Users login

Create an account »

JOIN XATRIX

Users login

Home » Technical Papers» Dissecting the Dyre Loader » Introduction, Dyre Loader by Jason Reaves on December 31, 2015

Introduction


The Dyre banking trojan has evolved significantly since it's emergence in June of 2014 and, while it was by no means considered simple for it0s time it has definitely grown in its capabilities. While some groups and bankers out there use more advanced techniques and tools any banking trojan has the goal of stealing enough information while utilizing enough tools in its arsenal to ultimately perform fraud against the institutions it is targeting. I would consider the Dyre of today to be among the more advanced forms of malware in the area of banking trojans. In this report we go through the loader used by Dyre, a loader is simply a program used to load various other things(code, other programs, DLLs, etc.).

Dyre Loader


The loader first performs a simple check on the number of processors in the system which appears to be targeting sandboxes(Figure ??). This check was added around April 2015.

Next the loader begins decrypting the dll and function names that it will need. Each step the loader takes will be outlined in this paper.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »