GridinSoft Threat Intelligence
atikmdag.sys file report
Why it matters
Evidence available for this file
No final classification is available yet.
First seen 2021-01-12 16:17:44 (5 years ago); latest analysis 2021-01-12 16:17:44 (5 years ago).
Company metadata: Advanced Micro Devices, Inc.. Product metadata: ATI Radeon Family.
Signed by Advanced Micro Devices, Inc.;Advanced Micro Devices INC.;Microsoft Windows Hardware Compatibility Publisher. The signature is reported as valid, but signed files can still be bundled or abused.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Use the hash and metadata below to verify the exact file identity.
- Review publisher, signature, paths, and PE details for inconsistencies.
- Run a local scan if the file appears unexpectedly or starts with Windows.
File context
atikmdag.sys is a Windows file recorded in the ThreatInfo database. It is associated with ATI Radeon Family. The reported company name is Advanced Micro Devices, Inc.. The current detection status is Undefined, based on the latest analysis from 2021-01-12 16:17:44 (5 years ago).
ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.
File Details
| Product Name: | ATI Radeon Family |
| Company Name: | Advanced Micro Devices, Inc. |
| MD5: | 7db538ce17bebb51c0182adcc264c63a |
| Size: | 62 MB |
| First Published: | 2021-01-12 16:17:44 (5 years ago) |
| Latest Published: | 2021-01-12 16:17:44 (5 years ago) |
| Status: | Undefined (on last analysis) | |
| Analysis Date: | 2021-01-12 16:17:44 (5 years ago) |
Overview
| Signed By: | Advanced Micro Devices, Inc.;Advanced Micro Devices INC.;Microsoft Windows Hardware Compatibility Publisher |
| Status: | Valid |
The signature on atikmdag.sys is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.
Common Places:
| %localappdata%\slimware utilities inc\slimdrivers\backups\20200430t181054726041\pci |
ThreatInfo has observed atikmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen atikmdag.sys across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Ukraine with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for atikmdag.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
atikmdag.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
3f6e883e00d7d32bbcdf1eb251f81910
77ad57af9c13a408c87dd83d609a353c
23f94782fb1f120fbc8633b716b7870d
d6178968909a97698ffc10fa5f53aff7
5256756fafe08c6486288fa8e1cf2dcf
f14e49ec441ee4913f67274625bb9bd7
5e53833ebeba59b6e667b96500859ba9
085f2801876a58317705c95d53ed89ba
b6ea8fcede3827e30c4e5633377fe942
6ec28663fe954edaf1f8bfcabae1580b
8119f592a988274af7080da115b186ad
899b13e4e46f3a41391639c5f9ecb45e
587fd72fd03b2da26493f2a43893f96f
8079631f80beda51bec7a46900fed373
4cd49c57d1c072a36fb69548cdc72bd2
794b42d1af1dcca5e8ccc9a1018f9626
daa40ab330d96d548ead4d84d7d573b8
68dc48b7ad1b36b62e2d3f634ce2dd33
cadafe465aea43b7b89731900b6126e3
cdb6bd8ec43084e0331fcd44679a239e
904c712d3e952de8070359c2ceebfd1f
a56c47cdd1ac249f2af4ac789adfc424
0514bf962610d0ec0ad3c164dd4c763c
d680fcfb58c07a63e6f1672e641ca634
b311b81653b5d48b34da57dd3a80e0c6
9a8a5ea5d6f0f54c5a99e8bb44c3386c
1c93d70a3aecfffc2baddd5fc346cb73
c9d2dfeda8da34198145149cf7430ac4
41f3d3bd0271a14d7af0db6f1718b5e8
27f0a429271ba1b421d608bc7bd858ac
6f308816c68554966057f150d32b22d2
21bca2e9f1eb15b0bd5f6c2b67237d33
2396e4a450f315aa5134b6d1eee38578
80bfb0a36edfb977fa0f946577bf23d5
1f108cb8092602501d5b8cdfefc02406
9564427a7f7f8ca9d5e0cef820e49dde
e23a6e580df5aa4a6cdbbfdfe20d6c3b
e597ca1b4f28019348765da0653f0d78
9a818287da248b8919f2b437d20d2f60
1f721b5e8d805bbcdae4bfa0322840cd
ae4894abb25212c47af52b76bcea9286
73cf89b7fc968475bf5d44a59bc7a879
312dbee60a0986f9a90235111d7cb845
a764411beac4176fee6b9b8aeff210b7
78097bbaf1f201bf634d5d8e1ece2d68
511031bd53ce6a7642525798c670cb1a
73c2f89cdd91350c33df4a0a34e0847b
0fb7c8ecaea8c591facf519adb0e776e
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
This file is still under review
ThreatInfo has not assigned a final verdict yet. Compare the file hash, location, signature, and publisher before trusting the file on a production system.