Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

68601 2.08%
f804c 2.08%
12f35 22.92%
6aa89 10.42%
74375 4.17%
b54e9 6.25%
aae48 2.08%
d9e78 2.08%
d0c3d 4.17%
43405 2.08%
f982f 2.08%
d78ef 25.00%
5f495 2.08%
46f74 4.17%
2ef38 4.17%
c0641 4.17%
(Note, Garena Online Pte Ltd publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
InitializeSecurityDescriptor, GetUserNameW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, SetSecurityDescriptorDacl, LookupPrivilegeValueW, OpenProcessToken, AdjustTokenPrivileges
kernel32.dll
GetProcessId, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, OpenProcess, GetModuleFileNameW, GetCurrentProcessId, GetSystemDirectoryW, GetProcAddress, GetModuleHandleW, GetCurrentProcess, GetWindowsDirectoryW, SetLastError, InterlockedDecrement, WaitForSingleObject, FlushViewOfFile, ReleaseMutex, CreateFileMappingW, MapViewOfFileEx, CreateMutexW, OpenMutexW, OpenFileMappingW, UnmapViewOfFile, CreateEventW, CreateThread, SetEvent, TerminateThread, ResetEvent, GetLastError, SetPriorityClass, SetThreadPriority, GetCurrentThread, SetErrorMode, DuplicateHandle, GetCurrentThreadId, OpenEventW, Sleep, GetCurrentDirectoryW, IsBadCodePtr, WaitForMultipleObjects, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, GetProcessTimes, GetPrivateProfileIntW, GetACP, MoveFileW, OutputDebugStringW, OutputDebugStringA, WideCharToMultiByte, MultiByteToWideChar, GetLocalTime, LocalAlloc, LocalFree, IsBadWritePtr, CreateProcessW, IsBadReadPtr, CloseHandle, DisableThreadLibraryCalls, GetTickCount, GetTempPathW, CreateFileA, ReadFile, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, FlushFileBuffers, GetModuleHandleA, SetStdHandle, CreateFileW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetSystemTimeAsFileTime, GetFileAttributesW, GetCommandLineA, RaiseException, RtlUnwind, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetCPInfo, GetOEMCP, IsValidCodePage, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, VirtualFree, QueryPerformanceCounter, VirtualAlloc, FreeLibrary, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, CreateEventA, VirtualProtectEx, WriteProcessMemory, GetSystemInfo, CreateJobObjectW, SetInformationJobObject, AssignProcessToJobObject, GetVersion, ResumeThread, CreateIoCompletionPort, PostQueuedCompletionStatus, GetQueuedCompletionStatus, IsProcessInJob, GetEnvironmentVariableW, SetEnvironmentVariableW, FlushInstructionCache, VirtualProtect, LoadLibraryW, MapViewOfFile, InterlockedCompareExchange, FormatMessageA, ReleaseSemaphore, OpenEventA, SystemTimeToFileTime, SetWaitableTimer, CreateWaitableTimerA, ExitThread
ole32.dll
CoInitializeSecurity, CoUninitialize, CoCreateInstance, CoInitializeEx
shlwapi.dll
SHGetValueW
user32.dll
DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW
Export table
_ExtExecAPI@0
DllRegisterServer
DllUnregisterServer
rundll_entryW

ggspawn.dll

By Garena Online Pte Ltd (Signed)

Remove ggspawn.dll
MD5:   74375bbc3c7b5f3f349f625a437b3b32
SHA1:   979196166c22995f57334c999397d7085b86443d
SHA256:   caf283535bbc1206cb6908879485697871b0998cfcf83d862f9bffc636c2c388

Overview

ggspawn.dll executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). The file is digitally signed by Garena Online Pte Ltd which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:ggspawn.dll
Typical file path:C:\Program Files\garena plus\ggspawn.dll
Size:180.5 KB (184,832 bytes)
Build date:5/3/2013 3:29 PM
Certificate
Issued to:Garena Online Pte Ltd
Authority (CA):VeriSign
Expiration date:Friday, March 11, 2557
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks
  • The task 'gg_uac_daemon_Winston' runs on logon in the path '\gg_uac_daemon_Winston'
  • The task 'gg_uac_daemon_MingTat' runs on logon in the path '\gg_uac_daemon_MingTat'
  • The task 'gg_uac_daemon_Administrator' runs on logon in the path '\gg_uac_daemon_Administrator'
  • The job 'gg_uac_daemon_Dave' runs on logon in the path '\gg_uac_daemon_Dave'
  • Entry path '\gg_uac_daemon_mark leo go'
  • Entry path '\gg_uac_daemon_Valued User'
  • Entry path '\gg_uac_daemon_Woody'
  • Entry path '\gg_uac_daemon_Scal2LeTz'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\gg_uac_daemon_Winston'
  • Login entry path '\gg_uac_daemon_mark leo go'
  • Login entry path '\gg_uac_daemon_Valued User'
  • Login entry path '\gg_uac_daemon_Scal2LeTz'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 31.25%
Microsoft Windows XP 20.83%
Windows 8 12.50%
Windows 7 Home Premium 10.42%
Windows 8 Single Language 8.33%
Windows 8 Enterprise 6.25%
Windows 8 Pro 6.25%
Windows Vista Home Premium 2.08%
Windows 8.1 Single Language 2.08%

Distribution by countryDistribution by country

Taiwan installs about 29.17% of ggspawn.dll.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 28.00%
GIGABYTE 20.00%
Acer 16.00%
Hewlett-Packard 16.00%
Toshiba 12.00%
Lenovo 4.00%
American Megatrends 4.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE