Categories: Backdoor

Should I remove “Backdoor.Win32.Plite.bhts”?

The Backdoor.Win32.Plite.bhts is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Plite.bhts virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (4 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Unconventionial language used in binary resources: Korean
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Deletes its original binary from disk
A process attempted to delay the analysis task by a long amount of time.
Created a process from a suspicious location

How to determine Backdoor.Win32.Plite.bhts?


File Info:
name: 1EBA00E65C67F33754AF.mlwpath: /opt/CAPEv2/storage/binaries/cccc3f47dc6151a4bda0ea6ca0e8b894b9e67ea82b12b41ce7df860624316731crc32: BE1599FDmd5: 1eba00e65c67f33754af29ce90cb3ab0sha1: 3647e3627e97f8ee640bb26e9269363a1b8889a7sha256: cccc3f47dc6151a4bda0ea6ca0e8b894b9e67ea82b12b41ce7df860624316731sha512: 9a3fadbd616113daf8e21893a19d0a491406c139a40b88c27e26122e4e2a7bac43f8026dee0b0969b3f7dab84e64b2c58f91f1f64bc76e40ae02d7ee79051438ssdeep: 6144:O64g0RlXb4xNEmoS+R68AuSXBGuaVBt7QwIiZQEszTnZzf:F4g0RCXoSO43x+l7QLiaEyptype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T19F64F11297100558F3684B392E6AF8E049989E3E54D5F6AFF4BCBC3B683169359B700Fsha3_384: 44d1feeb78ebd103f150d76048ee837440129593f965cc9805dc7c632246bd3980eecf2f84318125280b9ea684760091ep_bytes: 60be006046008dbe00b0f9ff5789e58dtimestamp: 2013-10-05 10:52:28
Version Info:
0: [No Data]

Backdoor.Win32.Plite.bhts also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.AVKill.33294
ClamAV	Win.Trojan.Gupboot-3
FireEye	Generic.mg.1eba00e65c67f337
CAT-QuickHeal	Trojan.Gupboot.G.mue
Cylance	Unsafe
VIPRE	Trojan.Win32.Urelas.o (v)
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Spyware ( 00588d7d1 )
BitDefender	Gen:Heur.Mint.SP.Urelas.1
K7GW	Spyware ( 00588d7d1 )
Cybereason	malicious.65c67f
BitDefenderTheta	Gen:NN.ZexaF.34212.tmHfaepDn4aO
VirIT	Trojan.Win32.SHeur4.CBMB
Cyren	W32/Gupboot.B.gen!Eldorado
Symantec	Infostealer.Gampass
ESET-NOD32	a variant of Win32/Urelas.T
TrendMicro-HouseCall	TROJ_GUPBOOT_EJ13000F.UVPM
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Plite.bhts
NANO-Antivirus	Trojan.Win32.cndyab.eaawqp
MicroWorld-eScan	Gen:Heur.Mint.SP.Urelas.1
Rising	Trojan.Gupboot!1.9CEA (RDMK:cmRtazo8JsVfDBwKSvL13Qx8CgKm)
Ad-Aware	Gen:Heur.Mint.SP.Urelas.1
Sophos	ML/PE-A + Troj/Urelas-AA
Comodo	TrojWare.Win32.Urelas.P@555slg
Baidu	Win32.Trojan.Urelas.a
Zillya	Trojan.Swisyn.Win32.30683
TrendMicro	TROJ_GUPBOOT_EJ13000F.UVPM
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Emsisoft	Gen:Heur.Mint.SP.Urelas.1 (B)
GData	Win32.Trojan.Urelas.KLGTSP
Jiangmin	Trojan/Swisyn.wmu
Avira	TR/Spy.Gen2
MAX	malware (ai score=84)
SUPERAntiSpyware	Trojan.Agent/Gen-Gupboot
ZoneAlarm	Backdoor.Win32.Plite.bhts
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3	Backdoor/Win32.Plite.R238946
Acronis	suspicious
McAfee	Corrupt-JB!1EBA00E65C67
VBA32	BScope.Trojan.AVKill
Malwarebytes	Trojan.Urelas
Panda	Trj/Genetic.gen
APEX	Malicious
Tencent	Trojan.Win32.Urelas.16000132
Yandex	Trojan.GenAsa!YDlJxQj3pmE
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_91%
Fortinet	W32/Urelas.O!tr
AVG	Win32:Dropper-NGS [Drp]
Avast	Win32:Dropper-NGS [Drp]
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.121218.susgen