Backdoor

Backdoor.Win32.Plite.bhtm removal

Malware Removal

The Backdoor.Win32.Plite.bhtm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Win32.Plite.bhtm virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes executed files from disk
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Plite.bhtm?


File Info:

name: D2CF67C88B4E19E4BF22.mlw
path: /opt/CAPEv2/storage/binaries/f4c2eb1f80c013146ca5e7d8ce944992033a30ccd64a3da016e843ae11966700
crc32: EB224B46
md5: d2cf67c88b4e19e4bf2259161e98aa58
sha1: 3ee425cb3b8cb787456ce6fee5859179777f3b64
sha256: f4c2eb1f80c013146ca5e7d8ce944992033a30ccd64a3da016e843ae11966700
sha512: 4204c4ded07b154506ef0e5be57307d1bebd32d171bf4dfe431c183c11feab7e0b5caca2a7fe7acdf0d57b82b11af0c1c85d3ab9b30aa31adad5bd58c3414278
ssdeep: 1536:WBucKHs7K2HEG7BpoWiZBYHs977q+7INVdU2Aneb6RTVcz+3M0JG2W:4uchogM57bIL+eb6RTVa+3M0JGt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B34291172408431F3690B304955EAE54969BD3D1AE5E08FF3B87D3A6D322C3AA7726F
sha3_384: ed9aa4c2f56fceb639194b79d2fbcfbad4b2e0aec5c0e344312cca1c24c0a8a262210d7cb6af04869078e5752c4b7025
ep_bytes: e8314f0000e989feffff8bff558bec8b
timestamp: 2014-09-07 11:17:05

Version Info:

CompanyName: TODO:
FileDescription: TODO:
FileVersion: 1.0.0.1
InternalName: AppleDown.exe
LegalCopyright: Copyright (C) 2014
OriginalFilename: AppleDown.exe
ProductName: TODO:
ProductVersion: 1.0.0.1
Translation: 0x0412 0x04b0

Backdoor.Win32.Plite.bhtm also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.GenericCryptor.tqJq
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
ClamAVWin.Dropper.Tinba-9943147-2
FireEyeGeneric.mg.d2cf67c88b4e19e4
CAT-QuickHealTrojan.Beaugrit.17908
CylanceUnsafe
ZillyaBackdoor.Plite.Win32.1656
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 0052964f1 )
AlibabaMalware:Win32/Dorpal.ali1000029
K7GWTrojan ( 0052964f1 )
Cybereasonmalicious.88b4e1
BaiduWin32.Trojan.Urelas.a
CyrenW32/S-be2a1965!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Urelas.U
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Plite.bhtm
BitDefenderGen:Heur.Mint.SP.Urelas.1
NANO-AntivirusTrojan.Win32.Urelas.denlvn
AvastWin32:Kryptik-NJO [Trj]
TencentBackdoor.Win32.Plite.wc
Ad-AwareGen:Heur.Mint.SP.Urelas.1
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
ComodoTrojWare.Win32.Urelas.SH@5674sp
DrWebTrojan.DownLoader11.31199
VIPREGen:Heur.Mint.SP.Urelas.1
TrendMicroTROJ_GEN.R002C0CIJ22
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.dt
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Urelas-Q
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1PEIDY3
JiangminBackdoor.Plite.pv
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASCommon.177
ArcabitTrojan.Mint.SP.Urelas.1
MicrosoftTrojan:Win32/Urelas.AA
GoogleDetected
AhnLab-V3Trojan/Win32.Urelas.R118587
Acronissuspicious
McAfeeTrojan-Urelas!D2CF67C88B4E
MAXmalware (ai score=80)
VBA32SScope.Backdoor.Urelas.3114
MalwarebytesTrojan.Urelas
TrendMicro-HouseCallTROJ_GEN.R002C0CIJ22
RisingTrojan.Urelas!1.BB69 (CLASSIC)
YandexTrojan.GenAsa!qemc6uejemM
IkarusWorm.Win32.Vercuser
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Urelas.BN!tr
BitDefenderThetaGen:NN.ZexaF.34682.om2@a4uEL5dO
AVGWin32:Kryptik-NJO [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Plite.bhtm?

Backdoor.Win32.Plite.bhtm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment