Backdoor

Backdoor.Win32.Plite.bhuv removal guide

Malware Removal

The Backdoor.Win32.Plite.bhuv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Plite.bhuv virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location

How to determine Backdoor.Win32.Plite.bhuv?



File Info:

name: 20B0A63205D533E7183B.mlw
path: /opt/CAPEv2/storage/binaries/992c14bef9ae1d2e8c8774ebb8c1527ede8022a55635b1c7dea9ae780db78484
crc32: E080D8F7
md5: 20b0a63205d533e7183b4a7e2c2afa22
sha1: 11d8f9686c79229eaf451f42bcddd53cd394c389
sha256: 992c14bef9ae1d2e8c8774ebb8c1527ede8022a55635b1c7dea9ae780db78484
sha512: 2f8fa639e995b3df821ed336072a0ff51546a9701d3a971cf8e979e502aeee3cde1172314ed8dd78968fea49333ac17c0d280c14e57954187f9ff893a3e3b70e
ssdeep: 3072:1HuEwR712EBM6FzCSYTWj5Yw7j68tX76KcuBw2:1HuXRZdBMaYTOYc68B2L2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F6F3061176408432F3690B305955EAF10969BC3D19E5E18FF2B8BE3A6E312C39A7725F
sha3_384: 03a059bebb70339b2d7de2281dbc1b79ddc83f1481eb27b3e42ce3942146623fbddfd5cf64cbf9265566c48b72199b09
ep_bytes: e8314f0000e989feffff8bff558bec8b
timestamp: 2015-04-24 06:44:03


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
InternalName: GUP.exe
LegalCopyright: Copyright (C) 2015
OriginalFilename: GUP.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0412 0x04b0

Backdoor.Win32.Plite.bhuv also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.GenericCryptor.tqJq
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
FireEyeGeneric.mg.20b0a63205d533e7
CAT-QuickHealTrojan.GenericPMF.S23753132
CylanceUnsafe
VIPRETrojan.Win32.Urelas.ab (v)
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 004952aa1 )
BitDefenderGen:Heur.Mint.SP.Urelas.1
K7GWTrojan ( 004952aa1 )
Cybereasonmalicious.205d53
BitDefenderThetaGen:NN.ZexaF.34182.ku1@ae1c0SnO
VirITTrojan.Win32.Dnldr13.GUT
CyrenW32/Urelas.T.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.AE
BaiduWin32.Trojan.Urelas.b
APEXMalicious
KasperskyBackdoor.Win32.Plite.bhuv
AlibabaMalware:Win32/Dorpal.ali1000029
NANO-AntivirusTrojan.Win32.Dwn.drcuqv
RisingTrojan.Urelas!1.BE13 (CLOUD)
Ad-AwareGen:Heur.Mint.SP.Urelas.1
SophosMal/Generic-R + Troj/Urelas-Q
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.DownLoader13.4595
ZillyaTrojan.Urelas.Win32.41980
TrendMicroTROJ_GEN.R002C0DAV22
McAfee-GW-EditionBehavesLike.Win32.CoinMiner.cm
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
IkarusTrojan.Win32.Urelas
JiangminBackdoor.Generic.ably
MaxSecureTrojan.Malware.121218.susgen
AviraBDS/Backdoor.Gen7
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.1075B6E
MicrosoftTrojan:Win32/Urelas.AA
SUPERAntiSpywareTrojan.Agent/Gen-Urelas
GDataWin32.Trojan.PSE.133VG1Z
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win.Plite.R445095
Acronissuspicious
McAfeeGenericRXFE-ON!20B0A63205D5
VBA32SScope.Backdoor.Urelas.3114
MalwarebytesTrojan.Urelas
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DAV22
TencentBackdoor.Win32.Plite.hc
YandexBackdoor.Plite!Pb/HuLQiL6E
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_68%
FortinetW32/Urelas.U!tr
AVGWin32:Kryptik-NJO [Trj]
AvastWin32:Kryptik-NJO [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Plite.bhuv?

Backdoor.Win32.Plite.bhuv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment