Manalyze report for bf3b3fd4b2069061c37640160b6a6946

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2040-Nov-30 20:53:07
Debug artifacts	C:\workspace\SymDiag\SymDiag3-Win\csharp\Collector\SymDiagWinSfx\SymDiagWinSfx\obj\Release\SymDiagWin.pdb
Comments	Symantec Diagnostic Tool
CompanyName	Broadcom
FileDescription	Symantec Diagnostic Tool
FileVersion	`3.0.106`
InternalName	SymDiagWin.exe
LegalCopyright	Copyright © 2020-2025 Broadcom. All rights reserved.
OriginalFilename	SymDiagWin.exe
ProductName	Symantec Diagnostic Tool
ProductVersion	`3.0.106`
Assembly Version	3.0.106.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %temp%` Contains domain names: broadcom.com costura.de costura.es costura.fr costura.it costura.ru costura.system.net http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 https://share.broadcom.com https://share.broadcom.com/symdiag/SymDiagWin.exe microsoft.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org share.broadcom.com symantec.com system.net www.symantec.com
Info	The PE is digitally signed.	`Signer: Symantec Corporation` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-02-02 15:05:28)	`Bkav: W32.AIDetectMalware.CS`

Hashes

MD5	`bf3b3fd4b2069061c37640160b6a6946`
SHA1	`7760b21d08c106bfdcb6fd8ab43c2b5c0ad7d208`
SHA256	`bfce4564b529a3ed30874e90528a3c64fc741d36033cbb9f52e3b79f20393efe`
SHA3	`3534804d6b744e59788ff9b7f855ca764b5ab8f51fa1a56db4bf1bb92c9888d9`
SSDeep	`393216:lXYzqg2/WmFxnezN16lsa/7ndnqhInUnZfACbvKCE0fBkDjWnMNzxZPUiupYsh:VsbYFx4P29/7d0IUnZfRq/G+xZPl`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2040-Nov-30 20:53:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x1609200`
SizeOfInitializedData	`0x10a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0160B05E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1620000`
SizeOfHeaders	`0x200`
Checksum	`0x161ff17`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`90f56b25f893185cb50e2425ca99637e`
SHA1	`b954c197f99534e730a3a6ea5ded0ebe0ae1d88b`
SHA256	`0b982bec78fc09042decb4f4f59b2a10b3bd45ffd6315eea9724dfc5c7c42791`
SHA3	`a03045afe1490691d1f22510314b866b0ade9a97fea7475a911604f8df0186a6`
VirtualSize	`0x1609064`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1609200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99858`

.rsrc

MD5	`d857a1af7b409ed5fc96e444d397a564`
SHA1	`2cb72180cee5876af0b4196252e6d2a4b747b4d5`
SHA256	`59767d4c9855a627c7fc30b328e6780e53fefd4183ff67905b55b2c966c8aedb`
SHA3	`64e808e778d88dc00bf3c33ac0b76597f710ee2484699bd9000175ce0757bb31`
VirtualSize	`0x10790`
VirtualAddress	`0x160c000`
SizeOfRawData	`0x10800`
PointerToRawData	`0x1609400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.09375`

.reloc

MD5	`988de2b37e0422e9c08742a1c566fbd5`
SHA1	`769a97bd369e6f7547b6f939d9d307252ee275b1`
SHA256	`94177374df95e0c98cf2d9a953e678b1912a3a327cf1337b9071e592f1f5fdea`
SHA3	`bfbba3ff6e5fffe8e5c2c1e28f7c78edd22d3342272fa097d83f9d80c5a606c1`
VirtualSize	`0xc`
VirtualAddress	`0x161e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1619c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.11837`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49058`
MD5	`c6c025dbfd96b24a8b84cc57ce2d33cc`
SHA1	`def09ab5f24055cb034fea578621c2a103679dba`
SHA256	`c933398c3fec33f4121d644ac45a37bed58d6bd8a39e2844070c032fd3c23f43`
SHA3	`2ae012f7168b6b7e2d5fd277d534e9d815eee5be4913bb8079db26582fba3644`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.86144`
MD5	`196cd9f0013b46f1e8c7460319a50840`
SHA1	`70a15dab8420b7b1d1a4320f4c55b5013430d9e8`
SHA256	`a6dd100d627ffe07425decded3d5e18d52b670c4290e710dcf7d60dce0cd7c97`
SHA3	`e6d3b1c5a8aad80896a466648af2a38f1cdc596d1ca3561603a36b8921abd628`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.77582`
MD5	`e97da10a5c498c47a632daa7d3a73eb6`
SHA1	`02f0bfb40a68d3a641ef09e621ab3dddbbee99d6`
SHA256	`e60b5c31e83ca53ef0d8f1f2ba748b1e5cec20878a578bcece94f559d657d9ef`
SHA3	`70e22df72e386b0a1a5eaf6ff3105dc7ec7b72f8832c7298e792d1218061dcde`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50541`
MD5	`eb36b5f6119f5657405eeb8b19718a41`
SHA1	`de814ac108728766c86f38e1c578cfbf505c9bf2`
SHA256	`f8763a548c0d101e46a8b31de2f657607c19a27240f0088716e71e5a4bbb3f28`
SHA3	`82441a29ae808087be0433b0237816dc569a1e7f7c48f2321665b1b700134b1d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49162`
MD5	`6f33544306ced8a7f829fbf8b650233b`
SHA1	`d56a5370a34ea7a38840e24f50ee7b01b7c9b29f`
SHA256	`f9d56de29c9ef98c4555cff461a2475771bd81a21b868a2233a8fe01e1d02977`
SHA3	`45314307fd6c24c1928963fddd015841fb1990bd1218359b5e132f38ce6a9dd8`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90716`
MD5	`35559942f4c93b3de88959e31c0e1619`
SHA1	`a518fdc1c50363ff8608de3f7045ce36084ee594`
SHA256	`7e1483c46ef2e988f75e66404da70e357964c2a013b7fe0432f380c1175e6ce8`
SHA3	`48dde3217f84cb282292505c153713b14f40eee82ed22579b57f7bcb277fc188`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3326`
MD5	`3f1b147bc2dc2126be9f40f1c2aba653`
SHA1	`3abda0a9eff75785a5fdca7b7ff70f7c772818d6`
SHA256	`d36fdd4392712dd0e2e4e0756f12aa43221bc2740c1ebdf25a8343e4a68566f7`
SHA3	`17756997f7d46adaacf2bf5e9c862df400368db06c84b7ab95d91946876e4727`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48906`
MD5	`9649280e05abac902773817b584d3aaa`
SHA1	`bf5e2ef1336d37de386df26edff17f85aa019c87`
SHA256	`5877df3ceeb63de09b3950f60a2e061782558b7166605ae92adb28cd9f64c7b1`
SHA3	`bdcf19619b089b1e5d78049b18ce96031050723ce216ba7dadafa5842550b8be`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x608`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.24481`
MD5	`9dae26a0513116058add21989ec4975c`
SHA1	`68d5ef70a077e951967347e751188a8d0cfda04a`
SHA256	`a8557165152954a187f3f9d07bb7b14681cf302a94d68fb51cf05651d77f0f19`
SHA3	`1158950c889084080f5a1558781a9ba283fc5824d16f5d6f0fa7d379a0af7639`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.70745`
MD5	`d2c653dde4a698a2d5f67a0cccc18596`
SHA1	`0560ed306a0a5367313fb60af214cdc2df4d2609`
SHA256	`82f934e287b0e1e70a1d0b16ae61b046e14598baf877da73182291c7bf74e23b`
SHA3	`679840f9e8c9011a7b5097331fe5df421e05e6ca878254f9090021f5041dfa74`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c25`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93042`
Detected Filetype	PNG graphic file
MD5	`7cbd709af2e4f23d66e70ac958396226`
SHA1	`c3ef71bcd1884480203e5cccbecbb0da7281cc9f`
SHA256	`4cdc9a3a2c238feb749352b29cb9549c07e52dec25f2d5e68c6e314dbc6d35e5`
SHA3	`0ae6bee81408b6a81d9492bfa4ed8f4829ffd4c408e361c939445201eab50de7`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93103`
MD5	`3d3650bb94b2572c2695033b27bf05af`
SHA1	`75285b23fec064843405ca6a38f44c948612d3ea`
SHA256	`8c3049105aeb8dfdb0e5dbfeb9aac0e6e3a7138b3575bd04b0d8452b69676b0e`
SHA3	`b8321f5cc4b2d62c9ab96a5a61dd7f2c9341c632aa3ece0e42f99c58646452e4`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04738`
MD5	`4d93f40d52227464fb7c8d41a03d3664`
SHA1	`a415e9621856eddfdc65b6950d840e525355d36d`
SHA256	`20f50df6a6835c140a676de49061359ff5d6eedd0f20bf74ba4979318b0863dd`
SHA3	`9f88b9104dfcddf1e8e8141fd8570bd9ea6d759b45558d41253e1b37ef52660c`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63993`
MD5	`7e3733c1c6dd242fd2cc4af16c4c9d99`
SHA1	`3a34a19d68d3557d08f7556118f42df4228472c7`
SHA256	`99a5b7637e10edbcb60152930f74691d663d592adc9c1d92e7474d9b0d5af0b5`
SHA3	`089c9832ca0095e0a1364c16321a73b0786f068e59cbf4c0cddbc0ae9de3f73f`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.81244`
MD5	`fe761c47c2d716ea37893c052c19ce01`
SHA1	`6db0a394f84ebccc772ee07a591b608c068f02ec`
SHA256	`5d928bff4bda08d2d68b0fa964f9cc8b613689966aa3431e38eb78425ee298a4`
SHA3	`624473a9754284e0962c4c14c6247b57e8f1e716b2cc5cb6c350daa78e40919e`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89812`
MD5	`bc6e8175308c87f937aaf44256fcc1a7`
SHA1	`423f0dcff764187c49462f2cb0ca6d616fe57e13`
SHA256	`9ea0df8f734d2527b6cfb4a78b55add143d664126eb8e95e5623b5366a1e8350`
SHA3	`8b278891bfd4c1ee3c2b6101cc4c677eb00af116fbe06297f74225b3e88632c6`

17

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1767`
MD5	`bc28c228d5913904c2100cfcebac3d78`
SHA1	`101454712bbbc9e4cdb71c3c1a843df5726b886d`
SHA256	`88ef405916cff0d209a06e7bc53ab9b15c62fee51fba0aff6858aa22f8cd2bb0`
SHA3	`133c035d913dc362fa5387026befe3a687daecac590877fcde8d56e4fe4c539a`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1795`
Detected Filetype	Icon file
MD5	`7c4fbfcdd4975953d039eaae10893fc6`
SHA1	`ee87a9795f4f816adb10fb18efa08b7b4ce872f5`
SHA256	`19917c4cd1e6e7f35b9b7080dad32109dcf617705fc49459266ccd0786066da7`
SHA3	`cd98b1584133a4acd33d07b94002fe9246acb43f62528e9e0a13113b7f653c37`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3661`
MD5	`3460fa4b3903520e133f2d9d673d0728`
SHA1	`55c4f71d56593891c98eb02da475e52efef876f4`
SHA256	`e0fdfe667d9b8ba461e0ee6b8f3dc9b3368c2a603a348fd63b95dbf2d79055b8`
SHA3	`610718f3fc58531f3ae22939de0c27b0236630e9d953a8029d6c1fa3a75e1f38`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xdc9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97508`
MD5	`be591e6bd1537bcf4e11c8961a9affb5`
SHA1	`f193d03d3b184125fe2a140d31e6cf65f1651dd5`
SHA256	`46ecc79aedef4a6e917d5340db480b6e0f679f4d7adc94c6e7173db5daf5f50f`
SHA3	`bc7ecf79862c5a57c9e96b6cd47cf2321d5712fbf7cda0554789af6323849c23`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.106.0
ProductVersion	3.0.106.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Symantec Diagnostic Tool
CompanyName	Broadcom
FileDescription	Symantec Diagnostic Tool
FileVersion (#2)	3.0.106
InternalName	SymDiagWin.exe
LegalCopyright	Copyright © 2020-2025 Broadcom. All rights reserved.
OriginalFilename	SymDiagWin.exe
ProductName	Symantec Diagnostic Tool
ProductVersion (#2)	3.0.106
Assembly Version	3.0.106.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2040-Nov-30 20:53:07
Version	`0.0`
SizeofData	`130`
AddressOfRawData	`0x160af80`
PointerToRawData	`0x1609180`
Referenced File	C:\workspace\SymDiag\SymDiag3-Win\csharp\Collector\SymDiagWinSfx\SymDiagWinSfx\obj\Release\SymDiagWin.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0x1609202`

TLS Callbacks

Load Configuration

RICH Header

bf3b3fd4b2069061c37640160b6a6946

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors