Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

68601 2.08%
f804c 2.08%
12f35 22.92%
6aa89 10.42%
74375 4.17%
b54e9 6.25%
aae48 2.08%
d9e78 2.08%
d0c3d 4.17%
43405 2.08%
f982f 2.08%
d78ef 25.00%
5f495 2.08%
46f74 4.17%
2ef38 4.17%
c0641 4.17%
(Note, Garena Online Pte Ltd publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
InitializeSecurityDescriptor, GetUserNameW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, SetSecurityDescriptorDacl, LookupPrivilegeValueW, OpenProcessToken, AdjustTokenPrivileges
kernel32.dll
GetProcessId, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, OpenProcess, GetModuleFileNameW, GetCurrentProcessId, GetSystemDirectoryW, GetProcAddress, GetModuleHandleW, GetCurrentProcess, GetWindowsDirectoryW, SetLastError, InterlockedDecrement, WaitForSingleObject, FlushViewOfFile, ReleaseMutex, CreateFileMappingW, MapViewOfFileEx, CreateMutexW, OpenMutexW, OpenFileMappingW, UnmapViewOfFile, CreateEventW, CreateThread, SetEvent, TerminateThread, ResetEvent, GetLastError, SetPriorityClass, SetThreadPriority, GetCurrentThread, SetErrorMode, DuplicateHandle, GetCurrentThreadId, OpenEventW, Sleep, GetCurrentDirectoryW, IsBadCodePtr, WaitForMultipleObjects, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, GetProcessTimes, GetPrivateProfileIntW, GetACP, MoveFileW, OutputDebugStringW, OutputDebugStringA, WideCharToMultiByte, MultiByteToWideChar, GetLocalTime, LocalAlloc, LocalFree, IsBadWritePtr, CreateProcessW, IsBadReadPtr, CloseHandle, DisableThreadLibraryCalls, GetTickCount, GetTempPathW, CreateFileA, ReadFile, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, FlushFileBuffers, GetModuleHandleA, SetStdHandle, CreateFileW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetSystemTimeAsFileTime, GetFileAttributesW, GetCommandLineA, RaiseException, RtlUnwind, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetCPInfo, GetOEMCP, IsValidCodePage, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, VirtualFree, QueryPerformanceCounter, VirtualAlloc, FreeLibrary, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, CreateEventA, VirtualProtectEx, WriteProcessMemory, GetSystemInfo, CreateJobObjectW, SetInformationJobObject, AssignProcessToJobObject, GetVersion, ResumeThread, CreateIoCompletionPort, PostQueuedCompletionStatus, GetQueuedCompletionStatus, IsProcessInJob, GetEnvironmentVariableW, SetEnvironmentVariableW, FlushInstructionCache, VirtualProtect, LoadLibraryW, MapViewOfFile, InterlockedCompareExchange, FormatMessageA, ReleaseSemaphore, OpenEventA, SystemTimeToFileTime, SetWaitableTimer, CreateWaitableTimerA, ExitThread
ole32.dll
CoInitializeSecurity, CoUninitialize, CoCreateInstance, CoInitializeEx
shlwapi.dll
SHGetValueW
user32.dll
DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW
Export table
_ExtExecAPI@0
DllRegisterServer
DllUnregisterServer
rundll_entryW

ggspawn.dll

By Garena Online Pte Ltd (Signed)

Remove ggspawn.dll
MD5:   6aa89409353fd714f866bb8250922499
SHA1:   840f8cee497565ef4bf0cc57bd25394ef22c45ef
SHA256:   d0ac0e425d88d2a05189bd7d54c05ae7de1d56960ff82f22c7396090041d0d03

Overview

ggspawn.dll executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). This is typically installed with the program Garena Plus published by Garena Online Pte Ltd.. The file is digitally signed by Garena Online Pte Ltd which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:ggspawn.dll
Typical file path:C:\Program Files\garena plus\ggspawn.dll
Size:183.8 KB (188,208 bytes)
Certificate
Issued to:Garena Online Pte Ltd
Authority (CA):VeriSign
Expiration date:Friday, March 11, 2557
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Garena Plus
 Garena Online Pte Ltd.
2% remove
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements. The Garena Plus game platform can be downloaded for free and it has an interface similar to instant messaging platforms. Gamers are also able to form groups or clans, and chat with multiple gamers simultaneously through public or private channels t...

BehaviorsBehaviors

Scheduled tasks
  • The task 'gg_uac_daemon_Winston' runs on logon in the path '\gg_uac_daemon_Winston'
  • The task 'gg_uac_daemon_MingTat' runs on logon in the path '\gg_uac_daemon_MingTat'
  • The task 'gg_uac_daemon_Administrator' runs on logon in the path '\gg_uac_daemon_Administrator'
  • The job 'gg_uac_daemon_Dave' runs on logon in the path '\gg_uac_daemon_Dave'
  • Entry path '\gg_uac_daemon_mark leo go'
  • Entry path '\gg_uac_daemon_Valued User'
  • Entry path '\gg_uac_daemon_Woody'
  • Entry path '\gg_uac_daemon_Scal2LeTz'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\gg_uac_daemon_Winston'
  • Login entry path '\gg_uac_daemon_mark leo go'
  • Login entry path '\gg_uac_daemon_Valued User'
  • Login entry path '\gg_uac_daemon_Scal2LeTz'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00040729%
0.028634%
Kernel CPU:0.00026873%
0.013761%
User CPU:0.00013856%
0.014873%
Kernel CPU time:211 ms/min
100,923,805ms/min
CPU cycles:71,040/sec
17,470,203/sec
Context switches:60/sec
284/sec
Memory
Private memory:1.34 MB
21.59 MB
Private (maximum):3.63 MB
Private (minimum):482 KB
Non-paged memory:1.34 MB
21.59 MB
Virtual memory:46.6 MB
140.96 MB
Virtual memory (peak):46.97 MB
169.69 MB
Working set:494 KB
18.61 MB
Working set (peak):4.32 MB
37.95 MB
Page faults:1,500/min
2,039/min
I/O
I/O other transfer:0 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:3
12
Handles:75
600
GUI GDI count:12
103
GUI GDI peak:14
142
GUI USER count:5
49
GUI USER peak:5
71

BehaviorsProcess properties

Integrety level:High
Platform:32-bit
Command line:C:\Windows\System32\rundll32.exe "C:\Program Files\garena plus\ggspawn.dll",rundll_entry -p 0
Owner:User
Parent process:taskeng.exe (Task Scheduler Engine by Microsoft)

ResourcesThreads

Averages
 
ggspawn.dll (main module)
Total CPU:0.00265135%
0.272967%
Kernel CPU:0.00154148%
0.107585%
User CPU:0.00110987%
0.165382%
CPU cycles:1,048,420/sec
5,741,424/sec
Context switches:66/sec
79/sec
Memory:200 KB
1.16 MB
rundll32.exe (Windows host process (Rundll32) by Microsoft)
Total CPU:0.00017266%
Kernel CPU:0.00017266%
User CPU:0.00000000%
CPU cycles:5,182/sec
Memory:56 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 31.25%
Microsoft Windows XP 20.83%
Windows 8 12.50%
Windows 7 Home Premium 10.42%
Windows 8 Single Language 8.33%
Windows 8 Enterprise 6.25%
Windows 8 Pro 6.25%
Windows Vista Home Premium 2.08%
Windows 8.1 Single Language 2.08%

Distribution by countryDistribution by country

Taiwan installs about 29.17% of ggspawn.dll.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 28.00%
GIGABYTE 20.00%
Acer 16.00%
Hewlett-Packard 16.00%
Toshiba 12.00%
Lenovo 4.00%
American Megatrends 4.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE