Backdoor

Backdoor.Win32.Plite.bhua removal guide

Malware Removal

The Backdoor.Win32.Plite.bhua is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Plite.bhua virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes executed files from disk
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Plite.bhua?


File Info:

name: 947889ACDE09E1D00995.mlw
path: /opt/CAPEv2/storage/binaries/e60c1e3f1716fed9d97da00e8305c8d4e7c6ed9c244fa361edf634e1f043d940
crc32: DDEE637F
md5: 947889acde09e1d00995bd54d25c2b79
sha1: 55a107c0550d95ac8d5382fbbbdce6c5b2948166
sha256: e60c1e3f1716fed9d97da00e8305c8d4e7c6ed9c244fa361edf634e1f043d940
sha512: 4123dcd644722327a7fa97fbb8bc257d5e5ba72244dde099572a48d5ff8824a018dbd937340ffa96badca5741a58a96f573a042e52a5ed5db28fb6eb91ffcc12
ssdeep: 1536:Mt/oSlEjl40ed9Yh848kz/mLKxwrCoacC5usWjcdl6EWGRLCsx9:Mtgqvi9nMKxQbK5xl6EWGpCsx9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T115C36C0077D18075D06A0B3008959B214A7EFD328AE59D6BB7C4628ECD746C5BE36FBB
sha3_384: 4e2f6e1f6f9031273833ad88bbfaca81d03430bd132347651a88517f49b55cd093dbebdfc1d41235f14ee4161b55acb2
ep_bytes: e8e35c0000e97ffeffff558bec5633f6
timestamp: 2014-12-18 07:29:26

Version Info:

0: [No Data]

Backdoor.Win32.Plite.bhua also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.m8Nw
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.61191394
ClamAVWin.Malware.Urelas-6717394-0
FireEyeGeneric.mg.947889acde09e1d0
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeePWS-FDJS!947889ACDE09
CylanceUnsafe
ZillyaBackdoor.Plite.Win32.32704
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005946341 )
AlibabaMalware:Win32/Dorpal.ali1000029
K7GWTrojan ( 005946341 )
Cybereasonmalicious.cde09e
BaiduWin32.Trojan.Urelas.b
CyrenW32/S-07a5605a!Eldorado
SymantecDownloader
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Urelas.AE
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Plite.bhua
BitDefenderTrojan.GenericKD.61191394
NANO-AntivirusTrojan.Win32.Agent.dmiepa
SUPERAntiSpywareTrojan.Agent/Gen-Urelas
AvastWin32:BackdoorX-gen [Trj]
TencentTrojan.Win32.Urelas.16000161
Ad-AwareTrojan.GenericKD.61191394
EmsisoftTrojan.GenericKD.61191394 (B)
ComodoTrojWare.Win32.Urelas.SEE@5443e3
DrWebBackDoor.Andromeda.888
VIPRETrojan.GenericKD.61191394
TrendMicroTROJ_GEN.R002C0DJO22
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.ch
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Urelas-Q
IkarusTrojan.Win32.Urelas
GDataWin32.Trojan.PSE.1B8NEZZ
JiangminBackdoor.Plite.oi
AviraBDS/Backdoor.Gen7
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.2482
ArcabitTrojan.Generic.D3A5B4E2
MicrosoftTrojan:Win32/Urelas.AA
GoogleDetected
AhnLab-V3Trojan/Win32.Urelas.R128905
VBA32SScope.Backdoor.Urelas.3114
ALYacTrojan.GenericKD.61191394
MalwarebytesUrelas.Spyware.Stealer.DDS
TrendMicro-HouseCallTROJ_GEN.R002C0DJO22
RisingTrojan.Urelas!1.BE13 (CLASSIC)
YandexTrojan.GenAsa!k509nZCYe18
SentinelOneStatic AI – Malicious PE
FortinetW32/Urelas.U!tr
BitDefenderThetaGen:NN.ZexaF.34754.hC1@ay4!t6hi
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/Genetic.gen

How to remove Backdoor.Win32.Plite.bhua?

Backdoor.Win32.Plite.bhua removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment