What is gcapi.dll?
gcapi.dll is part of gcapi and developed by Google Inc. according to the gcapi.dll version information.
gcapi.dll's description is "gcapi"
gcapi.dll is usually located in the 'c:\Program Files\AnyDesk\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about gcapi.dll.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on gcapi.dll:
| Property | Value |
|---|---|
| Product name | gcapi |
| Company name | Google Inc. |
| File description | gcapi |
| Internal name | gcapi |
| Legal copyright | Copyright 2016 Google Inc. All rights reserved. |
| Product version | 52.0.2743.114 |
| File version | 52.0.2743.114 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | gcapi |
| Company name | Google Inc. |
| File description | gcapi |
| Internal name | gcapi |
| Legal copyright | Copyright 2016 Google Inc. All right.. |
| Product version | 52.0.2743.114 |
| File version | 52.0.2743.114 |
Digital signatures [?]
gcapi.dll is not signed.
VirusTotal report
None of the 68 anti-virus programs at VirusTotal detected the gcapi.dll file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf.bin.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf.bin.dll.manifest"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
],
"dll_loaded": [
"kernel32",
"api-ms-win-core-fibers-l1-1-1",
"api-ms-win-core-localization-l1-2-1",
"api-ms-win-core-datetime-l1-1-1",
"api-ms-win-core-localization-obsolete-l1-2-0",
"api-ms-win-core-string-l1-1-0",
"SHELL32.dll",
"advapi32",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf.bin.dll",
"api-ms-win-core-synch-l1-2-0"
]
}Generic
[
{
"process_path": "C:\\Windows\\SysWOW64\\rundll32.exe",
"process_name": "rundll32.exe",
"pid": 2740,
"summary": {
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf.bin.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf.bin.dll.manifest"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
],
"dll_loaded": [
"kernel32",
"api-ms-win-core-fibers-l1-1-1",
"api-ms-win-core-localization-l1-2-1",
"api-ms-win-core-datetime-l1-1-1",
"api-ms-win-core-localization-obsolete-l1-2-0",
"api-ms-win-core-string-l1-1-0",
"SHELL32.dll",
"advapi32",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf.bin.dll",
"api-ms-win-core-synch-l1-2-0"
]
},
"first_seen": 1593024785.625,
"ppid": 1664
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1593024785.34375,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "C:\\b\\build\\slave\\win\\build\\src\\out\\Release\\gcapi_dll.dll.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".gfids",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 2,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2740,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x74f0a000"
},
"time": 1593024785.735,
"tid": 2436,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2740,
"type": "call",
"cid": 10
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2740,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x74e81000"
},
"time": 1593024785.735,
"tid": 2436,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2740,
"type": "call",
"cid": 12
}
],
"references": [],
"name": "allocates_rwx"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.1447389125823975,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5190,
"time": 6.105736017227173,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5518,
"time": 4.126946926116943,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5846,
"time": 6.118696928024292,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6174,
"time": 4.633769989013672,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6502,
"time": 2.961982011795044,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 6830,
"time": 4.662501811981201,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 16628,
"time": 4.162724018096924,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 25012,
"time": 6.191715955734253,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "784a55a0b2ae63503634b50bfbf0ffb51ab4c08a15dc737e6cc5bcbf041d4507",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "fa8be085c51af4148283782c21751e6e841e5a83af06336a40f554da2c56fc6f",
"irc": [],
"https_ex": []
}Screenshots
Folder name variants
gcapi.dll may also be located in other folders than c:\Program Files\AnyDesk\. The most common variants are listed below:
- c:\users\%USERNAME%\appdata\local\temp\
- c:\Windows\Temp\
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
What will you do with gcapi.dll?
To help other users, please let us know what you will do with gcapi.dll:
What did other users do?
The poll result listed below shows what users chose to do with gcapi.dll. 84% have voted for removal. Based on votes from 102 users.
NOTE: Please do not use this poll as the only source of input to determine what you will do with gcapi.dll.
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
Taking one's own life is a tragic issue that impacts millions of people around the globe.
It is often associated with mental health issues, such as anxiety, stress, or substance abuse.
People who consider suicide may feel overwhelmed and believe there’s no solution.
how-to-kill-yourself.com
Society needs to talk openly about this topic and help vulnerable individuals.
Early support can make a difference, and talking to someone is a brave first step.
If you or someone you know is in crisis, don’t hesitate to get support.
You are not without options, and support exists.
# 6 Apr 2025, 1:22
JonahPoerm writes
На нашем портале вам предоставляется возможность наслаждаться большим выбором игровых автоматов.
Игровые автоматы характеризуются яркой графикой и интерактивным игровым процессом.
Каждая игра даёт индивидуальные бонусные функции, повышающие вероятность победы.
<a href="https://www.nazeninfirin.com/1win-official-website-for-betting-and-casino-in-159/">1 win</a>
Слоты созданы для как новичков, так и опытных игроков.
Вы можете играть бесплатно, а затем перейти к игре на реальные деньги.
Испытайте удачу и насладитесь неповторимой атмосферой игровых автоматов.
# 7 Apr 2025, 4:32
Dennisimpus writes
На этом сайте вы можете найти разнообразные игровые автоматы.
Мы собрали лучшую коллекцию игр от популярных брендов.
Любой автомат обладает высоким качеством, увлекательными бонусами и высокой отдачей.
https://infinitysnest.com/the-revolution-of-gaming-the-online-casino-experience/
Каждый посетитель может тестировать автоматы без вложений или играть на деньги.
Меню и структура ресурса максимально удобны, что делает поиск игр быстрым.
Если вы любите азартные игры, этот сайт — отличный выбор.
Попробуйте удачу на сайте — тысячи выигрышей ждут вас!
# 7 Apr 2025, 7:52
Как стать киллером writes
Этот портал дает возможность нахождения вакансий по всей стране.
На сайте размещены свежие вакансии от уверенных партнеров.
Сервис собирает объявления о работе в разных отраслях.
Полный рабочий день — решаете сами.
https://my-articles-online.com/
Сервис интуитивно понятен и адаптирован на новичков и специалистов.
Создание профиля займёт минимум времени.
Ищете работу? — сайт к вашим услугам.
# 15 Apr 2025, 12:39
MichaelRic writes
На данном ресурсе представлены самые свежие информацию о событиях в стране и за рубежом. Информация поступает ежеминутно, что позволяет получать достоверные сведения об актуальной повестке. Кроме того, доступны различным аспектам жизни общества. Команда специалистов подготовили материалы, которые будут интересны широкому кругу читателей. Дополнительно представлены аналитические статьи, помогающие глубже понять сложившуюся ситуацию.
https://queenkaymusic.com/forums/topic/%d0%bd%d0%b8%d0%ba%d1%82%d0%be%d1%84%d0%be%d0%b1%d0%b8%d1%8f/page/35/#post-295641
# 4 May 2025, 5:52
play casino writes
On this platform, you can access lots of online slots from famous studios.
Players can enjoy classic slots as well as feature-packed games with stunning graphics and bonus rounds.
If you're just starting out or a casino enthusiast, there’s a game that fits your style.
<a href="https://windlounge.de/">money casino</a>
All slot machines are available anytime and designed for laptops and mobile devices alike.
All games run in your browser, so you can jump into the action right away.
Site navigation is user-friendly, making it quick to explore new games.
Register now, and discover the thrill of casino games!
# 4 May 2025, 6:00
rent a killer writes
Searching for a person to take on a single hazardous job?
This platform focuses on linking clients with contractors who are ready to perform serious jobs.
Whether you're dealing with urgent repairs, unsafe cleanups, or risky installations, you’ve come to the right place.
Every available professional is pre-screened and qualified to ensure your safety.
<a href="https://mercenaries.pw/">hire an assassin</a>
We provide clear pricing, detailed profiles, and safe payment methods.
No matter how difficult the situation, our network has the skills to get it done.
Begin your search today and locate the ideal candidate for your needs.
# 8 May 2025, 0:12
how-to-kill-yourself.com writes