DarkKomet is a trojan on Microsoft Windows that acts as a backdoor to infected machines. According to Kaspersky, the trojan is able to:

  • Obtain information about the infected computer.
  • Interpret commands from a remote attacker.
  • Obtain a list of processes and open windows.
  • Start and terminate processes
  • Install and uninstall programs
  • Modify system services
  • Modify the system registry
  • Run JS/VBS scripts from a remote source.
  • Create, modify and delete files
  • Save keystrokes, in an unencrypted format that is available locally, within %APPDATA%dclogs\YY-MM-DD.dc.
  • Act as a SOCKS proxy server.
  • Capture clipboard contents
  • Send files to a remote FTP server.


DarkComet allows a user to control the system with a Graphical User Interface (GUI). It has many features which allows a user to use it as administrative remote help tool. DarkComet has many features which can be used maliciously. DarkComet is commonly used to spy on victims by taking screen captures, key-logging, or password stealing.