Darkcomet

DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

Modifies WinLogon for persistence

Disables Task Manager via registry modification

Drops file in Drivers directory

Executes dropped EXE

Modifies WinLogon to allow AutoLogon

Enables rebooting of the machine without requiring login credentials.

UPX packed file

Detects executables packed with UPX/modified UPX open source packer.