garena+ is an online social gaming platform which you can download for free and use to connect with millions of other gamers around the world. Using the Garena+, you can play various titles such as BlackShot, Heroes of Newerth, League of Legends and many other great titles.
In addition to providing an esports playground for popular classics such as DotA and Age of Empire, Garena also introduced latest premium online games on Garena+...”
Behaviors
Scheduled tasks
- The task 'gg_uac_daemon_son' runs on logon in the path '\gg_uac_daemon_son'
- The job 'gg_uac_daemon_Visson' runs on logon in the path '\gg_uac_daemon_Visson'
- The job 'gg_uac_daemon_Ray' runs on logon in the path '\gg_uac_daemon_Ray'
- The task 'gg_uac_daemon_SIMON' runs on logon in the path '\gg_uac_daemon_SIMON'
- The job 'gg_uac_daemon_user' runs on logon in the path '\gg_uac_daemon_user'
- The task 'gg_uac_daemon_Administrator' runs on logon in the path '\gg_uac_daemon_Administrator'
- The task 'gg_uac_daemon_NOVA' runs on logon in the path '\gg_uac_daemon_NOVA'
- The job 'gg_uac_daemon_Rojo' runs on logon in the path '\gg_uac_daemon_Rojo'
- The task 'gg_uac_daemon_Marites' runs on logon in the path '\gg_uac_daemon_Marites'
- The job 'gg_uac_daemon_Chinchan' runs on logon in the path '\gg_uac_daemon_Chinchan'
- The task 'gg_uac_daemon_nguyenhiep' runs on logon in the path '\gg_uac_daemon_nguyenhiep'
- The job 'gg_uac_daemon_hero2588' runs on logon in the path '\gg_uac_daemon_hero2588'
- The job 'gg_uac_daemon_icheng' runs on logon in the path '\gg_uac_daemon_icheng'
- The job 'gg_uac_daemon_john' runs on logon in the path '\gg_uac_daemon_john'
- The job 'gg_uac_daemon_Paolo' runs on logon in the path '\gg_uac_daemon_Paolo'
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\Garena Plus\ggdllhost.exe'
- Firewall exception for 'C:\hon\GarenaHoN\GameData\ggdllhost.exe'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\gg_uac_daemon_son'
- Login entry path '\gg_uac_daemon_user'
- Login entry path '\gg_uac_daemon_NOVA'
- Login entry path '\gg_uac_daemon_Rojo'
- Login entry path '\gg_uac_daemon_Marites'
- Login entry path '\gg_uac_daemon_Chinchan'
- Login entry path '\gg_uac_daemon_nguyenhiep'
- Login entry path '\gg_uac_daemon_hero2588'
- Login entry path '\gg_uac_daemon_icheng'
- Login entry path '\gg_uac_daemon_john'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 49747
[UDP] listens on port 60829
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00108332% | |
| Kernel CPU: | 0.00024733% | |
| User CPU: | 0.00083599% | |
| Kernel CPU time: | 1,794 ms/min | |
| CPU cycles: | 745,131/sec | |
| Context switches: | 3/sec | |
| Memory |
| Private memory: | 4.61 MB | |
| Private (maximum): | 6.03 MB | |
| Private (minimum): | 1.9 MB | |
| Non-paged memory: | 4.61 MB | |
| Virtual memory: | 77.31 MB | |
| Virtual memory (peak): | 88.7 MB | |
| Working set: | 2.06 MB | |
| Working set (peak): | 8.13 MB | |
| Page faults: | 90,950/min | |
| I/O |
| I/O read transfer: | 4 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O other transfer: | 2.27 KB/sec | |
| I/O other operations: | 95/sec | |
| Resource allocations |
| Threads: | 18 | |
| Handles: | 172 | |
| GUI GDI count: | 9 | |
| GUI GDI peak: | 9 | |
| GUI USER count: | 2 | |
| GUI USER peak: | 2 | |
Process properties
| Integrety level: | High |
| Platform: | 64-bit |
| Command lines: |
- "C:\garena plus\ggdllhost.exe" "C:\garena plus\ggspawn.dll",rundll_entry
- "C:\Program Files\garena plus\ggdllhost.exe" "C:\Program Files\garena plus\ggspawn.dll",rundll_entry
|
| Owner: | User |
| Parent processes: |
|
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
34.62% |
|
| Windows 7 Ultimate |
25.00% |
|
| Windows 8 |
15.38% |
|
| Microsoft Windows XP |
9.62% |
|
| Windows 8.1 Single Language |
5.77% |
|
| Windows 8 Enterprise |
5.77% |
|
| Windows Vista Home Premium |
1.92% |
|
| Windows 8 Single Language |
1.92% |
|
Distribution by country
Taiwan installs about 38.46% of RUNDLL32.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Toshiba |
48.57% |
|
| ASUS |
20.00% |
|
| Acer |
17.14% |
|
| GIGABYTE |
8.57% |
|
| Hewlett-Packard |
2.86% |
|
| Lenovo |
2.86% |
|
