Created
December 4, 2015 15:39
-
-
Save hasherezade/ceef1c2fed2c70f37d6e to your computer and use it in GitHub Desktop.
Chimera_strings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# strings from Chimera Core.dll | |
# extracted by: hasherezade | |
## | |
secp256k1 | |
:HAA6 | |
RIPEMD160 | |
SHA1 | |
SHA224 | |
SHA256 | |
SHA384 | |
SHA512 | |
id-at-commonName | |
Common Name | |
id-at-countryName | |
Country | |
id-at-locality | |
Locality | |
id-at-state | |
State | |
id-at-organizationName | |
Organization | |
id-at-organizationalUnitName | |
Org Unit | |
emailAddress | |
E-mail address | |
id-at-serialNumber | |
Serial number | |
serialNumber | |
id-at-postalAddress | |
Postal address | |
postalAddress | |
id-at-postalCode | |
Postal code | |
postalCode | |
id-at-surName | |
Surname | |
id-at-givenName | |
Given name | |
id-at-initials | |
Initials | |
initials | |
id-at-generationQualifier | |
Generation qualifier | |
generationQualifier | |
id-at-title | |
Title | |
title | |
id-at-dnQualifier | |
Distinguished Name qualifier | |
dnQualifier | |
id-at-pseudonym | |
Pseudonym | |
pseudonym | |
id-domainComponent | |
Domain component | |
id-at-uniqueIdentifier | |
Unique Identifier | |
uniqueIdentifier | |
md2WithRSAEncryption | |
RSA with MD2 | |
md4WithRSAEncryption | |
RSA with MD4 | |
md5WithRSAEncryption | |
RSA with MD5 | |
sha-1WithRSAEncryption | |
RSA with SHA1 | |
sha224WithRSAEncryption | |
RSA with SHA-224 | |
sha256WithRSAEncryption | |
RSA with SHA-256 | |
sha384WithRSAEncryption | |
RSA with SHA-384 | |
sha512WithRSAEncryption | |
RSA with SHA-512 | |
ecdsa-with-SHA1 | |
ECDSA with SHA1 | |
ecdsa-with-SHA224 | |
ECDSA with SHA224 | |
ecdsa-with-SHA256 | |
ECDSA with SHA256 | |
ecdsa-with-SHA384 | |
ECDSA with SHA384 | |
ecdsa-with-SHA512 | |
ECDSA with SHA512 | |
RSASSA-PSS | |
rsaEncryption | |
id-ecPublicKey | |
Generic EC key | |
id-ecDH | |
EC key for ECDH | |
secp192r1 | |
secp224r1 | |
secp256r1 | |
secp384r1 | |
secp521r1 | |
secp192k1 | |
secp224k1 | |
brainpoolP256r1 | |
brainpool256r1 | |
brainpoolP384r1 | |
brainpool384r1 | |
brainpoolP512r1 | |
brainpool512r1 | |
id-md2 | |
id-md4 | |
id-md5 | |
id-sha1 | |
SHA-1 | |
id-sha224 | |
SHA-224 | |
id-sha256 | |
SHA-256 | |
id-sha384 | |
SHA-384 | |
id-sha512 | |
SHA-512 | |
EC_DH | |
ECDSA | |
rsa.N | |
rsa.E | |
eckey.Q | |
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz | |
95.165.168.168 | |
158.222.211.81 | |
object | |
version | |
/PyBitmessage:0.4.4/ | |
verack | |
addr | |
"C:\Program Files\Internet Explorer\iexplore.exe" -k "%s" | |
%02X | |
{%08X-%04X-%04X-%04X-%08X%04X} | |
\Windows | |
\$Recycle.Bin | |
\Microsoft | |
\Mozilla Firefox | |
\Opera | |
\Internet Explorer | |
\Temp | |
\Local | |
\LocalLow | |
\Chrome | |
.txt | |
.doc | |
.docx | |
.docm | |
.odt | |
.ods | |
.odp | |
.odf | |
.odc | |
.odm | |
.odb | |
.rtf | |
.xlsm | |
.xlsb | |
.xlk | |
.xls | |
.xlsx | |
.pps | |
.ppt | |
.pptm | |
.pptx | |
.pub | |
.epub | |
.jpg | |
.jpeg | |
.xml | |
.xsl | |
.wps | |
.cmf | |
.vbs | |
.accdb | |
.ini | |
.cdr | |
.svg | |
.conf | |
.config | |
.wb2 | |
.msg | |
.azw | |
.azw1 | |
.azw3 | |
.azw4 | |
.lit | |
.apnx | |
.mobi | |
.p12 | |
.p7b | |
.p7c | |
.pfx | |
.pem | |
.cer | |
.key | |
.der | |
.mdb | |
.htm | |
.html | |
.class | |
.java | |
.asp | |
.aspx | |
.cgi | |
.php | |
.jsp | |
.bak | |
.dat | |
.pst | |
.eml | |
.xps | |
.sqllite | |
.sql | |
.jar | |
.wpd | |
.crt | |
.csv | |
.prf | |
.cnf | |
.indd | |
.number | |
.pages | |
.x3f | |
.srw | |
.pef | |
.raf | |
.orf | |
.nrw | |
.nef | |
.mrw | |
.mef | |
.kdc | |
.dcr | |
.crw | |
.eip | |
.fff | |
.iiq | |
.k25 | |
.crwl | |
.bay | |
.sr2 | |
.ari | |
.srf | |
.arw | |
.cr2 | |
.raw | |
.rwl | |
.rw2 | |
.r3d | |
.3fr | |
.eps | |
.pdd | |
.dng | |
.dxf | |
.dwg | |
.psd | |
.png | |
.jpe | |
.bmp | |
.gif | |
.tiff | |
.gfx | |
.jge | |
.tga | |
.jfif | |
.emf | |
.3dm | |
.3ds | |
.max | |
.obj | |
.a2c | |
.dds | |
.pspimage | |
.yuv | |
.3g2 | |
.3gp | |
.asf | |
.asx | |
.mpg | |
.mpeg | |
.avi | |
.mov | |
.flv | |
.wma | |
.wmv | |
.ogg | |
.swf | |
.ptx | |
.ape | |
.aif | |
.wav | |
.ram | |
.m3u | |
.movie | |
.mp1 | |
.mp2 | |
.mp3 | |
.mp4 | |
.mp4v | |
.mpa | |
.mpe | |
.mpv2 | |
.rpf | |
.vlc | |
.m4a | |
.aac | |
.aa3 | |
.amr | |
.mkv | |
.dvd | |
.mts | |
.vob | |
.3ga | |
.m4v | |
.srt | |
.aepx | |
.camproj | |
.dash | |
.zip | |
.rar | |
.gzip | |
.vmdk | |
.mdf | |
.iso | |
.bin | |
.cue | |
.dbf | |
.erf | |
.dmg | |
.toast | |
.vcd | |
.ccd | |
.disc | |
.nrg | |
.nri | |
.cdi | |
<!-- | |
Take advantage of our affiliate-program! | |
We offer you 50% of our profits. | |
You can reach us via the bitmessage address: | |
BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt | |
---------------------------------------------------- | |
Profitieren Sie von unserem Affiliate-Programm! | |
Wir bieten Ihnen 50% der erzielten Gewinne. | |
Sie erreichen uns ueber die Bitmessage Adresse: | |
BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt | |
<html><head><meta http-equiv=content-type content="text/html; charset=utf-8"><title>Chimera® Ransomware</title><link rel=stylesheet type=text/css href="http://fonts.googleapis.com/css?family=Audiowide"><style>body{font-family:'Courier New',Courier,monospace;font-size:14pt;color:#fff;background-color:#000;background-image:url(http://i.imgur.com/zHNCk2e.gif);background-repeat:repeat;background-position:center;background-attachment:fixed}table{margin:20px;font-size:18pt;font-weight:700}ul{list-style:none;display:inline;padding:0;margin:0;margin-left:690px}li{display:inline;padding:0;margin:0}.container{padding:25px;width:700px;border:dashed 1px #333;background-color:#000;color:#FFF}</style><script>var contentDE='Sie wurden Opfer der Chimera® Malware. <font color="red">Ihre privaten Dateien wurden verschlüsselt und sind ohne eine spezielle Schlüsseldatei nicht wiederherstellbar.</font> Möglicherweise funktionieren einige Programme nicht mehr ordnungsgemäß!<br/><br/>Hiermit werden Sie aufgefordert Bitcoins an die unten stehende Adresse zu transferieren, um Ihre persönliche Schlüsseldatei zu erhalten.<table><tr><td>Adresse:</td><td><font color="red" name="address">##address##</font></td></tr><tr><td align="right">Forderung:</td><td><font color="red" name="demand">##demand##</font><font color="red"> Bitcoins</font></td></tr></table>Das Entschlüsselungsprogramm und weitere Informationen, die Sie zur Wiederherstellung Ihrer Dateien benötigen, werden auf der folgenden Webseite zur Verfügung gestellt:<p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>Wenn Sie der Forderung nicht nachgehen, werden wir Ihre persönlichen Daten, Fotos und Videos in Verbindung mit Ihrem Namen im Internet veröffentlichen.<br/><br/>Sollten Sie über keine technische Innung verfügen kontaktieren Sie bitte einen Techniker, der Ihnen bestätigen kann, dass diese Forderung echt ist.';contentEN='You are victim of the Chimera® malware. <font color="red">Your private files are encrypted and can not be restored without a special key file.</font> Maybe some programs no longer function properly!<br/><br/>Please transfer Bitcoins to the the following address to get your unique key file. <table><tr><td>Address:</td><td><font color="red" name="address">1HqoNfpAJFMy9E36DBSk1ktPQ9o9fn2RxX</font></td></tr><tr><td align="right">Amount:</td><td><font color="red" name="demand">0,93945085</font><font color="red"> Bitcoins</font></td></tr></table>For the decryption programm and additional informations, please visit: <p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>If you don\'t pay your private data, which include pictures and videos will be published on the internet in relation on your name.';affiliateDE="Profitieren Sie von unserem Affiliate-Programm!<br />Weitere Informationen im Quelltext dieser Datei.";affiliateEN="Take advantage of our affiliate-program!<br />More information in the source code of this file.";</script><body><center><br><font color=red size=7 style=font-family:Audiowide,serif>Chimera® Ransomware</font><br><br><ul><li onclick=changeLanguage("en")><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/United%20Kingdom.png"></li><li onclick=changeLanguage("de")><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/Germany.png"></li></ul><div class=container><center id=content></center></div><br><p id=affiliate style=font-size:11pt></p><br></center><script>function changeLanguage(e){userLang==e?(document.getElementById("content").innerHTML=contentDE,document.getElementById("affiliate").innerHTML=affiliateDE):(document.getElementById("content").innerHTML=contentEN,document.getElementById("affiliate").innerHTML=affiliateEN)}var userLang=navigator.language||navigator.userLanguage;changeLanguage(userLang);</script> | |
%s.crypt | |
\YOUR_FILES_ARE_ENCRYPTED.HTML | |
1,%s | |
0,%s | |
##demand## | |
##address## | |
%s\* | |
%s\%s | |
<none> | |
http://bot.whatismyipaddress.com/ | |
0.0.0.0 | |
Core.dll | |
_ReflectiveLoader@4 | |
RSDS^ | |
C:\Projects\Ransom\bin\Release\Core.pdb | |
WS2_32.dll | |
InternetOpenA | |
InternetCloseHandle | |
InternetOpenUrlA | |
InternetReadFile | |
WININET.dll | |
CryptAcquireContextA | |
CryptReleaseContext | |
CryptGenRandom | |
ADVAPI32.dll | |
GetAdaptersInfo | |
IPHLPAPI.DLL | |
CloseHandle | |
GetSystemTimeAsFileTime | |
CreateThread | |
Sleep | |
GetLastError | |
WaitForSingleObject | |
CreateProcessA | |
DeleteFileA | |
lstrcpyA | |
lstrcatA | |
lstrlenA | |
CreateMutexA | |
GetWindowsDirectoryA | |
GetVolumeInformationA | |
GetFileSizeEx | |
WriteFile | |
ReadFile | |
FindClose | |
CreateEventA | |
GetLogicalDriveStringsA | |
GetDriveTypeA | |
CreateFileA | |
FindFirstFileA | |
FindNextFileA | |
MoveFileA | |
GetComputerNameA | |
HeapAlloc | |
HeapReAlloc | |
GetProcessHeap | |
HeapFree | |
KERNEL32.dll | |
wsprintfA | |
USER32.dll | |
ShellExecuteA | |
SHELL32.dll |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment