The citron exe File Malware Analysis

The citron.exe File Analysis

Updated 2 days ago

Checked by Malware Check

citron.exe

Hash Type	Value	Action
MD5	7b8e6c4b1ecdcd6e07dc7c4c9bf6cf70
SHA1	53b0d426d08e5955352ace688f66990ba92cabd0
SHA256	5bdae83b8200ad692a35cd26efed58e905111751fc2a5ea7e3897342c4156ea8
SHA512	9c7c9bb5637e53a3897cbc38abf642a5c24973b4c639b8259b2a6372312676b021e300b1a1e73b216efb62d052c88363b6b5cba8eec812c0934460dbb66acf4e
ImpHash	86ca6cbfe0ac5d87f1d1fe725a8db785

Hash Type

Value

Action

MD5

7b8e6c4b1ecdcd6e07dc7c4c9bf6cf70

SHA1

53b0d426d08e5955352ace688f66990ba92cabd0

SHA256

5bdae83b8200ad692a35cd26efed58e905111751fc2a5ea7e3897342c4156ea8

SHA512

9c7c9bb5637e53a3897cbc38abf642a5c24973b4c639b8259b2a6372312676b021e300b1a1e73b216efb62d052c88363b6b5cba8eec812c0934460dbb66acf4e

ImpHash

86ca6cbfe0ac5d87f1d1fe725a8db785

▼

Icon	Hash: 29f2ad5932ad73c6344e9686f337bc11 Fuzzy: 25408a86116fc695029aa04ba4025ce2 dHash: d978ececc8c8e064
Image Base	`0x140000000`
Entry Point	`0x140f7f42c`
Compilation Time	2025-11-02 04:24:09
Checksum	0x00000000 (Actual: 0x01871734)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
PDB Path	`D:\a\Citron-CI\Citron-CI\citron\build\bin\Release\citron.pdb`
Digital Signature	No valid SignedData structure was found.
Imports	47 libraries
Exports	2 functions
Resources	3 Resources
Sections	6 Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	16,875,231 bytes	16,875,520 bytes	6.34 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`C19A6C4FB475892672B601891F16433A`
`.rdata`	`0x01019000`	7,172,724 bytes	7,173,120 bytes	5.75 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`CF9E7BA9C2EEAF1889BAA57A8910BD71`
`.data`	`0x016f1000`	2,233,872 bytes	839,680 bytes	4.90 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`1D318A23A4B6F30487B062C074AE6EA7`
`.pdata`	`0x01913000`	572,808 bytes	572,928 bytes	6.70 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`72FFA0D4FD31630C9E3E6D82EEEECF47`
`.rsrc`	`0x0199f000`	13,592 bytes	13,824 bytes	7.70 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`41E4B8A68ACC63A893D772B3FDED7595`
`.reloc`	`0x019a3000`	114,328 bytes	114,688 bytes	5.62 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`DD2B06746744DE28FABE0C2192D543E1`

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

▼

Total Resources: 3 (13,323 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	11,469 bytes	86.1%
RT_GROUP_ICON	1	20 bytes	0.2%
RT_MANIFEST	1	1,834 bytes	13.8%

▼