Categories: Backdoor

Backdoor.Win32.Plite.bhua removal guide

The Backdoor.Win32.Plite.bhua is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Plite.bhua virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes executed files from disk
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Plite.bhua?



File Info:

name: 947889ACDE09E1D00995.mlwpath: /opt/CAPEv2/storage/binaries/e60c1e3f1716fed9d97da00e8305c8d4e7c6ed9c244fa361edf634e1f043d940crc32: DDEE637Fmd5: 947889acde09e1d00995bd54d25c2b79sha1: 55a107c0550d95ac8d5382fbbbdce6c5b2948166sha256: e60c1e3f1716fed9d97da00e8305c8d4e7c6ed9c244fa361edf634e1f043d940sha512: 4123dcd644722327a7fa97fbb8bc257d5e5ba72244dde099572a48d5ff8824a018dbd937340ffa96badca5741a58a96f573a042e52a5ed5db28fb6eb91ffcc12ssdeep: 1536:Mt/oSlEjl40ed9Yh848kz/mLKxwrCoacC5usWjcdl6EWGRLCsx9:Mtgqvi9nMKxQbK5xl6EWGpCsx9type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T115C36C0077D18075D06A0B3008959B214A7EFD328AE59D6BB7C4628ECD746C5BE36FBBsha3_384: 4e2f6e1f6f9031273833ad88bbfaca81d03430bd132347651a88517f49b55cd093dbebdfc1d41235f14ee4161b55acb2ep_bytes: e8e35c0000e97ffeffff558bec5633f6timestamp: 2014-12-18 07:29:26

Version Info:

0: [No Data]

Backdoor.Win32.Plite.bhua also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Generic.m8Nw
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.61191394
ClamAV Win.Malware.Urelas-6717394-0
FireEye Generic.mg.947889acde09e1d0
CAT-QuickHeal Trojan.Mauvaise.SL1
McAfee PWS-FDJS!947889ACDE09
Cylance Unsafe
Zillya Backdoor.Plite.Win32.32704
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005946341 )
Alibaba Malware:Win32/Dorpal.ali1000029
K7GW Trojan ( 005946341 )
Cybereason malicious.cde09e
Baidu Win32.Trojan.Urelas.b
Cyren W32/S-07a5605a!Eldorado
Symantec Downloader
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Urelas.AE
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Backdoor.Win32.Plite.bhua
BitDefender Trojan.GenericKD.61191394
NANO-Antivirus Trojan.Win32.Agent.dmiepa
SUPERAntiSpyware Trojan.Agent/Gen-Urelas
Avast Win32:BackdoorX-gen [Trj]
Tencent Trojan.Win32.Urelas.16000161
Ad-Aware Trojan.GenericKD.61191394
Emsisoft Trojan.GenericKD.61191394 (B)
Comodo TrojWare.Win32.Urelas.SEE@5443e3
DrWeb BackDoor.Andromeda.888
VIPRE Trojan.GenericKD.61191394
TrendMicro TROJ_GEN.R002C0DJO22
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch
Trapmine malicious.high.ml.score
Sophos ML/PE-A + Troj/Urelas-Q
Ikarus Trojan.Win32.Urelas
GData Win32.Trojan.PSE.1B8NEZZ
Jiangmin Backdoor.Plite.oi
Avira BDS/Backdoor.Gen7
MAX malware (ai score=82)
Antiy-AVL Trojan/Generic.ASMalwS.2482
Arcabit Trojan.Generic.D3A5B4E2
Microsoft Trojan:Win32/Urelas.AA
Google Detected
AhnLab-V3 Trojan/Win32.Urelas.R128905
VBA32 SScope.Backdoor.Urelas.3114
ALYac Trojan.GenericKD.61191394
Malwarebytes Urelas.Spyware.Stealer.DDS
TrendMicro-HouseCall TROJ_GEN.R002C0DJO22
Rising Trojan.Urelas!1.BE13 (CLASSIC)
Yandex Trojan.GenAsa!k509nZCYe18
SentinelOne Static AI – Malicious PE
Fortinet W32/Urelas.U!tr
BitDefenderTheta Gen:NN.ZexaF.34754.hC1@ay4!t6hi
AVG Win32:BackdoorX-gen [Trj]
Panda Trj/Genetic.gen

How to remove Backdoor.Win32.Plite.bhua?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Win32.Plite.bhua
2 years ago

Recent Posts

Malware.AI.1486695788 (file analysis)

The Malware.AI.1486695788 is considered dangerous by lots of security experts. When this infection is active,…

2 mins ago

About “Malware.AI.3904210067” infection

The Malware.AI.3904210067 is considered dangerous by lots of security experts. When this infection is active,…

6 mins ago

Win32.Fignya.A information

The Win32.Fignya.A is considered dangerous by lots of security experts. When this infection is active,…

6 mins ago

Should I remove “HackTool:Win32/Pingsweep”?

The HackTool:Win32/Pingsweep is considered dangerous by lots of security experts. When this infection is active,…

11 mins ago

What is “MSIL/TrojanDownloader.Agent.GMQ”?

The MSIL/TrojanDownloader.Agent.GMQ is considered dangerous by lots of security experts. When this infection is active,…

12 mins ago

Trojan.Agent.VB.BEF (B) information

The Trojan.Agent.VB.BEF (B) is considered dangerous by lots of security experts. When this infection is…

32 mins ago