Dyre/Dyreza Trojan

Dyre/Dyreza Trojan Description

Type: Trojan

The Dyreza Trojan is a banker Trojan that is used to take money and login credentials from the victims' bank accounts. One of the reasons why the Dyreza Trojan became interesting to PC security analysts is because the Dyreza Trojan can bypass the SSL mechanism, undermining this basic online security protection measure. The Dyreza Trojan may collect the financial credentials and then send them to the attacker in a remote location in plain text. The Dyreza Trojan also has RAT (Remote Access Trojan) capabilities, letting outsiders control the affected computer from a remote location. The Dyreza Trojan allows ill-minded persons to intercept encrypted traffic by routing the connection through domains belonging to the attackers.

The Dyreza Trojan may Cause Serious Damage to a Computer User's Finances

The Dyreza Trojan, also known as Dyre, uses a method known as browser hooking to interrupt online traffic and route it directly to servers that are controlled by the attackers. Using browser hooking, people may collect information without the victim being aware that the data is being tracked on or intercepted. On the side of the victim, the session seems to continue uninterrupted through HTTPS, despite being routed to a third party automatically. As soon as the Dyreza Trojan infects a computer, the Dyreza Trojan establishes a connection with various IP addresses and requests access to a 'publickey' directory, whose purpose is currently unknown. The Dyreza Trojan uses the established connection to receive commands from the remote server and to relay information about the infected computer's settings and operating system.

Using the Dyreza Trojan, third parties may capture traffic from the affected Web browser. Every time the victim carries out a task on the affected Web browser, the Dyreza Trojan sends the information to the attacker as well, allowing other persons to gain access to data or command the infected PC from an outside location. Through the use of the Dyreza Trojan, other people may see when the victim enters a secure address or password in plain text, with the main target of these attacks being online banking and financial websites. The true danger of the Dyreza Trojan is that the victim is never aware that their information is being intercepted.


11 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Fortinet W32/Upatre.HN!tr
Ikarus Trojan.Inject
Panda Trj/Genetic.gen
AhnLab-V3 Trojan/Win32.Waski
Microsoft PWS:Win32/Dyzap
Sophos Troj/Dyreza-BD
McAfee-GW-Edition BehavesLike.Win32.Backdoor.gc
Kaspersky Trojan.Win32.Staser.gv
Symantec Infostealer.Dyranges
McAfee Upatre-FAAJ!97388A31E2E3

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Dyre/Dyreza Trojan

File System Details

Dyre/Dyreza Trojan creates the following file(s):
# File Name MD5 Detection Count
1 smAyGCtgdvpVECw.exe 97388a31e2e36b2bef2984e40e23f2f1 5
2 UVbvibqIfsBOGcD.exe b25cafa85213d906bee856a841dbae02 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.