GridinSoft Threat Intelligence
amdkmdag.sys file report
Why it matters
Evidence available for this file
No final classification is available yet.
First seen 2022-06-05 23:20:37 (3 years ago); latest analysis 2022-12-08 23:18:30 (3 years ago).
Company metadata: Advanced Micro Devices, Inc. Product metadata: ATI Radeon Famil.
Signed by Advanced Micro Devices, Inc.;Advanced Micro Devices INC.;Microsoft Windows Hardware Compatibility Publisher. The signature is reported as valid, but signed files can still be bundled or abused.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Use the hash and metadata below to verify the exact file identity.
- Review publisher, signature, paths, and PE details for inconsistencies.
- Run a local scan if the file appears unexpectedly or starts with Windows.
File context
amdkmdag.sys is a Windows file recorded in the ThreatInfo database. It is associated with ATI Radeon Famil. The reported company name is Advanced Micro Devices, Inc. The current detection status is Undefined, based on the latest analysis from 2022-12-08 23:18:30 (3 years ago).
ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.
File Details
| Product Name: | ATI Radeon Famil |
| Company Name: | Advanced Micro Devices, Inc |
| MD5: | 7c52be1439632b6e98815ed8847e6260 |
| Size: | 75 MB |
| First Published: | 2022-06-05 23:20:37 (3 years ago) |
| Latest Published: | 2022-12-08 23:18:30 (3 years ago) |
| Status: | Undefined (on last analysis) | |
| Analysis Date: | 2022-12-08 23:18:30 (3 years ago) |
Overview
| Signed By: | Advanced Micro Devices, Inc.;Advanced Micro Devices INC.;Microsoft Windows Hardware Compatibility Publisher |
| Status: | Valid |
The signature on amdkmdag.sys is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.
Common Places:
| %sysdrive%\drivers\amdvga\source\packages\drivers\display\wt6a_inf |
ThreatInfo has observed amdkmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen amdkmdag.sys across 2 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Chile with 50.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for amdkmdag.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
amdkmdag.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
303a17d0395b63849e0d9db1f9571dec
8c72438f01f4f34863671720eb3a34d4
d81e8bfef70b5928683ec2a83f12ea09
d9059ce1e2aebde4d1e8fe858d6c2567
3d4a97d6e4ea6d39fd1f71c28964c74b
72c95d6a7e264b9f884402eb7eaaa72b
ebeb5cee06b1f33a40300d08682b1ece
37d50d740ecebd8200c9ed9b06272dd9
8a4d8bd754b7cec4273dd2f41011480d
df6e269a8710c99d01abb51fda9a10a9
3f18890a19b413ef98ef63f18e4a1235
ab164ed36c52095dc8d5ab368c0db39b
4bbf3853740b46e5c1ef256f54f78e56
d5cc910914e93220a645188c2b67cedb
764e834495eb908a434de155390dca33
2ca632b2d8034b241406511f87b1918b
d707bacb260c6d1f90ae69ed0e6c4720
f845bd139a6d9fb0d5c373a1efb37e36
55d32f5f23cdfefaf24d1a6d5bb2326d
3979926b13b1c71a4c08a7c694cb344e
c4b82a0d2c1a35d4727bd1560d4bb018
bf53fd46840a0208b398ada31180d0b8
0a45b0d674a6e9bed4b29ee7b889c1ec
a599d9104c684c720fd8debb28ffe49f
d5a2b6a89934cc4309a0e9578965ea7a
5ace0f27dabab37de358308da48ed7bd
647e0e40e9d8b8f872f90e24a035429e
2357c17bfb0fde49b3c2c8db46b76ae3
5c0274c32bc5170336409b5f4aa10180
5f7f80739ea11513aed5569efb915465
5f45e281ad5345c0bf03a10a5cd06bd9
050f0a9e4a8e164f01bff45fc9cac36f
c25399d5f8090145f0b30e924d9b1539
1ddd4e09394d6fc3ea9c5bd008b46414
8805940ea5c60c55b619bd8423c8099e
697ffd24e616d27dc86d069a08073a56
05afd27a24a556016f64ec33696f353a
cbaca6ca62b647b7d68bd3e4ca8f2e94
2ccca39c18c78306297954ad847eecf0
88fa796977718ddcbdb09988310c7e53
d9ed6005e992e414ea336f8f90db4701
9134eb12303f5f14586bab5f2fd5b31b
c35692ee909378ef6e3cb237c463b993
430e3f613c4c066581cba727172a94e5
0b5651d6ae76720f01dc34375be788fe
f0bceec524a8e01bf0521cfbbe1f057a
e766d23765c736d25fa7a970323be553
b4cf12d1446738d801c73efcaca1018c
25237322d80b452e1ff8501cfdbfcd1f
dae54b7e53218bd1cbc978d2cba47adf
6e8970e8e4a3ca2e3d80b4f6b0cc388a
ad112d944aa885af6b825bc3afc7134d
106dc3d1a0f32b400276d8e5567ecde0
ee035a7643f2dfbc9182ed4fe661fb77
3a37f89aed48d4bd8d7dcf87024ca3c0
e1d1b843dc2a784bd99ade178e577062
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
This file is still under review
ThreatInfo has not assigned a final verdict yet. Compare the file hash, location, signature, and publisher before trusting the file on a production system.