Should I block it?

No, this file is 100% safe to run.

Additional versions

1,2,0,7488	20.00%
1,1,99,7488	20.00%
1,1,60,7271	20.00%
1,1,50,6622	20.00%
1,0,96,3640	20.00%

Relationships

Parent process

ggdllhost.exe (RUNDLL32 by Garena Online Pte Ltd)

Related files

PE file structure

Show functions

Import table

advapi32.dll

OpenProcessToken, GetTokenInformation, IsValidSid, ConvertSidToStringSidW, RegSetValueExW, RegDeleteValueW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, GetNamedSecurityInfoW, SetEntriesInAclW, SetNamedSecurityInfoW

comdlg32.dll

GetOpenFileNameW

cryptdll.dll

MD5Init, MD5Update, MD5Final

gdi32.dll

AddFontResourceW

iphlpapi.dll

NotifyAddrChange, GetAdaptersInfo, GetBestRoute, GetIpAddrTable

kernel32.dll

SleepEx, CreateIoCompletionPort, InterlockedCompareExchange, HeapFree, GetProcessHeap, TlsGetValue, TlsSetValue, SetWaitableTimer, HeapAlloc, QueueUserAPC, TerminateThread, GetQueuedCompletionStatus, GetVolumeInformationW, GetWindowsDirectoryW, CreateProcessW, lstrcpynW, MapViewOfFile, CreateFileMappingW, OpenFileMappingW, UnmapViewOfFile, LocalFree, ReadFile, GlobalFree, GlobalSize, GlobalAlloc, GlobalLock, DeleteFileW, InitializeCriticalSectionAndSpinCount, FindResourceW, SetThreadPriority, LockResource, SizeofResource, GetCurrentProcessId, LoadLibraryW, GetProcAddress, FreeLibrary, WideCharToMultiByte, TlsAlloc, GetLastError, InterlockedExchangeAdd, PostQueuedCompletionStatus, TlsFree, RaiseException, ResumeThread, GetModuleFileNameW, GetLocalTime, GetModuleHandleW, CreateFileW, WriteFile, Sleep, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, OpenProcess, TerminateProcess, GetVersionExW, DeleteCriticalSection, WaitForMultipleObjects, CreateSemaphoreA, ReleaseSemaphore, GetSystemTimeAsFileTime, GetFileAttributesExW, CreateEventW, SetFilePointer, FindResourceExW, GetFileSize, WaitForSingleObject, GlobalUnlock, CreateThread, LoadLibraryA, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, CreateWaitableTimerA, SystemTimeToFileTime, ResetEvent, OpenEventA, LCMapStringW, GetStringTypeExW, GetUserDefaultLCID, LoadResource, InterlockedDecrement, InterlockedIncrement, InterlockedExchange, GetTickCount, SetEvent, CloseHandle, CreateEventA, SetLastError, GetCurrentThreadId, MultiByteToWideChar, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, FormatMessageA, HeapSize, HeapReAlloc, HeapDestroy, InitializeCriticalSection

msvcp90.dll

DllMain

msvcr90.dll

DllMain

ole32.dll

CoUninitialize, CoInitialize, StringFromGUID2, CoTaskMemFree, CLSIDFromString

overlay.dll

_RemoveHook@0, _InstallHook@0

psapi.dll

GetModuleBaseNameW

shell32.dll

ShellExecuteW, ShellExecuteExW, SHOpenFolderAndSelectItems, CommandLineToArgvW, SHGetSpecialFolderLocation, Shell_NotifyIconW, SHGetPathFromIDListW

shlwapi.dll

StrCmpW, PathFindFileNameW, PathRemoveExtensionW

sqlite3.dll

sqlite3_bind_int, sqlite3_bind_text, sqlite3_changes, sqlite3_step, sqlite3_column_type, sqlite3_column_name, sqlite3_column_text, sqlite3_prepare, sqlite3_bind_int64, sqlite3_reset, sqlite3_finalize, sqlite3_errmsg, sqlite3_busy_timeout, sqlite3_close, sqlite3_column_count, sqlite3_free, sqlite3_mprintf, sqlite3_exec, sqlite3_column_int, sqlite3_column_int64, sqlite3_open

user32.dll

DestroyIcon, PostMessageW, BringWindowToTop, AttachThreadInput, GetWindowPlacement, GetWindowLongW, LoadImageW, SetClassLongW, MoveWindow, GetCursorPos, RegisterClipboardFormatW, CloseClipboard, SetClipboardData, OpenClipboard, LoadStringW, UnregisterClassA, GetClipboardData, IsClipboardFormatAvailable, EmptyClipboard, ShowWindow, MonitorFromPoint, SystemParametersInfoW, wsprintfW, IsZoomed, GetKeyState, CallNextHookEx, SetWindowsHookExW, RegisterWindowMessageW, IsIconic, GetWindowTextW, SetTimer, KillTimer, DefWindowProcW, CallWindowProcW, FlashWindow, GetAncestor, GetParent, GetWindowRect, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetWindowLongW, PostQuitMessage, DestroyWindow, GetClassInfoExW, LoadCursorW, RegisterClassExW, CreateWindowExW, OffsetRect, EnableWindow, IsWindowEnabled, IsWindowVisible, EnumThreadWindows, SetForegroundWindow, SetActiveWindow, GetWindowThreadProcessId, IsWindow, GetForegroundWindow, GetActiveWindow, ReleaseCapture, SetWindowPos, GetCapture, DispatchMessageW, GetMessageW, GetMonitorInfoW, SendMessageW

wininet.dll

InternetOpenW, InternetConnectW, InternetReadFile, InternetSetOptionW, HttpOpenRequestW, InternetCloseHandle, InternetGetLastResponseInfoW, InternetCrackUrlW, HttpQueryInfoW, HttpSendRequestW

ws2_32.dll

WSASocketW, WSAAddressToStringA, WSAStringToAddressA, WSAIoctl, getnameinfo, getaddrinfo, WSARecv, WSASend, freeaddrinfo

BBTalk.exe

BTalk by Garena Online Pte Ltd (Signed)

Remove BBTalk.exe

Version:	1,1,60,7271
MD5:	8b87b36b7683c29e48c32d50843d8264
SHA1:	a8ea806c94dea2854b074c8889e4c93431b32167

Overview

bbtalk.exe executes as a process with the local user's privileges typically within the context of its parent ggdllhost.exe (RUNDLL32 by Garena Online Pte Ltd). The file is digitally signed by Garena Online Pte Ltd which was issued by the VeriSign certificate authority (CA).

Details

File name:	bbtalk.exe
Product name:	BTalk
Description:	Garena Talk
Typical file path:	C:\Program Files\garena plus\bbtalk\bbtalk.exe
File version:	1,1,60,7271
Product version:	1,1,60
Size:	5.44 MB (5,709,104 bytes)
Build date:	11/7/2013 3:17 PM
Certificate
Issued to:	Garena Online Pte Ltd
Authority (CA):	VeriSign
Expiration date:	Friday, March 11, 2557
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
Code language:	Microsoft Visual C++ 9.0
.NET CLR:	No

More details

Network connections

[TCP] d117155092.ppp117155.cyberway.com.sg (203.117.155.92:9200)

[UDP] listens on port 64648

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00039072%	0.028634%
Kernel CPU:	0.00021668%	0.013761%
User CPU:	0.00017404%	0.014873%
Kernel CPU time:	29,687 ms/min	100,923,805ms/min
CPU cycles:	3,181,700/sec	17,470,203/sec
Memory
Private memory:	25.07 MB	21.59 MB
Private (maximum):	36.16 MB
Private (minimum):	12.23 MB
Non-paged memory:	25.07 MB	21.59 MB
Virtual memory:	147.56 MB	140.96 MB
Virtual memory (peak):	158.07 MB	169.69 MB
Working set:	16.33 MB	18.61 MB
Working set (peak):	36.16 MB	37.95 MB
Page faults:	26,056/min	2,039/min
I/O
I/O read transfer:	362 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O write transfer:	202 Bytes/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	23.43 KB/sec	448.09 KB/min
I/O other operations:	1,491/sec	1,671/min
Resource allocations
Threads:	17	12
Handles:	389	600
GUI GDI count:	149	103
GUI GDI peak:	151	142
GUI USER count:	27	49
GUI USER peak:	28	71

Process properties

Integrety level:	High
Platform:	64-bit
Command line:	"C:\Program Files\garena plus\bbtalk\bbtalk.exe" -login nobot01 11f36bdcf3ee379ff3cec8a9201ec32083a7018017fcea70d49e768289875e08 -encrypt -md5 -version_check 2013040401 -systemtray -lang en -region ph
Owner:	User
Parent process:	ggdllhost.exe (RUNDLL32 by Garena Online Pte Ltd)

Threads

Averages

BBtalk.exe (main module)
Total CPU:	0.04350613%	0.272967%
Kernel CPU:	0.00772839%	0.107585%
User CPU:	0.03577775%	0.165382%
CPU cycles:	796,476/sec	5,741,424/sec
Memory:	6.25 MB	1.16 MB
ntdll.dll
Total CPU:	0.00000985%
Kernel CPU:	0.00000985%
User CPU:	0.00000000%
CPU cycles:	1,351/sec
Memory:	1.66 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Distribution by Windows OS

OS version	distribution
Windows 8	40.00%
Windows 7 Ultimate	20.00%
Windows 7 Home Premium	20.00%
Microsoft Windows XP	20.00%

Distribution by country

Taiwan installs about 40.00% of BTalk.

Distribution by PC manufacturer

PC Manufacturer	distribution
Acer	33.33%
Toshiba	33.33%
Hewlett-Packard	16.67%
GIGABYTE	16.67%

Remove Adware and Spyware Programs, FREE Download!