DarkKomet is a trojan that acts as a backdoor to infected machines. According to Kaspersky, the trojan is able to:
- Obtain information about the infected computer.
- Interpret commands from a remote attacker.
- Obtain a list of processes and open windows.
- Start and terminate processes
- Install and uninstall programs
- Modify system services
- Modify the system registry
- Run JS/VBS scripts from a remote source.
- Create, modify and delete files
- Save keystrokes, in an unencrypted format that is available locally, within %APPDATA%dclogs\YY-MM-DD.dc.
- Act as a SOCKS proxy server.
- Capture clipboard contents
- Send files to a remote FTP server.
- Backdoor.Win32.DarkKomet, Kaspersky Threats