GridinSoft Threat Intelligence
atikmdag.sys threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Trojan.Generic. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Trojan.Generic
- Recommended action
- Scan and remove
- Last analysis
- 2023-04-27 23:26:45 (3 years ago)
- File hash
- dd3067ab95a04cbb9f4ef24d88c06d8f
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Trojan.Generic.
First seen 2023-04-27 23:26:45 (3 years ago); latest analysis 2023-04-27 23:26:45 (3 years ago).
Company metadata: Advanced Micro Devices, Inc.. Product metadata: ATI Radeon Family.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.
File context
atikmdag.sys is a Windows file recorded in the ThreatInfo database. It is associated with ATI Radeon Family. The reported company name is Advanced Micro Devices, Inc.. The current detection status is Trojan.Generic, based on the latest analysis from 2023-04-27 23:26:45 (3 years ago).
If atikmdag.sys appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Generic.
File Details
| Product Name: | ATI Radeon Family |
| Company Name: | Advanced Micro Devices, Inc. |
| MD5: | dd3067ab95a04cbb9f4ef24d88c06d8f |
| Size: | 23 MB |
| First Published: | 2023-04-27 23:26:45 (3 years ago) |
| Latest Published: | 2023-04-27 23:26:45 (3 years ago) |
| Status: | Trojan.Generic (on last analysis) | |
| Analysis Date: | 2023-04-27 23:26:45 (3 years ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %system% |
ThreatInfo has observed atikmdag.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen atikmdag.sys across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Mexico with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for atikmdag.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
atikmdag.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
959f56975475568a2c6d41a1cb117958
5174a6b85cc2b1b9f9b19521d16eaa61
8ae9181643f6e03eacd729bdcd7780d3
2bf31b30da94bd4d5a06d91d368146d5
1050af71bd842d79d727564d4c5f02c9
1aa8837c179b2965e631b1f18d8fe11c
18560f59da8a3cc352b3ea45aa830375
c49cd0cb0b3af820a616675e7ebec3d3
d05029f1621873288ffa36724ecc6137
b0448eeac1954ae490ddc3022f0e93f7
57ab9f7d84bcfa9971915602f15b7012
2bb4bc57e8903d12228c0e5f62e2a88b
dafa607e3c8dbeec951c976bb779ccab
d727eb3d09ca63aa03830a809fd0c416
4b16b6fe2cd5844c955b4f5210ee4881
5811c04527028dce9548dabc67aabd90
852cac477a469b7aaab9de3a09884e29
d2129001c7a42245174a8a84feb1cc16
9094cd050720fcba829413e61e9c672f
5a8d0e7b95cbb942e0f1f08771fe3b52
fe4d89a08b23b5e8d38d766c7a4ac826
7ef18160d5847144eee9138cc2ec1e0b
7c2fe0608260501e30299452ba42ec35
b05a0f13fe80c58ac9ab08c8308ecc21
53f7124e814a3b948f4f7781df15e19a
86d5f8b3882bd030a943c1fbff914397
ae3930cf6142bccba98299875d34996c
7faa10fe9600d09e09fac31ddc19e2ef
12ab294dafb7ec729e10fbaff5d80102
10ca863e553f32146a299c4c26a0ae93
c2f60f64edce5eda69409910c1ec2921
138cba6b26e2c6e261aee9d101ca2723
7828c8a4274d5767f7df5245c3452b72
c8ef42210f23b95199f2a162abafd7b3
1ed17244818707cd9f95574bbe75e525
3b7eb7ccf94cdbd1329cc0fed065429a
74ecc28a556c047bf9e949cf92aa094a
354ed917453caa7bde75f97304b516c8
cbfa509a7aa406995ad28c6298a4e67c
3d783c13b0b1e99f2f5d033b518b75c1
a0fb7026084a600c39fde18b5f6f2ae5
568d674600d933f887fbdd342a71175a
ebb006492a4e43f4ab990f754d29f54d
93d84042238132533f99345d436fffad
b63ef41c1dd0f14d32aed399e8004be5
647956372a0b42fbef67870e02744e6a
537f3440dd6ba6a6fc4d12790833daf7
fb1a8c46906eb405b3d7573d4bd57ac8
5538c04210bcdf1d4f91b3159f5e38ea
39261130f335ad18c58fa1d75383ea55
53e859ece39afa0c275b696d90008f49
3bf5c49365b2babb9c6bbd67bda8d29b
4c0a1b0294d56188efd74ca9bbc2ad63
acfe6d700f667a16ffa043564e347850
7e19f2d12345350b9a79502b6aed5804
8e8e036626a3db539c391904b84e952f
477647d7eeb6448d6a0877e7dde738e7
a260353adea2d0c7bd5d6d2be5ee5a3f
ac1ea2181523da2cde3fc7b48c2c4114
133f1bebfdc6bb2ae800c06102ba53df
56d6c96c24a9cb5a2646100adb52b721
25803efdf33ee3757f867fefc30e37f3
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Trojan.Generic
This report identifies atikmdag.sys by MD5 dd3067ab95a04cbb9f4ef24d88c06d8f. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.