Users login

Create an account »

JOIN XATRIX

Users login

Home » Technical Papers» Dissecting the Dyre Loader

Dissecting the Dyre Loader

by Jason Reaves on December 31, 2015

Dyre or Dyreza, is a pretty prominent figure in the world of financial malware. The Dyre of today comes loaded with a multitude of modules and features while also appearing to be well maintained. The first recorded instance of Dyre I have found is an article in June 2014 and the sample in question is version 1001, while at the time of this report Dyre is already up to version 1166. While the crypters and packers have varied over time, for at least the past 6 months Dyre has used the same loader to perform it's initial checks and injection sequence. It is the purpose of this report to go through the various techniques and algorithms present in the loader, and at times reverse them to python proof of concepts.

 

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »