Home > Trojan > Poweliks Trojan Delivered Through Spam Emails

Poweliks Trojan Delivered Through Spam Emails

Poweliks Trojan Delivered Through Spam Emails
Experts report that the number of computers infected with Poweliks Trojan has been growing recently. The primary distribution technique at the moment is through spam, but the cyber criminals are using other methods as well.

Details on the Poweliks Trojan

Poweliks Trojan is quite difficult to detect because it is not stored on the compromised machine as a file. This particular piece of malware is being located in a registry subkey in the system’s memory. Once executed, Poweliks creates registry entries with commands that check if the affected computer has PowerShell or .NET frameworks. In case it doesn’t, the Trojan downloads the installers directly from the Web. Then, Poweliks decrypts a PowerShell script from its JavaScript, which is encrypted. The Powershell script is needed to execute a binary program that establishes a connection with the following remote locations:


This allows the attackers to send commands to the compromised machine. After it connects the victimized PC to the C&C server, the Trojan will delete the binary.

Poweliks Trojan Delivered via Spam Emails

Researchers with Symantec report that the latest infections are mostly distributed via spam emails that claim to be sent by the Postal Service in the US or Canada. The victim is presented with detailed information about a missed package delivery. The scam email has a Microsoft Word document attached which contains the Trojan.

The Poweliks Trojan was first detected by a researcher with GData in July this year.

Other Distribution Methods

Reportedly, the Poweliks Trojan can also be delivered through exploit kits. The French researcher Kafeine has spotted Poweliks being delivered to the targeted system by Anger Exploit Kit in September 2014. In this particular sample, the malware is eliminated the next time the computer is started, because there are no registry keys that would allow it to start along with the operating system.

Remove Poweliks Trojan automatically with Spy Hunter Malware – Removal Tool.

Clean your computer with the award-winning software Spy Hunter!
It is highly recommended to run a FREE scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share