Manalyze report for ed4a32d3bf650bf3a0379f01b605ab00

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-17 14:19:52
CompanyName	Brent t.me/in322
ProductName	Nova
FileDescription	Nova
LegalCopyright	Copyright (c) 2026 Brent
ProductVersion	`1.12.0.0`
FileVersion	`1.12.0.0`
OriginalFilename	Nova.exe
InternalName	Nova

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to AES` `Uses constants related to Blowfish`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW`
Suspicious	The PE is possibly a dropper.	`Resource 27 is possibly compressed or encrypted.` `Resources amount for 98.7994% of the executable.`
Malicious	VirusTotal score: 18/72 (Scanned on 2026-02-19 20:13:10)	`ALYac: Gen:Variant.Giant.Tedy.8545` `APEX: Malicious` `AhnLab-V3: Malware/Win.RiskWare.R756277` `Arcabit: Trojan.Giant.Tedy.D2161` `BitDefender: Gen:Variant.Giant.Tedy.8545` `Bkav: W64.AIDetectMalware` `CTX: exe.unknown.giant` `CrowdStrike: win/malicious_confidence_60% (D)` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Giant.Tedy.8545 (B)` `GData: Gen:Variant.Giant.Tedy.8545` `Malwarebytes: Malware.AI.666859162` `MicroWorld-eScan: Gen:Variant.Giant.Tedy.8545` `Microsoft: PUA:Win32/Puwaders.C!ml` `SentinelOne: Static AI - Suspicious PE` `Symantec: ML.Attribute.HighConfidence` `Trapmine: suspicious.low.ml.score` `VIPRE: Gen:Variant.Giant.Tedy.8545`

Hashes

MD5	`ed4a32d3bf650bf3a0379f01b605ab00`
SHA1	`47c9043d8d586b77f3b5ed38a209a2cd93ea2518`
SHA256	`725cf074d699fc5a66a9aacc31745342fe7df5ac647d5172c0b8f3ab1c230445`
SHA3	`9a4d53b74ff26721b6e2a82cf1adcf31c38160dbe6c476ad9f28aa31e340d6fb`
SSDeep	`393216:f+BveNxqMA1y0F2/tqlPx3KHKxQjhPKaxPbGqkBAg6nIEt+0+5XhdwXeX3:fGveNxVwy0F2/ePxJWtPKaVGqkBYnId`
Imports Hash	`2c7383de6a2d1b6a0276a7aa97924ca8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Feb-17 14:19:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x21c00`
SizeOfInitializedData	`0x10bc200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000C550 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x110a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1e480fe9786371043f53f213ea3734d1`
SHA1	`c97cf113b937a69fdceea5d71733f7ccf174017d`
SHA256	`e836519275852bc5da60c52e3be765bea6d5ec5c49778a0dbbacf86d9ae03a88`
SHA3	`8c37c50a0b3ceb92d7b44ce13d4cb2a14a9cf906340efd5938eed9f3534b0c90`
VirtualSize	`0x21b40`
VirtualAddress	`0x1000`
SizeOfRawData	`0x21c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.5051`

.rdata

MD5	`339b18852896338de8ecadafb39e69e0`
SHA1	`1a145e8fe1283a39f0a4261f64b73727b52b0beb`
SHA256	`71513e5e6a312e20460f1f08791b9b8385cb582f576cd7c8d5239c32bfe905d6`
SHA3	`61228cd2442b86e92707cf349d0fb3fac718eab5f8130a000c8dd773c314042f`
VirtualSize	`0xeafa`
VirtualAddress	`0x23000`
SizeOfRawData	`0xec00`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.68124`

.data

MD5	`29d654fe95b9e4cc3aee22485e64ef0d`
SHA1	`644e5ee6ba5b2734d3f3ab2c7365af65f5e4424b`
SHA256	`5b49cf842767b6b705b02eb11a8b16447787037983e1fc9da116abb57148ca34`
SHA3	`e955bc94f15350b9e0fbc4fc66d27074b7f10dd8e89191c35ad8795540bdc241`
VirtualSize	`0x287b8`
VirtualAddress	`0x32000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x30c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.97087`

.pdata

MD5	`ed5f2137cfa452c6aa63fe6b570093a5`
SHA1	`3f6a2b0ac0040af4df594fae2654673b759df0d0`
SHA256	`1984432ade8c9cadd9d2ae2dc9a720e6028d2fe0305ffaf9c77a362a51647a0d`
SHA3	`0552c8615a0de66a09ebe4ca79f5d73d522b994fc92a6d5e7c16c9c936be6361`
VirtualSize	`0x1824`
VirtualAddress	`0x5b000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x31800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.06342`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x5d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x33200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`dcfb1657a8868b498e771c7322defee2`
SHA1	`230e299ab593ad272d4934eaa3d8596905d3fbe7`
SHA256	`e60cef4f3c696b9de97624e0a40fb1420f0fe22817f604805565029b321ec528`
SHA3	`a4766c43f423ee1596edd8660e535b3f68d95d0edb4e0550d241f016b6009c15`
VirtualSize	`0x10aa5fc`
VirtualAddress	`0x5e000`
SizeOfRawData	`0x10aa600`
PointerToRawData	`0x33400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99905`

.reloc

MD5	`ca5bc4b037b990989def9f075baa3ceb`
SHA1	`123017fb03504c547eb12b0cacc7a3b223aea270`
SHA256	`7927bf53a0d7e527e4101fca8d9f38193bd5953e6bc60534b17c942a24de4790`
SHA3	`48c2ffb2d9bc68f579c14c952e1498d9e3d4a7fbfeddbbc96521913e3be24298`
VirtualSize	`0x680`
VirtualAddress	`0x1109000`
SizeOfRawData	`0x800`
PointerToRawData	`0x10dda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.95638`

Imports

SHELL32.dll	`SHGetFolderPathW` `CommandLineToArgvW`
KERNEL32.dll	`LeaveCriticalSection` `WriteConsoleW` `CreateDirectoryW` `SizeofResource` `SetConsoleCtrlHandler` `GetCommandLineW` `GetStdHandle` `WriteFile` `GetShortPathNameW` `TerminateProcess` `GetModuleFileNameW` `SetEnvironmentVariableW` `GetEnvironmentVariableW` `GetTempPathW` `FindResourceA` `WaitForSingleObject` `CreateFileW` `UnmapViewOfFile` `GetLastError` `LockResource` `CloseHandle` `LoadResource` `GetProcAddress` `GetFileSize` `GetCurrentProcessId` `CreateProcessW` `WideCharToMultiByte` `GetSystemTimeAsFileTime` `FormatMessageA` `CreateFileMappingW` `MapViewOfFile` `SetDllDirectoryW` `GetExitCodeProcess` `QueryPerformanceCounter` `GetCurrentThreadId` `InitializeSListHead` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW` `HeapReAlloc` `RtlUnwindEx` `SetLastError` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `EnterCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `RtlLookupFunctionEntry` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `GetCurrentProcess` `ExitProcess` `FreeLibrary` `GetModuleHandleExW` `IsProcessorFeaturePresent` `GetCommandLineA` `RtlCaptureContext` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `HeapAlloc` `MultiByteToWideChar` `HeapFree` `VirtualProtect` `LoadLibraryExW` `LCMapStringW` `GetFileType` `GetStringTypeW` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetProcessHeap` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `HeapSize`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1fa96`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99285`
Detected Filetype	PNG graphic file
MD5	`e16978394ac4fd9128e80452a49b12a7`
SHA1	`b110177c426aff71addba0cac27f235c55c58dff`
SHA256	`9b88ac759b7d9a235b2ac2bc9f8f2a0185e6e50d7e5c946f78b651fe98f6fe9b`
SHA3	`a852f26359037b96914cad8f163ccb0994fbe1349378b62f0ec2593558c15594`

27

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x108a238`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99905`
MD5	`352abff694dee1cede8400d62600706f`
SHA1	`64c31d6a16d16e40faa863a3fc392a1ea9043ad4`
SHA256	`22626edd828748dd585cf265e019df0f25c2814aa4fd70817099c156527754e3`
SHA3	`7126fd16c90264634f85c069827d01f3e303b3c78f767db0e3071f87efb0bdc4`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.59047`
Detected Filetype	Icon file
MD5	`de6fa3348bcc2f08d6dfd6b7c244eee2`
SHA1	`fc49c3b18ea7d9b79d5d18e4c597e8dd2f27977f`
SHA256	`acd823523d78a8e1a076166754081ecb4cf3a87c6f1bc394da62ec486e84f28e`
SHA3	`ba0a561c9dd7d3cdc149ceb4da6215f31e970dd733f7434ea9f527132a624322`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25343`
MD5	`6fecfa4bbcfcdc10c354f91d4028d344`
SHA1	`6b3e0bd9d697400caeb2285c122a4d4e13f0dcc6`
SHA256	`3efb2873a452404251bd5d76d93c64200fecaf175af5a82c74356e6e59aa4a2c`
SHA3	`33aeadb70eb7728b9d0f006814c3df2fe4ae90d47775dc89f603c00fbbeeef74`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4f1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27584`
MD5	`9175a1fabff80fec23018fdfc1dc274b`
SHA1	`be8f32edef4e9f4aa514fa34f36ca9ee0204139b`
SHA256	`94b146eac0a80f5089ac9e57303515ddf9087d9d88fd4d47f27df8f3cf14cbb4`
SHA3	`934768e038a5727d347f31840aaab3de69c96e1d4bca3c9e726bae6be020edf3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.12.0.0
ProductVersion	1.12.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Brent t.me/in322
ProductName	Nova
FileDescription	Nova
LegalCopyright	Copyright (c) 2026 Brent
ProductVersion (#2)	1.12.0.0
FileVersion (#2)	1.12.0.0
OriginalFilename	Nova.exe
InternalName	Nova

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-17 14:19:52
Version	`0.0`
SizeofData	`800`
AddressOfRawData	`0x2f3bc`
PointerToRawData	`0x2e3bc`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140032000`

RICH Header

XOR Key	`0xd9706d93`
Unmarked objects	`0`
C++ objects (33145)	`147`
C objects (33145)	`12`
ASM objects (33145)	`6`
253 (35403)	`2`
ASM objects (35403)	`9`
C objects (35403)	`16`
C++ objects (35403)	`39`
Imports (33145)	`5`
Total imports	`111`
C objects (LTCG) (35721)	`1`
Linker (35721)	`1`

ed4a32d3bf650bf3a0379f01b605ab00

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.fptable

.rsrc

.reloc

Imports

Delayed Imports

1

27

1 (#2)

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors