GridinSoft Threat Intelligence
amdkmdag.sys threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Trojan.Heur!. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Trojan.Heur!
- Recommended action
- Scan and remove
- Last analysis
- 2026-02-01 23:00:46 (3 months ago)
- File hash
- 0e070af44532dc2a986e0d1a219e7231
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Trojan.Heur!.
First seen 2025-04-07 23:00:31 (a year ago); latest analysis 2026-02-01 23:00:46 (3 months ago).
Company metadata: Advanced Micro Devices, Inc. Product metadata: ATI Radeon Famil.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.
File context
amdkmdag.sys is a Windows file recorded in the ThreatInfo database. It is associated with ATI Radeon Famil. The reported company name is Advanced Micro Devices, Inc. The current detection status is Trojan.Heur!, based on the latest analysis from 2026-02-01 23:00:46 (3 months ago).
If amdkmdag.sys appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Heur!.
File Details
| Product Name: | ATI Radeon Famil |
| Company Name: | Advanced Micro Devices, Inc |
| MD5: | 0e070af44532dc2a986e0d1a219e7231 |
| Size: | 90 MB |
| First Published: | 2025-04-07 23:00:31 (a year ago) |
| Latest Published: | 2026-02-01 23:00:46 (3 months ago) |
| Status: | Trojan.Heur! (on last analysis) | |
| Analysis Date: | 2026-02-01 23:00:46 (3 months ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %system%\driverstore\filerepository\u0390451.inf_amd64_39377efdd62734d1 |
ThreatInfo has observed amdkmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen amdkmdag.sys across 2 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Germany with 50.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for amdkmdag.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
amdkmdag.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
35cdf458aa67a2eed2ea2c4857ffe312
8c0c7f2c317e548645fe98f575841d5f
ecefa787a1a44de510a4a64163af569e
026eef78aa9ca4f4a8d39c6877945a43
4c023024ceb6894dad44f1ad65b3b6ba
b353fe5b04373745d60062e910a5864e
97006e66c2fd8518c7dfe0058565060c
70a5569ba887af3271faef85f7713a57
2e7d0d1c1febc90a9e2c20c66b97af47
1fd0dda08ecbb2385e5682cc069c22da
08b5de8e1aa2f5e0b46857f459544697
018a5bff89b7ec5cdcad7f9b779a6998
a73cea658b937069c63063ed4da64238
016c3762514d2a9bec6f47fce87bf728
33a0edb9ea60ae9841fb7cb6ef129c86
1621bf74a2c2d12ec66fb57ccc43db4b
3fc5dfd5c22b2244338f86966bbbb05d
fd7a9046a3dc6b2179320c97156f8a0d
97bbda0dcd10cbac50c668c659803f7d
ec3b90858184d298a13108eb5f81d9ff
eb4948acebb95f3f6a511955bc44b325
9d6482cd22392e635909547b40c3820f
e0af64029f107556438938d151f73444
5524f64d14ab7c2cab551b9f721961eb
76e3874127f5f8dfd38e0a273daafcea
a477c63e57c92256d1e210899d85a787
9b300ea054ddf7d259126b64fa096e3c
fa9bbd3531c60ab7df57badcd17fd25f
902d207fbf96b774db6e4370e3375dc2
3fa82e2f754a137c2d8785b5043f9af2
d3cd23dd7a95049de356dd48d5195d8c
2748c2b60be92253616ec17ff9cf742b
dcd37c44d86678d3dcd9aa918aa1db8d
24d3a652fa326dfa2c396b73f69a94d5
14f15f17b5762ca1633216fdcb14a41d
8f26521a11b9582afb244d3677e451f7
36a962eb0906768c164f1c9c7c3bb5e5
712eca105425f5661ffc292fe43cb5c0
bce87ef823d81edb938f307b79a2a233
769df84dbf8c5e171108781325009213
b8458da17a4fa4b36e7269995f0491cf
22378e0014ed4c26340ec95f91d227f4
f932b21d3ac81c5a990dd8904c03c9d9
8b3c9cc617de21cd537bf105ca46b325
490779d00a026afa7220bf14b7d7b2d1
1025d62f92aa1000be5574dc676f4eb6
aac14158bcff7f71094d9e26b75d6be3
fccd572046df2af1e285e35c5ca531bb
8a9b22d4620400b998e335f4a87ca60c
89ddbda898dfe40adcc4026b1e167f5c
e22344a6c6e95d58003a4981fee6103f
159a811fa3090f83d83760a707d895be
e445a23b610cef927b914375d949c1d3
61e7040fba4428445d5e30e8826c18e6
6892a3ffa6f064ccc3586062e1d15bb5
5006a64ef81ee51f9b719eb460c338ba
4acaa250485bd01cb29e7a74b5560c8b
d72a724fc1a7f366b6661bc96bcc975a
6bfb830e35d838929021b4eacea75bde
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Trojan.Heur!
This report identifies amdkmdag.sys by MD5 0e070af44532dc2a986e0d1a219e7231. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.