Backdoor

Backdoor.Win32.Plite.bhtr removal

Malware Removal

The Backdoor.Win32.Plite.bhtr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Plite.bhtr virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Plite.bhtr?



File Info:

name: 18212B6FC3CF12B90230.mlw
path: /opt/CAPEv2/storage/binaries/5f5c48f608fd1c049fd6be9dbe7b5620775523ec01962008ed68fea18b2068a1
crc32: 1A1144C0
md5: 18212b6fc3cf12b90230e52b5daf3847
sha1: 44f2023c85e61c623a4f8e474c23e1ba74502f44
sha256: 5f5c48f608fd1c049fd6be9dbe7b5620775523ec01962008ed68fea18b2068a1
sha512: e6aae00a6a6f3b54d52892e5c7d512f405873c0aa7c76b13cf830474d49af6ef6d679a3be382f1b2d52781881f9a0b0924de70f8a0493c1d66dc69431e668c21
ssdeep: 1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTfzv:eADA0Wc7UJ6LZMaHLW65DE8pxW7v
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19604D41166008471F3590B315916FAE049A9AD3D1AE8F98FF7787E3A6D322C39A7314F
sha3_384: 37ed8cdfdc82be75887ab3c332288372da37f98301a9e0e078900144095e3d23979053421da129d07651f120aeeec39a
ep_bytes: e819520000e979feffff8bff558bec8b
timestamp: 2014-07-05 10:49:27


Version Info:

0: [No Data]

Backdoor.Win32.Plite.bhtr also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
CAT-QuickHealTrojan.Beaugrit.14262
McAfeePWS-FBQQ!18212B6FC3CF
CylanceUnsafe
ZillyaBackdoor.Plite.Win32.940
SangforVirus.Win32.Save.a
K7AntiVirusBackdoor ( 0053e8561 )
K7GWBackdoor ( 0053e8561 )
Cybereasonmalicious.fc3cf1
BitDefenderThetaGen:NN.ZexaF.34294.kyX@aCjijzbi
CyrenW32/Urelas.T.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.U
BaiduWin32.Trojan.Urelas.a
ClamAVWin.Malware.Urelas-6717394-0
KasperskyBackdoor.Win32.Plite.bhtr
BitDefenderGen:Heur.Mint.SP.Urelas.1
NANO-AntivirusTrojan.Win32.Urelas.dafmdl
SUPERAntiSpywareTrojan.Agent/Gen-Urelas
AvastWin32:BackdoorX-gen [Trj]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Heur.Mint.SP.Urelas.1
SophosML/PE-A + Troj/Urelas-Q
ComodoTrojWare.Win32.Urelas.SH@5674sp
DrWebBackDoor.Golf.196
VIPRETrojan.Win32.Urelas.ab (v)
McAfee-GW-EditionBehavesLike.Win32.Generic.cm
SentinelOneStatic AI – Malicious PE
FireEyeGeneric.mg.18212b6fc3cf12b9
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
APEXMalicious
GDataWin32.Trojan.PSE.1BSN4LX
JiangminTrojan/GenericCryptor.bt
eGambitUnsafe.AI_Score_93%
AviraBDS/Backdoor.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.27BAC68
MicrosoftTrojan:Win32/Urelas.AA
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win.Generic.R423417
Acronissuspicious
VBA32SScope.Backdoor.Urelas.3114
MAXmalware (ai score=83)
MalwarebytesMalware.AI.1287747036
RisingTrojan.Urelas!1.BE13 (CLASSIC)
YandexTrojan.GenAsa!O7ZmhanjR8Q
IkarusTrojan.Win32.Beaugrit
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Urelas.U!tr
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor.Win32.Plite.bhtr?

Backdoor.Win32.Plite.bhtr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment