Backdoor

Backdoor.Win32.Plite.bhuz removal

Malware Removal

The Backdoor.Win32.Plite.bhuz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Plite.bhuz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • A process attempted to delay the analysis task by a long amount of time.
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Plite.bhuz?



File Info:

name: 10812A61DE677615C531.mlw
path: /opt/CAPEv2/storage/binaries/35280a5835f836c7840dd73fa3a45dce3019850dc39221e38099a6ce1c974d11
crc32: 0B7C2814
md5: 10812a61de677615c531d805b73fa09c
sha1: e226ae11bc5a44b9493e6823418c0bf1410f604d
sha256: 35280a5835f836c7840dd73fa3a45dce3019850dc39221e38099a6ce1c974d11
sha512: a9cc0e5e69f8bb857af647b51f0311f4f7bd050c638c23b25444edb171c67a636aa58c07d7625769297c5978c2323a059f2593a4c33ede0ef519a5a5b5e32546
ssdeep: 6144:HUUSk86b4QrgGoOjUehELd37yDzKMDl8SlnetsWWlqtGL+p/:HRH86bngSjUSExsdl8aeCWWAoLa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EE54F00226000C98F74D4B70A613FAE485868D7D19D4F14FF93CBD3A68B61A79AB716F
sha3_384: 68757252b4e03ac22fc6985a7d23786baf1ebd8d71fd112085375b6d306e00ff3d2c807a26cd713fce33684242918ffa
ep_bytes: b8608c49005064ff3500000000648925
timestamp: 2013-09-15 03:34:47


Version Info:

0: [No Data]

Backdoor.Win32.Plite.bhuz also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
FireEyeGeneric.mg.10812a61de677615
CAT-QuickHealTrojan.Gupboot.G.mue
McAfeeGenericRXAA-AA!10812A61DE67
CylanceUnsafe
ZillyaTrojan.Urelas.Win32.1091
SangforSuspicious.Win32.Save.a
K7AntiVirusBackdoor ( 0053e8561 )
K7GWBackdoor ( 0053e8561 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan.Urelas.a
VirITTrojan.Win32.AVKill.BWWB
CyrenW32/Coxy.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.S
APEXMalicious
ClamAVWin.Trojan.Agent-1173614
KasperskyBackdoor.Win32.Plite.bhuz
BitDefenderGen:Heur.Mint.SP.Urelas.1
NANO-AntivirusTrojan.Win32.Plite.eizuzf
AvastWin32:BackdoorX-gen [Trj]
TencentTrojan.Win32.Urelas.16000132
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
ComodoTrojWare.Win32.Small.NAF@531prv
DrWebTrojan.AVKill.33021
VIPRETrojan.Win32.Generic!BT
TrendMicroBKDR_GUPBOOT.SM
McAfee-GW-EditionBehavesLike.Win32.Corrupt.dc
SophosML/PE-A + Troj/Urelas-AA
JiangminBackdoor.Generic.zuw
AviraBDS/Backdoor.Gen7
Antiy-AVLTrojan[Backdoor]/Win32.Plite
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmBackdoor.Win32.Plite.bhuz
GDataGen:Heur.Mint.SP.Urelas.1
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Plite.R82799
BitDefenderThetaGen:NN.ZexaF.34182.smXfaiHr6cdO
MAXmalware (ai score=88)
VBA32BScope.Trojan.AVKill
MalwarebytesMalware.AI.3471141186
TrendMicro-HouseCallBKDR_GUPBOOT.SM
RisingBackdoor.Plite!8.2D6 (CLOUD)
YandexTrojan.GenAsa!kAtCupF5d6E
SentinelOneStatic AI – Malicious PE
FortinetW32/Urelas.O!tr
AVGWin32:BackdoorX-gen [Trj]
Cybereasonmalicious.1de677
PandaTrj/Genetic.gen

How to remove Backdoor.Win32.Plite.bhuz?

Backdoor.Win32.Plite.bhuz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment