Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1, 0, 0, 1 73.08%
1, 0, 0, 1 1.92%
1, 0, 0, 1 1.92%
1, 0, 0, 1 7.69%
1, 0, 0, 1 7.69%
1, 0, 0, 1 7.69%
(Note, Garena Online Pte Ltd publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Parent processes
Child processes
Related files

PE structurePE file structure
Show functions
Import table
kernel32.dll
WideCharToMultiByte, GetCommandLineW, LoadLibraryW, GetProcAddress, FreeLibrary, HeapAlloc, GetLastError, HeapFree, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualFree, VirtualAlloc, HeapReAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW

ggdllhost.exe

RUNDLL32 by Garena Online Pte Ltd (Signed)

Remove ggdllhost.exe
Version:   1, 0, 0, 1
MD5:   6774c5ab965dceb6a61c2c1ed9fd72de
SHA1:   5a3492adfc0e82989cd0621c9152e0caecc7174f
SHA256:   447b47710d9312562853a71c5843378c3198ba3f6bc5dae649eeedc8b8d6c9ba

Overview

ggdllhost.exe executes as a process with the local user's privileges typically within the context of its parent svchost.exe (Host Process for Windows Services by Microsoft Corporation). It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including Garena Plus published by Garena Online Pte Ltd., Garena Messenger from Garena Online Pte Ltd. and Garena Messenger by Garena Online Pte Ltd..

DetailsDetails

File name:ggdllhost.exe
Product name:RUNDLL32
Description:Windows host process (Rundll32)
Typical file path:C:\Program Files\garena plus\ggdllhost.exe
Original name:RUNDLL32.EXE
File version:1, 0, 0, 1
Size:48.3 KB (49,456 bytes)
Build date:7/10/2013 2:52 AM
Certificate
Issued to:Garena Online Pte Ltd
Authority (CA):VeriSign
Effective date:Monday, October 17, 2011
Expiration date:Sunday, November 2, 2014
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Garena Plus
 Garena Online Pte Ltd.
2% remove
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements. The Garena Plus game platform can be downloaded for free and it has an interface similar to instant messaging platforms. Gamers are also able to form groups or clans, and chat with multiple gamers simultaneously through public or private channels t...
Garena Messenger
 Garena Online Pte Ltd.
5% remove
Garena Messenger features many of your favorite games like League of Legends, Heroes of Newerth, BlackShot or GoKart. It auto-updates to give you the newest features to play with as soon as they become available. With Garena Messenger you can chat with your gamer friends, meet up to play together, send them files or add a whole group of friends to a conversation.
Garena - League of Legends
 Garena Online Pte Ltd.
1% remove
League of Legends is a multiplayer online battle arena video game where players are formed into two teams of five Champions. League of Legends is a session-based game. Matchmaking creates teams with even average MMR (Matchmaking Rating) of the constituent players. Each player begins at opposing sides of a map near a building called a Nexus. A match is won when either team's Nexus is destroyed.

BehaviorsBehaviors

Scheduled tasks
  • The task 'gg_uac_daemon_son' runs on logon in the path '\gg_uac_daemon_son'
  • The job 'gg_uac_daemon_Visson' runs on logon in the path '\gg_uac_daemon_Visson'
  • The job 'gg_uac_daemon_Ray' runs on logon in the path '\gg_uac_daemon_Ray'
  • The task 'gg_uac_daemon_SIMON' runs on logon in the path '\gg_uac_daemon_SIMON'
  • The job 'gg_uac_daemon_user' runs on logon in the path '\gg_uac_daemon_user'
  • The task 'gg_uac_daemon_Administrator' runs on logon in the path '\gg_uac_daemon_Administrator'
  • The task 'gg_uac_daemon_NOVA' runs on logon in the path '\gg_uac_daemon_NOVA'
  • The job 'gg_uac_daemon_Rojo' runs on logon in the path '\gg_uac_daemon_Rojo'
  • The task 'gg_uac_daemon_Marites' runs on logon in the path '\gg_uac_daemon_Marites'
  • The job 'gg_uac_daemon_Chinchan' runs on logon in the path '\gg_uac_daemon_Chinchan'
  • The task 'gg_uac_daemon_nguyenhiep' runs on logon in the path '\gg_uac_daemon_nguyenhiep'
  • The job 'gg_uac_daemon_hero2588' runs on logon in the path '\gg_uac_daemon_hero2588'
  • The job 'gg_uac_daemon_icheng' runs on logon in the path '\gg_uac_daemon_icheng'
  • The job 'gg_uac_daemon_john' runs on logon in the path '\gg_uac_daemon_john'
  • The job 'gg_uac_daemon_Paolo' runs on logon in the path '\gg_uac_daemon_Paolo'
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\Garena Plus\ggdllhost.exe'
  • Firewall exception for 'C:\hon\GarenaHoN\GameData\ggdllhost.exe'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\gg_uac_daemon_son'
  • Login entry path '\gg_uac_daemon_user'
  • Login entry path '\gg_uac_daemon_NOVA'
  • Login entry path '\gg_uac_daemon_Rojo'
  • Login entry path '\gg_uac_daemon_Marites'
  • Login entry path '\gg_uac_daemon_Chinchan'
  • Login entry path '\gg_uac_daemon_nguyenhiep'
  • Login entry path '\gg_uac_daemon_hero2588'
  • Login entry path '\gg_uac_daemon_icheng'
  • Login entry path '\gg_uac_daemon_john'
Network connections
Access through an approved Windows firewall exception
  • [UDP] listens on port 62495
  • [UDP] listens on port 2600
  • [UDP] listens on port 53970
  • [UDP] listens on port 57676
  • [UDP] listens on port 49333
  • [UDP] listens on port 64826
  • [UDP] listens on port 61934
  • [UDP] listens on port 63260
  • [UDP] listens on port 61264
  • [UDP] listens on port 1114
  • [UDP] listens on port 54954
  • [UDP] listens on port 58906

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00075083%
    0.028634%
    Kernel CPU:0.00039597%
    0.013761%
    User CPU:0.00035486%
    0.014873%
    Kernel CPU time:2,433 ms/min
    100,923,805ms/min
    CPU cycles:978,574/sec
    17,470,203/sec
    Context switches:15/sec
    284/sec
    Memory
    Private memory:4.36 MB
    21.59 MB
    Private (maximum):6.99 MB
    Private (minimum):3.59 MB
    Non-paged memory:4.36 MB
    21.59 MB
    Virtual memory:76.27 MB
    140.96 MB
    Virtual memory (peak):80.98 MB
    169.69 MB
    Working set:3.9 MB
    18.61 MB
    Working set (peak):8.04 MB
    37.95 MB
    Page faults:3,537/min
    2,039/min
    I/O
    I/O read transfer:624 Bytes/sec
    1.02 MB/min
    I/O read operations:1/sec
    343/min
    I/O write transfer:0 Bytes/sec
    274.99 KB/min
    I/O write operations:1/sec
    227/min
    I/O other transfer:1.15 KB/sec
    448.09 KB/min
    I/O other operations:52/sec
    1,671/min
    Resource allocations
    Threads:19
    12
    Handles:175
    600
    GUI GDI count:8
    103
    GUI GDI peak:8
    142
    GUI USER count:1
    49
    GUI USER peak:2
    71

    BehaviorsProcess properties

    Integrety level:High
    Platform:64-bit
    Command lines:
    • "C:\Program Files\garena plus\ggdllhost.exe" "C:\Program Files\garena plus\ggspawn.dll",rundll_entry
    • "C:\garena plus\ggdllhost.exe" "C:\garena plus\ggspawn.dll",rundll_entry
    • "C:\hon\garenahon\gamedata\ggdllhost.exe" "C:\hon\garenahon\gamedata\ggspawn.dll",rundll_entry
    • "C:\Program Files\garena plus\ggdllhost.exe" "C:\Program Files\garena plus\ggcode.dll",rundll_entry
    Owner:User
    Parent processes:

    ResourcesThreads

    Averages
     
    ggdllhost.exe (main module)
    Total CPU:0.00336534%
    0.272967%
    Kernel CPU:0.00120427%
    0.107585%
    User CPU:0.00216107%
    0.165382%
    CPU cycles:410,367/sec
    5,741,424/sec
    Context switches:3/sec
    79/sec
    Memory:56 KB
    1.16 MB
    ggspawn.dll
    Total CPU:0.00280344%
    Kernel CPU:0.00031660%
    User CPU:0.00248684%
    Context switches:2/sec
    Memory:564 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 34.62%
    Windows 7 Ultimate 25.00%
    Windows 8 15.38%
    Microsoft Windows XP 9.62%
    Windows 8.1 Single Language 5.77%
    Windows 8 Enterprise 5.77%
    Windows Vista Home Premium 1.92%
    Windows 8 Single Language 1.92%

    Distribution by countryDistribution by country

    Taiwan installs about 38.46% of RUNDLL32.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Toshiba 48.57%
    ASUS 20.00%
    Acer 17.14%
    GIGABYTE 8.57%
    Hewlett-Packard 2.86%
    Lenovo 2.86%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE