home

fadisk.sys

Chongqing XIA Software Technology, Inc.

It runs as a Windows kernel mode device driver named “fadisk”.
Publisher:
Chongqing XIA Software Technology, Inc.  (signed and verified)

MD5:
0f583ad9eae081e3e6f38bc341feaa7d

SHA-1:
a0870e5a2f1fb3357ce2d20eb005fc457afbe219

SHA-256:
2d266f0443704044e8435f78f7b0f3b01f1bb623844478874ae8f18a814c9dcc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
2/27/2025 12:33:41 AM UTC  (today)

File size:
133.7 KB (136,920 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\fadisk.sys

Digital Signature
Signed by:
Chongqing XIA Software Technology, Inc.

Authority:
VeriSign, Inc.

Valid from:
9/4/2014 8:00:00 AM

Valid to:
10/4/2015 7:59:59 AM

Subject:
CN="Chongqing XIA Software Technology, Inc.", O="Chongqing XIA Software Technology, Inc.", L=ChongQing, S="Yubei District, ChongQing", C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5FB8EFB9E3FE2F857CD9DCA04991C66F

File PE Metadata
Compilation timestamp:
6/4/2015 1:16:41 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
1536:/FAGKfM3Ezhz1SPAqGYbIN/iZathO1dGexQP/7+eLZkduIvI4FsOXdRmB/iQHqf4:/6h96INKZQckP/7+uIvejFN03a5

Entry address:
0x212E9

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 17, FD, FF, FF, CC, CC, CC, 6C, 13, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4A, 19, 02, 00, 20, E0, 01, 00, 4C, 13, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 19, 02, 00, 00, E0, 01, 00, 60, 13, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, E2, 19, 02, 00, 14, E0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 74, 19, 02, 00, 9C, 19, 02, 00, 88, 19, 02, 00, 58, 19, 02, 00, 00, 00, 00, 00, B8, 19, 02, 00, CC, 19, 02, 00, 00...
 
[+]

Entropy:
6.3673

Code size:
117 KB (119,808 bytes)

Driver
Display name:
fadisk

Type:
Kernel device driver (KernelDriver)


Scan fadisk.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.