GridinSoft Threat Intelligence
amdkmdag.sys threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Trojan.Heur!. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Trojan.Heur!
- Recommended action
- Scan and remove
- Last analysis
- 2026-05-20 13:00:20 (a week ago)
- File hash
- adc150e1d1bfa6da6bf79690cb56014a
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Trojan.Heur!, part of the Trojan threat category.
Malware disguised as legitimate software or delivered through deceptive packaging. Related Trojan reports help compare this file with nearby detections, publishers, and hashes.
First seen 2026-05-20 13:00:20 (a week ago); latest analysis 2026-05-20 13:00:20 (a week ago).
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the Trojan category for related samples and common context.
File context
amdkmdag.sys is a Windows file recorded in the ThreatInfo database. The current detection status is Trojan.Heur!, based on the latest analysis from 2026-05-20 13:00:20 (a week ago). ThreatInfo groups this verdict with Trojan reports for broader family-level investigation.
If amdkmdag.sys appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Heur!.
File Details
| MD5: | adc150e1d1bfa6da6bf79690cb56014a |
| Size: | 101 MB |
| First Published: | 2026-05-20 13:00:20 (a week ago) |
| Latest Published: | 2026-05-20 13:00:20 (a week ago) |
| Status: | Trojan.Heur! (on last analysis) | |
| Analysis Date: | 2026-05-20 13:00:20 (a week ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %system%\driverstore\temp\{d751c2af-410e-fd43-81c3-6f3311ac26f1} |
ThreatInfo has observed amdkmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen amdkmdag.sys across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Thailand with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for amdkmdag.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
amdkmdag.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
37e408bb5aae7076674f5c6e604a749c
f177af75ade89adc97c2c6d89550c47d
82963ac6aaa0c5a09863c685461c4efe
43432c92dad1e51af3cd6f5988c301cc
4c023024ceb6894dad44f1ad65b3b6ba
8f71b854518c4ea5148817d1161b6d80
96eafd1c5543dca66e0cae29d0f4340a
dde640864744592382b54f985ed08537
21805c8ec96e31cd4562bbf009f69470
afcaefc80a35ac6667d007f85981634c
a1f9e132e9185ee89f59565f4519ca26
033ec06e17a07dd1a524cb9da54d0afe
d49a04bf8a40c3bcf521667cad49a671
d2e7f9f6e832ffc38f3070c01f2f6ca8
467e0f01d96a59f7ff34994ffede6848
36ea516b8a149db2a14f2ac9f345fbb9
304dec26cf4d907c4fe65cd071e0d5f1
9f2aca5028e91f335e4d6e2c92face35
e729157b58238fe3bf81e6de3f9e6e85
18a49c21d7edc38bc7441c8056ef84af
2eb1e56320022e903cbad742b8c19ad9
4d52ec9af3ca3ef0930e990730616e74
c0815c4506ea81e35bcf4b5155f4ffbc
c97bb77f7cef651d48134a512e746755
5d2add83bb5ca92231bec687c9703613
bd9f43780d2add3dd02be1ed67bab855
59ebf2a0297b5060f7cc5338400a3eb9
96d0b187006faa247542e14c4d0b849c
433138eaba0b76cc9cc85fca75ada9d7
009821197f0ddca926343106ece3dfa3
3f5c06ac5cc62a4677fc3bd0035313a7
e5e2601aafc1934752ba6afdfa0c599c
0ae3e75cdf6a48704ef076094c180690
fe9050ac4f044d8a94459b749d5d6002
dbcf687811fb9b1e7327fd8b86e50d92
44ca99aeb0280bfe4a3eedf5fc5064d3
8f26521a11b9582afb244d3677e451f7
4718c3188070fefcd4fc9100455a2a65
379335896504b10c82ea7b5ba2e81a6c
bce87ef823d81edb938f307b79a2a233
7ac38047ce8741ea528fe2928add5658
6e0fc78901ddbacebfdd2b59d0030b32
f932b21d3ac81c5a990dd8904c03c9d9
2e8b83b4cf05b01bfb3f14b34c86b253
b8a39865e6b19b3225f8a1029f8a02b5
c3479db8dad2b6990c7b9a5999a99eb3
903ce1f6195a4ffa34ca770a03360dde
fd620720d5d212a1edb36867805ed638
46c10d52ae5212bfbec2097c2112995e
494bb7a42e7c1e5a07a14105b9ef7ccb
467d6498a5a9ec45fa08855c2f79ecfa
3df2dd81f528d781eadeee3bc9237a72
e7fd99b1b6d21c543e180452a6bfcb9e
1a3aa2341e347d461a208ff26da5fa3a
747a516217eeffaba6e8d1c90646cc76
0f343b0931126a20f133d67c2b018a3b
a162f87d777e2631927c2ead8ba75cf1
18747fcb2508eeec79415b32f63f3654
cf7af328e9151f159a4272f3e044cac3
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Trojan.Heur!
This report identifies amdkmdag.sys by MD5 adc150e1d1bfa6da6bf79690cb56014a. It is part of the Trojan report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.