home

ggdllhost.exe

RUNDLL32

Garena Online Pte Ltd

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is installed with the program Garena+.
Publisher:
Garena Online Pte Ltd  (signed and verified)

Product:
RUNDLL32

Description:
Windows host process (Rundll32)

Version:
1, 0, 0, 1

MD5:
55fbe6e4021bb042faf23827523a8981

SHA-1:
89fb9c9e2ba548375c604dded9712a09cbd91da7

SHA-256:
362bc879d0067cebf6b45539a70b8e2a505bf60e6cc35588e1599a8d90a8fe74

Scanner detections:
26 / 68

Status:
Clean  (26 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/27/2024 1:15:28 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Slugin.C
2014.09.02

Avira AntiVirus
W32/Slugin.A
7.11.30.172

avast!
Patched-HO [Trj]
2014.9-150130

AVG
Win32/Slugin.A
2016.0.3214

Baidu Antivirus
Virus.Win32.Patched.$dj
4.0.3.15130

Bkav FE
W32.OlayFara.PE
1.3.0.4959

Clam AntiVirus
Trojan.Spy-59563
0.98/19318

Comodo Security
TrojWare.Win32.Patched.P
19393

Dr.Web
Win32.Wplugin.1
9.0.1.030

ESET NOD32
Win32/Slugin.A virus
9.7.0.302.0

Fortinet FortiGate
W32/Wplug.A
1/30/2015

F-Prot
W32/Slugin.B
v6.4.6.5.141

IKARUS anti.virus
Trojan.Win32.Patched
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13230

McAfee
W32/Wplugin
5600.6870

Microsoft Security Essentials
Threat.Undefined
1.183.1287.0

Norman
Agent.VDAZ
11.20150130

Panda Antivirus
W32/Wplugin.A
15.01.30.11

Rising Antivirus
PE:Win32.Agent.ey!1474842
23.00.65.15128

Sophos
W32/Slugin-A
4.98

Total Defense
Win32/Slugin.A
37.0.11156

Trend Micro House Call
PE_WPLUG.A
7.2.30

Trend Micro
PE_WPLUG.A
10.465.30

Vba32 AntiVirus
Trojan.Patched.dj
3.12.26.3

VIPRE Antivirus
Threat.4314870
32210

ViRobot
Win32.Patched.N
2011.4.7.4223

File size:
54.6 KB (55,896 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2013

Original file name:
RUNDLL32.EXE

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\garena plus\ggdllhost.exe

Digital Signature
Signed by:
Garena Online Pte Ltd

Authority:
Symantec Corporation

Valid from:
1/13/2015 8:00:00 AM

Valid to:
12/25/2017 7:59:59 AM

Subject:
CN=Garena Online Pte Ltd, O=Garena Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4EEAD9745E9F68E71D871268ABF2041C

File PE Metadata
Compilation timestamp:
8/22/2013 5:30:53 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:ZbRaWvWqeLfgO4DXP8BlwxPlrFdYOTpuj6VvbieYZORwAbYzOcYEhx5O:lRReL4xDel2PZYm6ZORw7zOfEp

Entry address:
0x17FB

Entry point:
E8, B2, 22, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 40, 00, 89, 0D, 74, AD, 40, 00, 89, 15, 70, AD, 40, 00, 89, 1D, 6C, AD, 40, 00, 89, 35, 68, AD, 40, 00, 89, 3D, 64, AD, 40, 00, 66, 8C, 15, 90, AD, 40, 00, 66, 8C, 0D, 84, AD, 40, 00, 66, 8C, 1D, 60, AD, 40, 00, 66, 8C, 05, 5C, AD, 40, 00, 66, 8C, 25, 58, AD, 40, 00, 66, 8C, 2D, 54, AD, 40, 00, 9C, 8F, 05, 88, AD, 40, 00, 8B, 45, 00, A3, 7C, AD, 40, 00, 8B, 45, 04, A3, 80, AD, 40, 00, 8D, 45, 08, A3, 8C, AD, 40...
 
[+]

Entropy:
6.6494

Code size:
25.5 KB (26,112 bytes)

Scheduled Task
Task name:
gg_uac_daemon_P1431447

Trigger:
Logon (Runs on logon)


The file ggdllhost.exe has been discovered within the following program.

Garena+  by Garena Online Pte Ltd.
Publisher's description - “Garena+ is an online social gaming platform which you can download for free and use to connect with millions of other gamers around the world. Using the Garena+, you can play various titles such as BlackShot, Heroes of Newerth, League of Legends and many other great titles.”
www.garena.com
20% remove it
 
Powered by Should I Remove It?

Scan ggdllhost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.