Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

68601 2.08%
f804c 2.08%
12f35 22.92%
6aa89 10.42%
74375 4.17%
b54e9 6.25%
aae48 2.08%
d9e78 2.08%
d0c3d 4.17%
43405 2.08%
f982f 2.08%
d78ef 25.00%
5f495 2.08%
46f74 4.17%
2ef38 4.17%
c0641 4.17%
(Note, Garena Online Pte Ltd publishes each variation of this file with the same version, but the hashes are unique.)

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
InitializeSecurityDescriptor, GetUserNameW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, SetSecurityDescriptorDacl, LookupPrivilegeValueW, OpenProcessToken, AdjustTokenPrivileges
kernel32.dll
GetProcessId, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, OpenProcess, GetModuleFileNameW, GetCurrentProcessId, GetSystemDirectoryW, GetProcAddress, GetModuleHandleW, GetCurrentProcess, GetWindowsDirectoryW, SetLastError, InterlockedDecrement, WaitForSingleObject, FlushViewOfFile, ReleaseMutex, CreateFileMappingW, MapViewOfFileEx, CreateMutexW, OpenMutexW, OpenFileMappingW, UnmapViewOfFile, CreateEventW, CreateThread, SetEvent, TerminateThread, ResetEvent, GetLastError, SetPriorityClass, SetThreadPriority, GetCurrentThread, SetErrorMode, DuplicateHandle, GetCurrentThreadId, OpenEventW, Sleep, GetCurrentDirectoryW, IsBadCodePtr, WaitForMultipleObjects, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, GetProcessTimes, GetPrivateProfileIntW, GetACP, MoveFileW, OutputDebugStringW, OutputDebugStringA, WideCharToMultiByte, MultiByteToWideChar, GetLocalTime, LocalAlloc, LocalFree, IsBadWritePtr, CreateProcessW, IsBadReadPtr, CloseHandle, DisableThreadLibraryCalls, GetTickCount, GetTempPathW, CreateFileA, ReadFile, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, FlushFileBuffers, GetModuleHandleA, SetStdHandle, CreateFileW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetSystemTimeAsFileTime, GetFileAttributesW, GetCommandLineA, RaiseException, RtlUnwind, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetCPInfo, GetOEMCP, IsValidCodePage, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, VirtualFree, QueryPerformanceCounter, VirtualAlloc, FreeLibrary, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, CreateEventA, VirtualProtectEx, WriteProcessMemory, GetSystemInfo, CreateJobObjectW, SetInformationJobObject, AssignProcessToJobObject, GetVersion, ResumeThread, CreateIoCompletionPort, PostQueuedCompletionStatus, GetQueuedCompletionStatus, IsProcessInJob, GetEnvironmentVariableW, SetEnvironmentVariableW, FlushInstructionCache, VirtualProtect, LoadLibraryW, MapViewOfFile, InterlockedCompareExchange, FormatMessageA, ReleaseSemaphore, OpenEventA, SystemTimeToFileTime, SetWaitableTimer, CreateWaitableTimerA, ExitThread
ole32.dll
CoInitializeSecurity, CoUninitialize, CoCreateInstance, CoInitializeEx
shlwapi.dll
SHGetValueW
user32.dll
DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW
Export table
_ExtExecAPI@0
DllRegisterServer
DllUnregisterServer
rundll_entryW

ggspawn.dll

By Garena Online Pte Ltd (Signed)

Remove ggspawn.dll
MD5:   12f35fa9dfadb730d1e5938d0b690377
SHA1:   a797501761dce7739c473cfc3ceb379ae4d7e07e
SHA256:   e106d3810577eb40325cfd1154f7d8491d47951487572be62daf688949b15e74

Overview

ggspawn.dll executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). This is typically installed with the program Garena Plus published by Garena Online Pte Ltd.. The file is digitally signed by Garena Online Pte Ltd which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:ggspawn.dll
Typical file path:C:\Program Files\garena plus\ggspawn.dll
Size:185.3 KB (189,744 bytes)
Certificate
Issued to:Garena Online Pte Ltd
Authority (CA):VeriSign
Expiration date:Friday, March 11, 2557
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Garena Online Pte Ltd.
2% remove
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements. The Garena Plus game platform can be downloaded for free and it has an interface similar to instant messaging platforms. Gamers are also able to form groups or clans, and chat with multiple gamers simultaneously through public or private channels t...

BehaviorsBehaviors

Scheduled tasks
  • The task 'gg_uac_daemon_Winston' runs on logon in the path '\gg_uac_daemon_Winston'
  • The task 'gg_uac_daemon_MingTat' runs on logon in the path '\gg_uac_daemon_MingTat'
  • The task 'gg_uac_daemon_Administrator' runs on logon in the path '\gg_uac_daemon_Administrator'
  • The job 'gg_uac_daemon_Dave' runs on logon in the path '\gg_uac_daemon_Dave'
  • Entry path '\gg_uac_daemon_mark leo go'
  • Entry path '\gg_uac_daemon_Valued User'
  • Entry path '\gg_uac_daemon_Woody'
  • Entry path '\gg_uac_daemon_Scal2LeTz'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\gg_uac_daemon_Winston'
  • Login entry path '\gg_uac_daemon_mark leo go'
  • Login entry path '\gg_uac_daemon_Valued User'
  • Login entry path '\gg_uac_daemon_Scal2LeTz'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00063616%
0.028634%
Kernel CPU:0.00022347%
0.013761%
User CPU:0.00041269%
0.014873%
Kernel CPU time:83 ms/min
100,923,805ms/min
CPU cycles:1,303,486/sec
17,470,203/sec
Context switches:66/sec
284/sec
Memory
Private memory:3.21 MB
21.59 MB
Private (maximum):4.06 MB
Private (minimum):654.67 KB
Non-paged memory:3.21 MB
21.59 MB
Virtual memory:67.68 MB
140.96 MB
Virtual memory (peak):68.76 MB
169.69 MB
Working set:760 KB
18.61 MB
Working set (peak):5.58 MB
37.95 MB
Page faults:2,301/min
2,039/min
I/O
I/O read transfer:92 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O other transfer:4 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:3
12
Handles:103
600
GUI GDI count:15
103
GUI GDI peak:16
142
GUI USER count:5
49
GUI USER peak:6
71

BehaviorsProcess properties

Integrety level:High
Platform:64-bit
Command lines:
  • C:\windows\syswow64\rundll32.exe "C:\Program Files\garena plus\ggspawn.dll",rundll_entry -p 0
  • C:\Windows\System32\rundll32.exe "C:\Program Files\garena plus\ggspawn.dll",rundll_entry -p 0
Owner:User
Parent processes:

ResourcesThreads

Averages
 
rundll32.exe (Windows host process (Rundll32) by Microsoft)
Total CPU:0.01827456%
0.272967%
Kernel CPU:0.00018789%
0.107585%
User CPU:0.01808667%
0.165382%
CPU cycles:718,111/sec
5,741,424/sec
Context switches:14/sec
79/sec
Memory:64 KB
1.16 MB
ggspawn.dll (main module)
Total CPU:0.00131290%
Kernel CPU:0.00000000%
User CPU:0.00131290%
CPU cycles:683,738/sec
Context switches:63/sec
Memory:200 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 31.25%
Microsoft Windows XP 20.83%
Windows 8 12.50%
Windows 7 Home Premium 10.42%
Windows 8 Single Language 8.33%
Windows 8 Enterprise 6.25%
Windows 8 Pro 6.25%
Windows Vista Home Premium 2.08%
Windows 8.1 Single Language 2.08%

Distribution by countryDistribution by country

Taiwan installs about 29.17% of ggspawn.dll.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 28.00%
GIGABYTE 20.00%
Acer 16.00%
Hewlett-Packard 16.00%
Toshiba 12.00%
Lenovo 4.00%
American Megatrends 4.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE