DarkKomet is a trojan on Microsoft Windows that acts as a backdoor to infected machines. According to Kaspersky, the trojan is able to:

  • Obtain information about the infected computer.
  • Interpret commands from a remote attacker.
  • Obtain a list of processes and open windows.
  • Start and terminate processes
  • Install and uninstall programs
  • Modify system services
  • Modify the system registry
  • Run JS/VBS scripts from a remote source.
  • Create, modify and delete files
  • Save keystrokes, in an unencrypted format that is available locally, within %APPDATA%dclogs\YY-MM-DD.dc.
  • Act as a SOCKS proxy server.
  • Capture clipboard contents
  • Send files to a remote FTP server.