GridinSoft Threat Intelligence

atikmdag.sys file report

Under review File reputation report
MD5 946fdd07171341501c1b829ae37fa99c
Latest seen 2023-08-15 23:35:08 (2 years ago)
First seen 2023-08-15 23:35:08 (2 years ago)
Size 38 MB
Publisher Advanced Micro Devices, Inc
Product ATI Radeon Famil
Signed by Advanced Micro Devices, Inc.;Advanced Micro Devices Inc.;Microsoft Windows Hardware Compatibility Publisher

Why it matters

Evidence available for this file

Detection

No final classification is available yet.

Timeline

First seen 2023-08-15 23:35:08 (2 years ago); latest analysis 2023-08-15 23:35:08 (2 years ago).

Publisher context

Company metadata: Advanced Micro Devices, Inc. Product metadata: ATI Radeon Famil.

Digital signature

Signed by Advanced Micro Devices, Inc.;Advanced Micro Devices Inc.;Microsoft Windows Hardware Compatibility Publisher. The signature is reported as valid, but signed files can still be bundled or abused.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

  1. Use the hash and metadata below to verify the exact file identity.
  2. Review publisher, signature, paths, and PE details for inconsistencies.
  3. Run a local scan if the file appears unexpectedly or starts with Windows.

File context

atikmdag.sys is a Windows file recorded in the ThreatInfo database. It is associated with ATI Radeon Famil. The reported company name is Advanced Micro Devices, Inc. The current detection status is Undefined, based on the latest analysis from 2023-08-15 23:35:08 (2 years ago).

ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.

File Details

Product Name: ATI Radeon Famil
Company Name: Advanced Micro Devices, Inc
MD5: 946fdd07171341501c1b829ae37fa99c
Size: 38 MB
First Published: 2023-08-15 23:35:08 (2 years ago)
Latest Published: 2023-08-15 23:35:08 (2 years ago)
Status: Undefined (on last analysis)
Analysis Date: 2023-08-15 23:35:08 (2 years ago)

Overview

Signed By: Advanced Micro Devices, Inc.;Advanced Micro Devices Inc.;Microsoft Windows Hardware Compatibility Publisher
Status: Valid

The signature on atikmdag.sys is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%localappdata%\slimware utilities inc\slimdrivers\backups\20210316t132837122054\pci

ThreatInfo has observed atikmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

Geographic signal

Observed country distribution

ThreatInfo has seen atikmdag.sys across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country Austria
Share 100.0%
Low High activity

The strongest geographic signal for this file is Austria with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 100.0%

The most common operating system signal for atikmdag.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

atikmdag.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe
Architecture 64-bit
Subsystem Native
Entry point 0x00007bf0
Image base 0x0000000000010000

PE Sections:

Sections 93
Raw data 40376832

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

.text 2977280 bytes · 7.4% of section data
MD5 c95cf84924c084f60eb3a1e5ae5281e4
.rdata 2848768 bytes · 7.1% of section data
MD5 f2487f72d9ececca3cb9644a1364bff9
.data 9454080 bytes · 23.4% of section data
Large raw data
MD5 66d3ee173cdc3d5992b33d6a91643ef7
.pdata 546304 bytes · 1.4% of section data
MD5 64b9d161fff221fdb8235a63d9d19d72
.gfids 512 bytes · 0.0% of section data
Uncommon name
MD5 23fdacda4b62edaff3d5acaa9a57efb9
PAGE_COM 539136 bytes · 1.3% of section data
Uncommon name
MD5 f8b04166184cc1682175a41de2f440b1
PAGE 512 bytes · 0.0% of section data
Uncommon name
MD5 2cf57439be45f2cb844a3e1a8344de10
PAGE_CAI 334848 bytes · 0.8% of section data
Uncommon name
MD5 cab17c32716ad3d02c3fd5727bada214
PAGE_DAL 4897280 bytes · 12.1% of section data
Uncommon name
MD5 245b2eb14c4a6d39914e6cb89c937724
PAGE_PPL 1093120 bytes · 2.7% of section data
Uncommon name
MD5 629106330588d438c54f79b81c32204b
PAGE_CPC 198656 bytes · 0.5% of section data
Uncommon name
MD5 e45c0eb9a2261f24ced4bdaf5780fee5
PAGE_BGM 30720 bytes · 0.1% of section data
Uncommon name
MD5 1f9d6da2cdb908948b651bfecac35774
PAGE_DF_ 6144 bytes · 0.0% of section data
Uncommon name
MD5 047c9b567c0bf41aab1b29aa09a65964
PAGE_GVM 77824 bytes · 0.2% of section data
Uncommon name
MD5 72207630bd41d2f4455e52e07dcf9084
PAGE_PSP 30208 bytes · 0.1% of section data
Uncommon name
MD5 1fe71ac525b1d5374609224b85fd94c4
PAGE_GC_ 12288 bytes · 0.0% of section data
Uncommon name
MD5 6edc430c9e051d4bff5d2bbe660eb6ef
PAGE_SMU 5120 bytes · 0.0% of section data
Uncommon name
MD5 3ea302c05d3b7d9ca24ad91adb368da6
PAGE_ISP 108544 bytes · 0.3% of section data
Uncommon name
MD5 a003a1f55f22fb611e76ab7cb3579772
PAGE_UVD 1536 bytes · 0.0% of section data
Uncommon name
MD5 fe547b6eace16bd9eeccc8d63a5d4a45
PAGE_VCE 1536 bytes · 0.0% of section data
Uncommon name
MD5 7dcf2dca330e09c870495ce36e0c906b
PAGE_DMC 2560 bytes · 0.0% of section data
Uncommon name
MD5 a76a896449b05f8affe4dc0b3c6e6d01
PAGE_ISR 96256 bytes · 0.2% of section data
Uncommon name
MD5 02cc6df5b3e612cd6dcebc812f26ad54
PAGE_DAL 514048 bytes · 1.3% of section data
Uncommon name
MD5 f0e67d37209af9adc459ef99da290afc
PAGE_DAL 982528 bytes · 2.4% of section data
Uncommon name
MD5 f623b32b77ee1858cd324211e6e07c9a
PAGEDC80 52224 bytes · 0.1% of section data
Uncommon name
MD5 4e8db29442dfbaa82f49d56ab512251a
PAGEDC10 44032 bytes · 0.1% of section data
Uncommon name
MD5 c99c6980998205b12eae58ef2ed3a926
PAGEDC11 97280 bytes · 0.2% of section data
Uncommon name
MD5 f90a8b135df8bc9da7b92face8f7f204
PAGEDC60 3072 bytes · 0.0% of section data
Uncommon name
MD5 9e8789a0ec192d15670993339cc8c548
PAGEDC11 35840 bytes · 0.1% of section data
Uncommon name
MD5 571e6a9773b5c41c3f3a93f409e36ad4
PAGEDC12 57344 bytes · 0.1% of section data
Uncommon name
MD5 25b7e1a69fc26842b4e907ac5aea4bb1
PAGE_CAI 5071360 bytes · 12.6% of section data
Large raw data Uncommon name
MD5 b543475f9f3f84f671e3f68680bfdba9
PAGE 3910144 bytes · 9.7% of section data
Uncommon name
MD5 bd72d98db5c3b292990d22dae6cc1435
PAGE_IGN 2048 bytes · 0.0% of section data
Uncommon name
MD5 329b2ae25bc792f8ed284f36a6fba881
PAGE_IRV 1536 bytes · 0.0% of section data
Uncommon name
MD5 13c44a8a4f25b338a0ff26267e486101
PAGE_INV 2048 bytes · 0.0% of section data
Uncommon name
MD5 98060ac6fffd8b759d3b4b823b983d1f
PAGE_ISI 45568 bytes · 0.1% of section data
Uncommon name
MD5 3fda4e13b82a3ab5b0b3588e2071e825
PAGE_ICI 51200 bytes · 0.1% of section data
Uncommon name
MD5 be0892b3ceaddf16403e93636ac32872
PAGE_IKV 47616 bytes · 0.1% of section data
Uncommon name
MD5 0421853b08be369c4604b276ac688b6f
PAGE_IIL 22016 bytes · 0.1% of section data
Uncommon name
MD5 e294d2f8312f89c0e194476ba6dd1ffc
PAGE_IVI 56832 bytes · 0.1% of section data
Uncommon name
MD5 0bd333dcb8c522cd05f9bcd481dfe4ef
PAGE_ICZ 52736 bytes · 0.1% of section data
Uncommon name
MD5 254fc5afb7e77c6509817f2fbfff84ce
PAGEIIHX 1024 bytes · 0.0% of section data
Uncommon name
MD5 be1535881f20a4ddb5fbe966507f71a4
PAGEIGFX 25600 bytes · 0.1% of section data
Uncommon name
MD5 1090c0805cb9fdbf26384ef42af3dfd4
PAGEIBIF 1024 bytes · 0.0% of section data
Uncommon name
MD5 832ecdea11c514ef2383a470d17e0de4
PAGEIDMA 9216 bytes · 0.0% of section data
Uncommon name
MD5 23a6dc3a02b0368dac73100592c255b6
PAGEIDCN 38400 bytes · 0.1% of section data
Uncommon name
MD5 4ffde2ef6707715c78552e4938ed6230
PAGEIUVD 1536 bytes · 0.0% of section data
Uncommon name
MD5 e6a3e72c5c052362b40788d3c0e30436
PAGEIVCE 512 bytes · 0.0% of section data
Uncommon name
MD5 c73d78e6cda2efe374aa500f5c441f7c
PAGEISIO 10240 bytes · 0.0% of section data
Uncommon name
MD5 888956f08f644b3434443550cb9aa6a8
PAGEIPWR 1024 bytes · 0.0% of section data
Uncommon name
MD5 2276f67f6eaddbecfce1bf990af7d1a1
PAGEITHM 2048 bytes · 0.0% of section data
Uncommon name
MD5 f46cdfe16a05a0b9599c6d470c61e05b
PAGEIMP0 1024 bytes · 0.0% of section data
Uncommon name
MD5 c4ff396b5dfc159a93bf514fe75ac18e
PAGEIMP1 1024 bytes · 0.0% of section data
Uncommon name
MD5 42c61174916fd8ac3fdceb345b4af20c
PAGEIXDM 512 bytes · 0.0% of section data
Uncommon name
MD5 892f5c4e8d30cea2fd4624faa239f8a3
PAGEIATS 512 bytes · 0.0% of section data
Uncommon name
MD5 afcab9cb4aa159f575dd06368c5c0fce
PAGEIATH 1024 bytes · 0.0% of section data
Uncommon name
MD5 2fc6b4c14a0e9eb64eca6dd5c5370c51
PAGEIEAX 512 bytes · 0.0% of section data
Uncommon name
MD5 dce15a6d249ff000ddf6aa9f3b318708
PAGEIVMC 1536 bytes · 0.0% of section data
Uncommon name
MD5 f81f1014c6e2189a6fcba1c237aef9c6
PAGEIDFX 1024 bytes · 0.0% of section data
Uncommon name
MD5 1689a2366f5823d997ae4da00302b552
PAGEIVCN 4096 bytes · 0.0% of section data
Uncommon name
MD5 03728d15944088bd9f62992fb0e04092
PAGEIISP 1536 bytes · 0.0% of section data
Uncommon name
MD5 f3d4680eb430db3c1026d9a1528604de
PAGE_RW 1598976 bytes · 4.0% of section data
Uncommon name
MD5 65873d3dc0642bfec23c5bd323744bf4
PAGE_RO 412672 bytes · 1.0% of section data
Uncommon name
MD5 5c782b7bc2a58749581a42372d011a3e
PAGE_CPR 46592 bytes · 0.1% of section data
Uncommon name
MD5 9266de0a8c866bee1add05df34b6f041
PAGE_BGM 66560 bytes · 0.2% of section data
Uncommon name
MD5 35fbe8afd8e791fef7444614dec0c88b
PAGE_GVM 4096 bytes · 0.0% of section data
Uncommon name
MD5 98d64349c4e6fe3693f91dea328c6a32
PAGE_PSP 369664 bytes · 0.9% of section data
Uncommon name
MD5 0e8b55d05363b48999c34ecf03b7d30a
PAGE_GC_ 2087936 bytes · 5.2% of section data
Uncommon name
MD5 6641c13f3436ca0bbc9f82420c4f7318
PAGE_SMU 788480 bytes · 2.0% of section data
Uncommon name
MD5 2bad2b16abc2760e2ffb3674e817286f
PAGE_ISP 17920 bytes · 0.0% of section data
Uncommon name
MD5 ec027640269abc110911dbdbe3f31df0
PAGE_DMC 46080 bytes · 0.1% of section data
Uncommon name
MD5 fd5945bc75c9818b5ef0727c0d0addc6
PAGE_ISR 19456 bytes · 0.0% of section data
Uncommon name
MD5 e93acca9074a4113bde3d37e5016962a
PAGE_ISR 1024 bytes · 0.0% of section data
Uncommon name
MD5 f99bd93ba98e61455e92967ff395ce0f
PAGE_DAL 91648 bytes · 0.2% of section data
Uncommon name
MD5 7f8add080c45eb0c05b774c7e63c4a8d
PAGE_DAL 7680 bytes · 0.0% of section data
Uncommon name
MD5 e4e342153d866abbe8507f5a7c66824c
PAGE_DAL 152576 bytes · 0.4% of section data
Uncommon name
MD5 1d02d8d4ad3dcad40e52a90ee86874dd
PAGE_DAL 1024 bytes · 0.0% of section data
Uncommon name
MD5 61a522e885314f9b5dbe5de28ecd2884
PAGEDC80 1536 bytes · 0.0% of section data
Uncommon name
MD5 1d7756db5f1aa99e2e35d150d51da9e1
PAGEDC80 512 bytes · 0.0% of section data
Uncommon name
MD5 8c3bf88bc220c360352665dc33d71703
PAGEDC10 1024 bytes · 0.0% of section data
Uncommon name
MD5 d45ba7e4e837adcb36f376f3c82e1219
PAGEDC10 512 bytes · 0.0% of section data
Uncommon name
MD5 b0b70ff4763a426f3fe097611f61c8f3
PAGEDC11 9728 bytes · 0.0% of section data
Uncommon name
MD5 a15b3a4bfae61e1518c0ac4714d62f41
PAGEDC11 512 bytes · 0.0% of section data
Uncommon name
MD5 82f03e91bb691455a217dc2165e822f2
PAGEDC60 512 bytes · 0.0% of section data
Uncommon name
MD5 b7ecad1b021b876b0cb6650d0fd6e67d
PAGEDC60 512 bytes · 0.0% of section data
Uncommon name
MD5 e7d1ff6835df46c448562573e5d4d219
PAGEDC11 1024 bytes · 0.0% of section data
Uncommon name
MD5 a006ece490551400c4891f60012f16f5
PAGEDC11 512 bytes · 0.0% of section data
Uncommon name
MD5 6345523b2ac28991c0109854592a0261
PAGEDC12 2048 bytes · 0.0% of section data
Uncommon name
MD5 fcfc83077bd0b705be31650d13fd3c74
PAGEDC12 512 bytes · 0.0% of section data
Uncommon name
MD5 365f76dcb9915d7fe2d909fb46707f34
PAGE_DAL 41984 bytes · 0.1% of section data
Uncommon name
MD5 d137049054366ffdcae3893ca46cb9bc
INIT 6656 bytes · 0.0% of section data
Uncommon name
MD5 9ed1de44edc1b86cfffa97a9035bc205
.rsrc 15360 bytes · 0.0% of section data
MD5 db6740291e67bc2ecbaebcb46e04de3d
.reloc 165376 bytes · 0.4% of section data
MD5 0ba6ca435dbf6b46b7f04d42e03d46db

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

This file is still under review

ThreatInfo has not assigned a final verdict yet. Compare the file hash, location, signature, and publisher before trusting the file on a production system.

Scan with GridinSoft Anti-Malware Use a local scan if the file origin or behavior is unclear. Check this hash on VirusTotal

Recommended next steps

  • Compare the local file MD5 with 946fdd07171341501c1b829ae37fa99c.
  • Check the file path, publisher, and signature against the details in this report.
  • Run a GridinSoft scan if the source, path, or behavior looks unusual.