Backdoor

Backdoor.Win32.Plite.bhuh removal instruction

Malware Removal

The Backdoor.Win32.Plite.bhuh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Plite.bhuh virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Plite.bhuh?


File Info:

name: FEBA308E830B6C94EF80.mlw
path: /opt/CAPEv2/storage/binaries/4f9e416df7e2ec12a173e419f300b61985af66e1929d460ad6108318b49941f5
crc32: E56183B9
md5: feba308e830b6c94ef804ccca06da496
sha1: 7c9dea60b3c7b11232ac3d0eb65d3b84a1a1ec97
sha256: 4f9e416df7e2ec12a173e419f300b61985af66e1929d460ad6108318b49941f5
sha512: 9e1b4cc0139716a2e38bea43fd10f77221e791e80e4e14198ae225dc95f45c599294ca1f45b91a3253f51789fc7daebc153ea70c716f970505dc0d1a5623d6fe
ssdeep: 1536:hiVlUPlfHeARjOsOAe2zBN7lE4U1sgzAom8JsuPIclSXsWjcdd6YGxjvnYX:wVlUPZRxfxE9Vs5cfdd6YGxMX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T181C36D00B6C58070E0B6023006959B21597DFD716BA99E9FB7C45D9ECA787C0BA31F7B
sha3_384: 6e0beea7d924b56822be85197c7e34e796465dd73226b08cda68d7b18220786eb75169346630d837ecba26400d805623
ep_bytes: e8e55c0000e97ffeffff558bec5633f6
timestamp: 2015-01-03 05:22:17

Version Info:

CompanyName: HYGSYGYDGW
FileDescription: Lophgdte
FileVersion: 1.0.0.1
InternalName: Nigdtre
LegalCopyright: Copyright (C) biydtfrer
OriginalFilename: Biohdgtre.exe
ProductName: VUSDRRWDTWD
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Backdoor.Win32.Plite.bhuh also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
ClamAVWin.Malware.Urelas-6717394-0
FireEyeGeneric.mg.feba308e830b6c94
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeePWS-FDJS!FEBA308E830B
CylanceUnsafe
VIPREGen:Heur.Mint.SP.Urelas.1
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 005946341 )
K7AntiVirusTrojan ( 005946341 )
BaiduWin32.Trojan.Urelas.b
CyrenW32/S-07a5605a!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Urelas.U
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Plite.bhuh
BitDefenderGen:Heur.Mint.SP.Urelas.1
NANO-AntivirusTrojan.Win32.Dwn.dhyuga
SUPERAntiSpywareTrojan.Agent/Gen-Urelas
AvastWin32:BackdoorX-gen [Trj]
RisingTrojan.Urelas!1.BE13 (CLASSIC)
Ad-AwareGen:Heur.Mint.SP.Urelas.1
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
ComodoTrojWare.Win32.Urelas.SEE@5443e3
DrWebTrojan.DownLoader11.30256
ZillyaTrojan.Urelas.Win32.42293
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.ch
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Troj/Urelas-Q
IkarusTrojan.Win32.Urelas
GDataWin32.Trojan.PSE.18NM1Y7
JiangminBackdoor.Plite.pl
AviraBDS/Backdoor.Gen7
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.51E9
ArcabitTrojan.Mint.SP.Urelas.1
ZoneAlarmBackdoor.Win32.Plite.bhuh
MicrosoftTrojan:Win32/Urelas.AA
GoogleDetected
AhnLab-V3Backdoor/Win.Plite.R508367
VBA32SScope.Backdoor.Urelas.3114
MalwarebytesUrelas.Spyware.Stealer.DDS
TencentTrojan.Win32.Urelas.16000161
YandexTrojan.GenAsa!k509nZCYe18
SentinelOneStatic AI – Suspicious PE
FortinetW32/Urelas.U!tr
BitDefenderThetaGen:NN.ZexaF.34754.hC1@a0K@e9ai
AVGWin32:BackdoorX-gen [Trj]
Cybereasonmalicious.e830b6
PandaTrj/Genetic.gen

How to remove Backdoor.Win32.Plite.bhuh?

Backdoor.Win32.Plite.bhuh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment