GridinSoft Threat Intelligence
atikmdag.sys file report
Why it matters
Evidence available for this file
No final classification is available yet.
First seen 2017-11-20 09:07:39 (8 years ago); latest analysis 2022-09-30 23:17:43 (3 years ago).
Company metadata: Advanced Micro Devices, Inc.. Product metadata: ATI Radeon Family.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Use the hash and metadata below to verify the exact file identity.
- Review publisher, signature, paths, and PE details for inconsistencies.
- Run a local scan if the file appears unexpectedly or starts with Windows.
File context
atikmdag.sys is a Windows file recorded in the ThreatInfo database. It is associated with ATI Radeon Family. The reported company name is Advanced Micro Devices, Inc.. The current detection status is Undefined, based on the latest analysis from 2022-09-30 23:17:43 (3 years ago).
ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.
File Details
| Product Name: | ATI Radeon Family |
| Company Name: | Advanced Micro Devices, Inc. |
| MD5: | a803e2a6494cb9186e8b51a971e6f254 |
| Size: | 18 MB |
| First Published: | 2017-11-20 09:07:39 (8 years ago) |
| Latest Published: | 2022-09-30 23:17:43 (3 years ago) |
| Status: | Undefined (on last analysis) | |
| Analysis Date: | 2022-09-30 23:17:43 (3 years ago) |
Common Places:
| %system%\drivers |
| %localappdata%\slimware utilities inc\slimdrivers\backups\20170501t002912363268\pci\ven_1002&dev_6760 |
| %system% |
ThreatInfo has observed atikmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen atikmdag.sys across 3 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Russian Federation with 33.3% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for atikmdag.sys is Windows 7 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
atikmdag.sys is identified as pe for 32-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
f11ab08d6827b169a94b8ccf38133b4f
0a109570d06a90d3db81cb9e0de80c50
43c2522d3c4cf6c28cace3bd052a1db5
8a51536179cc4ec6ad1190151b72ee46
495f898365715f5eac98f0db6caaa958
5379844f73be0825498445b73b4837b5
75b0e75b011ed8948d44b35b2eeef923
4423ab736c37827b05ab2208f952db56
4c231076175da798833521306b5ea3d2
df095028310afca28307cc5546bd667f
48c43a1fea218c25c2ae0072638fc1e2
507e3a98f88cb52f471f2cb3000a13d2
b54f5c8ed4dea8bb34aef72227716388
5953e8ce9cb77368c10e643ea88718dc
14669688fa596abe460403b07a7f796a
fc234a3b2306a64655bc1d3b16a3aa6a
bf6deedf1c36efeb9145d7e9d6105aea
24fe1cb7b333e18d848e8954242b7769
1b6020de3a69a75bf88331caed25a5d2
f72d4e96166fbedbd738aaadb3e24a5e
4d5ae59ead7e8c8a007b23f3366aa9ab
98c37149dd26ce1a5c013162ace85b87
bef59e81952f73b31d1a6143165efa89
08675bc63854864f4b783006fb758a2c
286b4aebce2eb49af54f8981c8ceeea3
9876ef929134952e513b8c11747284a3
1036a1169285a70bfd1004e214fb8519
7ca4a91588d888f64ac23845799ea5d3
f816b3b2afa7e0a9c87beae0bf62c4df
e61f51dae155e2751e1f0a67ede1667a
8137dac009c7ba812df65892c9b6404e
8a4c0e80d26b417660e05f13f4ec3298
751179bd64cb92e02b6d6e6cf673766f
0e7b26f9d8202a11c88f5a3bdf6757af
e62dfd5bd634328c915ee68f32615ecc
9c99e2d47f7553bf8e3bb0747ef80f0d
c3950c8a13f13684b4028e4ffc495c05
fa93d77815bb6ddcc1603b1deeb3feb0
40985b2fdd7cfa1c55c5299ac3659ac8
17d83d4a3c5e8f3cbcbca112fc54096b
79e2e8d87992a79a7a9df17224a9f7cf
532c8d400ec7c2279f26a6e3de3890fd
fea2c39c246f6a210f88e04d5710642e
0503c91db57b976df6115e47850a4433
3b80fb62bf1f24615c500086f45a1a02
c337887b797ee9e37617bd22a88922f8
5d147b8d83e089abcd1d5171bf483cb3
ad8e7a3606aefa4a2dfc7aaad5529100
13f47e2c472cfc89bcacb32d1c2764a5
905dae6b6b9c701883cbc4658cf32d5c
bcddd77bb9de9da3b0bc66715d32bc23
fa6d4d4a22ee08dacc064959c46223d8
62937a1c419d1d4dbee5eabe95cb55c5
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
This file is still under review
ThreatInfo has not assigned a final verdict yet. Compare the file hash, location, signature, and publisher before trusting the file on a production system.