GridinSoft Threat Intelligence
atikmdag.sys threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Trojan.Generic. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Trojan.Generic
- Recommended action
- Scan and remove
- Last analysis
- 2023-07-02 23:08:43 (2 years ago)
- File hash
- 3e8c691b49d362c82da30e14182831ba
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Trojan.Generic.
First seen 2023-07-02 23:08:43 (2 years ago); latest analysis 2023-07-02 23:08:43 (2 years ago).
Company metadata: Advanced Micro Devices, Inc.. Product metadata: ATI Radeon Family.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.
File context
atikmdag.sys is a Windows file recorded in the ThreatInfo database. It is associated with ATI Radeon Family. The reported company name is Advanced Micro Devices, Inc.. The current detection status is Trojan.Generic, based on the latest analysis from 2023-07-02 23:08:43 (2 years ago).
If atikmdag.sys appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Generic.
File Details
| Product Name: | ATI Radeon Family |
| Company Name: | Advanced Micro Devices, Inc. |
| MD5: | 3e8c691b49d362c82da30e14182831ba |
| Size: | 25 MB |
| First Published: | 2023-07-02 23:08:43 (2 years ago) |
| Latest Published: | 2023-07-02 23:08:43 (2 years ago) |
| Status: | Trojan.Generic (on last analysis) | |
| Analysis Date: | 2023-07-02 23:08:43 (2 years ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %system%\driverstore\filerepository\c7305721.inf_amd64_neutral_3e55bb717b275fd9 |
ThreatInfo has observed atikmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen atikmdag.sys across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is United States with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for atikmdag.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
atikmdag.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
56b370d5b1f9eb4cdea504e59c1cb934
bb4930c7c65be30fbf96edcf8a106da0
2dcdf03015f4c6dea476c5175894bd14
fc87673d94c83bd6fdd5b31965b11a76
efa942f222f33a13dd73717a0ead52a5
c6d1dbb9f82ef4359480d5e2353e83d0
a734c513c394128624de1fa70e25fe18
a1a9810793d2cd0f065a4122916738d6
385d939e656d8790abd5b09d1f90ffa8
ebe1bac7ccc1ca153e4685af6662119c
8b51238f2da143f42da68bcaeae0cf9b
503e0caf0ce80724848c21828ea0497d
0ca4b2c326099d89087e7b3ba169a08a
e39c602304080c2412162ea1c67d0f17
2dfb5ee0adf0b3b8b33708d915cdac38
9ca8fcf3892cafbb80b870ed23373a48
c58f31f000185490fd1f2dc9c98b90bd
dbd0079e4888c5b06ccdd33f892aa621
ed1ca7ef03b2465dab337938232cbe49
753a8ed768520c0d5cc02b395cf48f87
ecfc4964ff7fc197d31c0e27c1033ffe
e2a84817aff9e5504a3715379d9668ad
db8f2314d97e92e1734b58022ba82ef9
4ea970a92c11e3918e4ea1afdceaa72c
da13e0921d2f1c13f1c7a806027ae706
ba506630b09c4e8de328fe9770fe6d2b
e659ad9a314282e5ece7a31da36b761d
892a20094e4b72bbf206dfdc41ea40ee
1245e07508ca8d492f049cb2c9d15ff0
5e1c2919bedcead97bc7d16529f85cfb
869ee37c78797028db4c8b8516c17ff8
6a185229bd4b1fb45b8b77629d5b4092
6109efa2fb04a0801912484847ff01a8
7cec217545311894692d0ac846e9fe9a
26c3b4a17c32aaddffcaf5bbba2b1c1d
5a2551e266653f044e162c137ef14535
8dec301a57b28f8c4a118733f56deb3a
1bb3fd92f88faeb5d7066c3ec5987af2
4cbb43e3eaa822ea8e89bb5f1dbef794
42f6b26de72a347114c95f45139cd473
51a2829927ee2f02367ad317ed5d3d0f
b433339c9a28f09cd2f16c19009e5a78
4b0917f2a6054ab0e49822ecfc50e202
d1ef5ca027f4bd56bc82bb863cdb6ae3
b1a33417ae4888eadee243d23502922b
79663411bdecd617d26df8b7fc9fd5c5
f1db13dd3f93bddd35cb02a5896965b0
945b74c389760c3c81c5594bb92f5ecb
ba22b31283d822996080cc5022328c11
63a74b3b34b408a517f3d5182fffe3ee
5853799dd4322ba86578fa582ebe2733
c08cacae8d2d3b11589b4f7376040b7f
ead560de3dfd69986619d5ec5aa5a942
5930d08c8412d89beec6e57462ddba2b
f2e61c237e7e47b0b22ffe76bfa54f3f
a619cd415672e4e35ea872550e084792
854c5a64a5a88ec900dcca6c54939d28
d1a2ee730a550c4829a7ad8099c7c78b
549e38563b8bfba0acf150cf7e343ac5
792e2219056fb97e18f323c211770aad
ac2efb30d0c58a22584c56d14df91307
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Trojan.Generic
This report identifies atikmdag.sys by MD5 3e8c691b49d362c82da30e14182831ba. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.