Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

68601 2.08%
f804c 2.08%
12f35 22.92%
6aa89 10.42%
74375 4.17%
b54e9 6.25%
aae48 2.08%
d9e78 2.08%
d0c3d 4.17%
43405 2.08%
f982f 2.08%
d78ef 25.00%
5f495 2.08%
46f74 4.17%
2ef38 4.17%
c0641 4.17%
(Note, Garena Online Pte Ltd publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
InitializeSecurityDescriptor, GetUserNameW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, SetSecurityDescriptorDacl, LookupPrivilegeValueW, OpenProcessToken, AdjustTokenPrivileges
kernel32.dll
GetProcessId, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, OpenProcess, GetModuleFileNameW, GetCurrentProcessId, GetSystemDirectoryW, GetProcAddress, GetModuleHandleW, GetCurrentProcess, GetWindowsDirectoryW, SetLastError, InterlockedDecrement, WaitForSingleObject, FlushViewOfFile, ReleaseMutex, CreateFileMappingW, MapViewOfFileEx, CreateMutexW, OpenMutexW, OpenFileMappingW, UnmapViewOfFile, CreateEventW, CreateThread, SetEvent, TerminateThread, ResetEvent, GetLastError, SetPriorityClass, SetThreadPriority, GetCurrentThread, SetErrorMode, DuplicateHandle, GetCurrentThreadId, OpenEventW, Sleep, GetCurrentDirectoryW, IsBadCodePtr, WaitForMultipleObjects, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, GetProcessTimes, GetPrivateProfileIntW, GetACP, MoveFileW, OutputDebugStringW, OutputDebugStringA, WideCharToMultiByte, MultiByteToWideChar, GetLocalTime, LocalAlloc, LocalFree, IsBadWritePtr, CreateProcessW, IsBadReadPtr, CloseHandle, DisableThreadLibraryCalls, GetTickCount, GetTempPathW, CreateFileA, ReadFile, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, FlushFileBuffers, GetModuleHandleA, SetStdHandle, CreateFileW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetSystemTimeAsFileTime, GetFileAttributesW, GetCommandLineA, RaiseException, RtlUnwind, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetCPInfo, GetOEMCP, IsValidCodePage, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, VirtualFree, QueryPerformanceCounter, VirtualAlloc, FreeLibrary, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, CreateEventA, VirtualProtectEx, WriteProcessMemory, GetSystemInfo, CreateJobObjectW, SetInformationJobObject, AssignProcessToJobObject, GetVersion, ResumeThread, CreateIoCompletionPort, PostQueuedCompletionStatus, GetQueuedCompletionStatus, IsProcessInJob, GetEnvironmentVariableW, SetEnvironmentVariableW, FlushInstructionCache, VirtualProtect, LoadLibraryW, MapViewOfFile, InterlockedCompareExchange, FormatMessageA, ReleaseSemaphore, OpenEventA, SystemTimeToFileTime, SetWaitableTimer, CreateWaitableTimerA, ExitThread
ole32.dll
CoInitializeSecurity, CoUninitialize, CoCreateInstance, CoInitializeEx
shlwapi.dll
SHGetValueW
user32.dll
DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW
Export table
_ExtExecAPI@0
DllRegisterServer
DllUnregisterServer
rundll_entryW

ggspawn.dll

By Garena Online Pte Ltd (Signed)

Remove ggspawn.dll
MD5:   c0641b526d9545edaa719b47397e5389
SHA1:   579b7ab538ea8a6bf699561c1ec1f48001a8d9d6

Overview

ggspawn.dll executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). This is typically installed with the program Garena+ published by Garena Online Pte Ltd.. The file is digitally signed by Garena Online Pte Ltd which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:ggspawn.dll
Typical file path:C:\Program Files\garena plus\ggspawn.dll
Size:540.8 KB (553,776 bytes)
Build date:8/22/2013 4:33 PM
Certificate
Issued to:Garena Online Pte Ltd
Authority (CA):VeriSign
Expiration date:Friday, March 11, 2557
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Garena+
 Garena Online Pte Ltd.
20% remove
Garena+ is an online social gaming platform which you can download for free and use to connect with millions of other gamers around the world. Using the Garena+, you can play various titles such as BlackShot, Heroes of Newerth, League of Legends and many other great titles. In addition to providing an esports playground for popular classics such as DotA and Age of Empire, Garena also introduced latest premium online games on Garena+...

BehaviorsBehaviors

Scheduled tasks
  • The task 'gg_uac_daemon_Winston' runs on logon in the path '\gg_uac_daemon_Winston'
  • The task 'gg_uac_daemon_MingTat' runs on logon in the path '\gg_uac_daemon_MingTat'
  • The task 'gg_uac_daemon_Administrator' runs on logon in the path '\gg_uac_daemon_Administrator'
  • The job 'gg_uac_daemon_Dave' runs on logon in the path '\gg_uac_daemon_Dave'
  • Entry path '\gg_uac_daemon_mark leo go'
  • Entry path '\gg_uac_daemon_Valued User'
  • Entry path '\gg_uac_daemon_Woody'
  • Entry path '\gg_uac_daemon_Scal2LeTz'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\gg_uac_daemon_Winston'
  • Login entry path '\gg_uac_daemon_mark leo go'
  • Login entry path '\gg_uac_daemon_Valued User'
  • Login entry path '\gg_uac_daemon_Scal2LeTz'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 31.25%
Microsoft Windows XP 20.83%
Windows 8 12.50%
Windows 7 Home Premium 10.42%
Windows 8 Single Language 8.33%
Windows 8 Enterprise 6.25%
Windows 8 Pro 6.25%
Windows Vista Home Premium 2.08%
Windows 8.1 Single Language 2.08%

Distribution by countryDistribution by country

Taiwan installs about 29.17% of ggspawn.dll.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 28.00%
GIGABYTE 20.00%
Acer 16.00%
Hewlett-Packard 16.00%
Toshiba 12.00%
Lenovo 4.00%
American Megatrends 4.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE