hasherezade/Chimera_strings.txt

## Chimera_strings.txt
# strings from Chimera Core.dll
# extracted by: hasherezade
##

secp256k1
:HAA6
RIPEMD160
SHA1
SHA224
SHA256
SHA384
SHA512
id-at-commonName
Common Name
id-at-countryName
Country
id-at-locality
Locality
id-at-state
State
id-at-organizationName
Organization
id-at-organizationalUnitName
Org Unit
emailAddress
E-mail address
id-at-serialNumber
Serial number
serialNumber
id-at-postalAddress
Postal address
postalAddress
id-at-postalCode
Postal code
postalCode
id-at-surName
Surname
id-at-givenName
Given name
id-at-initials
Initials
initials
id-at-generationQualifier
Generation qualifier
generationQualifier
id-at-title
Title
title
id-at-dnQualifier
Distinguished Name qualifier
dnQualifier
id-at-pseudonym
Pseudonym
pseudonym
id-domainComponent
Domain component
id-at-uniqueIdentifier
Unique Identifier
uniqueIdentifier
md2WithRSAEncryption
RSA with MD2
md4WithRSAEncryption
RSA with MD4
md5WithRSAEncryption
RSA with MD5
sha-1WithRSAEncryption
RSA with SHA1
sha224WithRSAEncryption
RSA with SHA-224
sha256WithRSAEncryption
RSA with SHA-256
sha384WithRSAEncryption
RSA with SHA-384
sha512WithRSAEncryption
RSA with SHA-512
ecdsa-with-SHA1
ECDSA with SHA1
ecdsa-with-SHA224
ECDSA with SHA224
ecdsa-with-SHA256
ECDSA with SHA256
ecdsa-with-SHA384
ECDSA with SHA384
ecdsa-with-SHA512
ECDSA with SHA512
RSASSA-PSS
rsaEncryption
id-ecPublicKey
Generic EC key
id-ecDH
EC key for ECDH
secp192r1
secp224r1
secp256r1
secp384r1
secp521r1
secp192k1
secp224k1
brainpoolP256r1
brainpool256r1
brainpoolP384r1
brainpool384r1
brainpoolP512r1
brainpool512r1
id-md2
id-md4
id-md5
id-sha1
SHA-1
id-sha224
SHA-224
id-sha256
SHA-256
id-sha384
SHA-384
id-sha512
SHA-512
EC_DH
ECDSA
rsa.N
rsa.E
eckey.Q
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
95.165.168.168
158.222.211.81
object
version
/PyBitmessage:0.4.4/
verack
addr
"C:\Program Files\Internet Explorer\iexplore.exe" -k "%s"
%02X
{%08X-%04X-%04X-%04X-%08X%04X}
\Windows
\$Recycle.Bin
\Microsoft
\Mozilla Firefox
\Opera
\Internet Explorer
\Temp
\Local
\LocalLow
\Chrome
.txt
.doc
.docx
.docm
.odt
.ods
.odp
.odf
.odc
.odm
.odb
.rtf
.xlsm
.xlsb
.xlk
.xls
.xlsx
.pps
.ppt
.pptm
.pptx
.pub
.epub
.pdf
.jpg
.jpeg
.xml
.xsl
.wps
.cmf
.vbs
.accdb
.ini
.cdr
.svg
.conf
.config
.wb2
.msg
.azw
.azw1
.azw3
.azw4
.lit
.apnx
.mobi
.p12
.p7b
.p7c
.pfx
.pem
.cer
.key
.der
.mdb
.htm
.html
.class
.java
.asp
.aspx
.cgi
.php
.jsp
.bak
.dat
.pst
.eml
.xps
.sqllite
.sql
.jar
.wpd
.crt
.csv
.prf
.cnf
.indd
.number
.pages
.x3f
.srw
.pef
.raf
.orf
.nrw
.nef
.mrw
.mef
.kdc
.dcr
.crw
.eip
.fff
.iiq
.k25
.crwl
.bay
.sr2
.ari
.srf
.arw
.cr2
.raw
.rwl
.rw2
.r3d
.3fr
.eps
.pdd
.dng
.dxf
.dwg
.psd
.png
.jpe
.bmp
.gif
.tiff
.gfx
.jge
.tga
.jfif
.emf
.3dm
.3ds
.max
.obj
.a2c
.dds
.pspimage
.yuv
.3g2
.3gp
.asf
.asx
.mpg
.mpeg
.avi
.mov
.flv
.wma
.wmv
.ogg
.swf
.ptx
.ape
.aif
.wav
.ram
.m3u
.movie
.mp1
.mp2
.mp3
.mp4
.mp4v
.mpa
.mpe
.mpv2
.rpf
.vlc
.m4a
.aac
.aa3
.amr
.mkv
.dvd
.mts
.vob
.3ga
.m4v
.srt
.aepx
.camproj
.dash
.zip
.rar
.gzip
.vmdk
.mdf
.iso
.bin
.cue
.dbf
.erf
.dmg
.toast
.vcd
.ccd
.disc
.nrg
.nri
.cdi
<!--
Take advantage of our affiliate-program!
We offer you 50% of our profits.
You can reach us via the bitmessage address:
BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt
----------------------------------------------------
Profitieren Sie von unserem Affiliate-Programm!
Wir bieten Ihnen 50% der erzielten Gewinne.
Sie erreichen uns ueber die Bitmessage Adresse:
BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt
<html><head><meta http-equiv=content-type content="text/html; charset=utf-8"><title>Chimera&reg; Ransomware</title><link rel=stylesheet type=text/css href="http://fonts.googleapis.com/css?family=Audiowide"><style>body{font-family:'Courier New',Courier,monospace;font-size:14pt;color:#fff;background-color:#000;background-image:url(http://i.imgur.com/zHNCk2e.gif);background-repeat:repeat;background-position:center;background-attachment:fixed}table{margin:20px;font-size:18pt;font-weight:700}ul{list-style:none;display:inline;padding:0;margin:0;margin-left:690px}li{display:inline;padding:0;margin:0}.container{padding:25px;width:700px;border:dashed 1px #333;background-color:#000;color:#FFF}</style><script>var contentDE='Sie wurden Opfer der Chimera&reg; Malware. <font color="red">Ihre privaten Dateien wurden verschl&uuml;sselt und sind ohne eine spezielle Schl&uuml;sseldatei nicht wiederherstellbar.</font> M&ouml;glicherweise funktionieren einige Programme nicht mehr ordnungsgem&auml;&szlig;!<br/><br/>Hiermit werden Sie aufgefordert Bitcoins an die unten stehende Adresse zu transferieren, um Ihre pers&ouml;nliche Schl&uuml;sseldatei zu erhalten.<table><tr><td>Adresse:</td><td><font color="red" name="address">##address##</font></td></tr><tr><td align="right">Forderung:</td><td><font color="red" name="demand">##demand##</font><font color="red">&nbsp;Bitcoins</font></td></tr></table>Das Entschl&uuml;sselungsprogramm und weitere Informationen, die Sie zur Wiederherstellung Ihrer Dateien ben&ouml;tigen, werden auf der folgenden Webseite zur Verf&uuml;gung gestellt:<p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>Wenn Sie der Forderung nicht nachgehen, werden wir Ihre pers&ouml;nlichen Daten, Fotos und Videos in Verbindung mit Ihrem Namen im Internet ver&ouml;ffentlichen.<br/><br/>Sollten Sie &uuml;ber keine technische Innung verf&uuml;gen kontaktieren Sie bitte einen Techniker, der Ihnen best&auml;tigen kann, dass diese Forderung echt ist.';contentEN='You are victim of the Chimera&reg; malware. <font color="red">Your private files are encrypted and can not be restored without a special key file.</font> Maybe some programs no longer function properly!<br/><br/>Please transfer Bitcoins to the the following address to get your unique key file. <table><tr><td>Address:</td><td><font color="red" name="address">1HqoNfpAJFMy9E36DBSk1ktPQ9o9fn2RxX</font></td></tr><tr><td align="right">Amount:</td><td><font color="red" name="demand">0,93945085</font><font color="red">&nbsp;Bitcoins</font></td></tr></table>For the decryption programm and additional informations, please visit: <p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>If you don\'t pay your private data, which include pictures and videos will be published on the internet in relation on your name.';affiliateDE="Profitieren Sie von unserem Affiliate-Programm!<br />Weitere Informationen im Quelltext dieser Datei.";affiliateEN="Take advantage of our affiliate-program!<br />More information in the source code of this file.";</script><body><center><br><font color=red size=7 style=font-family:Audiowide,serif>Chimera&reg; Ransomware</font><br><br><ul><li onclick=changeLanguage(&quot;en&quot;)><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/United%20Kingdom.png"></li><li onclick=changeLanguage(&quot;de&quot;)><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/Germany.png"></li></ul><div class=container><center id=content></center></div><br><p id=affiliate style=font-size:11pt></p><br></center><script>function changeLanguage(e){userLang==e?(document.getElementById("content").innerHTML=contentDE,document.getElementById("affiliate").innerHTML=affiliateDE):(document.getElementById("content").innerHTML=contentEN,document.getElementById("affiliate").innerHTML=affiliateEN)}var userLang=navigator.language||navigator.userLanguage;changeLanguage(userLang);</script>
%s.crypt
\YOUR_FILES_ARE_ENCRYPTED.HTML
1,%s
0,%s
##demand##
##address##
%s\*
%s\%s
<none>
http://bot.whatismyipaddress.com/
0.0.0.0
Core.dll
_ReflectiveLoader@4
RSDS^
C:\Projects\Ransom\bin\Release\Core.pdb
WS2_32.dll
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
WININET.dll
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
ADVAPI32.dll
GetAdaptersInfo
IPHLPAPI.DLL
CloseHandle
GetSystemTimeAsFileTime
CreateThread
Sleep
GetLastError
WaitForSingleObject
CreateProcessA
DeleteFileA
lstrcpyA
lstrcatA
lstrlenA
CreateMutexA
GetWindowsDirectoryA
GetVolumeInformationA
GetFileSizeEx
WriteFile
ReadFile
FindClose
CreateEventA
GetLogicalDriveStringsA
GetDriveTypeA
CreateFileA
FindFirstFileA
FindNextFileA
MoveFileA
GetComputerNameA
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
KERNEL32.dll
wsprintfA
USER32.dll
ShellExecuteA
SHELL32.dll
	# strings from Chimera Core.dll
	# extracted by: hasherezade
	##

	secp256k1
	:HAA6
	RIPEMD160
	SHA1
	SHA224
	SHA256
	SHA384
	SHA512
	id-at-commonName
	Common Name
	id-at-countryName
	Country
	id-at-locality
	Locality
	id-at-state
	State
	id-at-organizationName
	Organization
	id-at-organizationalUnitName
	Org Unit
	emailAddress
	E-mail address
	id-at-serialNumber
	Serial number
	serialNumber
	id-at-postalAddress
	Postal address
	postalAddress
	id-at-postalCode
	Postal code
	postalCode
	id-at-surName
	Surname
	id-at-givenName
	Given name
	id-at-initials
	Initials
	initials
	id-at-generationQualifier
	Generation qualifier
	generationQualifier
	id-at-title
	Title
	title
	id-at-dnQualifier
	Distinguished Name qualifier
	dnQualifier
	id-at-pseudonym
	Pseudonym
	pseudonym
	id-domainComponent
	Domain component
	id-at-uniqueIdentifier
	Unique Identifier
	uniqueIdentifier
	md2WithRSAEncryption
	RSA with MD2
	md4WithRSAEncryption
	RSA with MD4
	md5WithRSAEncryption
	RSA with MD5
	sha-1WithRSAEncryption
	RSA with SHA1
	sha224WithRSAEncryption
	RSA with SHA-224
	sha256WithRSAEncryption
	RSA with SHA-256
	sha384WithRSAEncryption
	RSA with SHA-384
	sha512WithRSAEncryption
	RSA with SHA-512
	ecdsa-with-SHA1
	ECDSA with SHA1
	ecdsa-with-SHA224
	ECDSA with SHA224
	ecdsa-with-SHA256
	ECDSA with SHA256
	ecdsa-with-SHA384
	ECDSA with SHA384
	ecdsa-with-SHA512
	ECDSA with SHA512
	RSASSA-PSS
	rsaEncryption
	id-ecPublicKey
	Generic EC key
	id-ecDH
	EC key for ECDH
	secp192r1
	secp224r1
	secp256r1
	secp384r1
	secp521r1
	secp192k1
	secp224k1
	brainpoolP256r1
	brainpool256r1
	brainpoolP384r1
	brainpool384r1
	brainpoolP512r1
	brainpool512r1
	id-md2
	id-md4
	id-md5
	id-sha1
	SHA-1
	id-sha224
	SHA-224
	id-sha256
	SHA-256
	id-sha384
	SHA-384
	id-sha512
	SHA-512
	EC_DH
	ECDSA
	rsa.N
	rsa.E
	eckey.Q
	123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
	95.165.168.168
	158.222.211.81
	object
	version
	/PyBitmessage:0.4.4/
	verack
	addr
	"C:\Program Files\Internet Explorer\iexplore.exe" -k "%s"
	%02X
	{%08X-%04X-%04X-%04X-%08X%04X}
	\Windows
	\$Recycle.Bin
	\Microsoft
	\Mozilla Firefox
	\Opera
	\Internet Explorer
	\Temp
	\Local
	\LocalLow
	\Chrome
	.txt
	.doc
	.docx
	.docm
	.odt
	.ods
	.odp
	.odf
	.odc
	.odm
	.odb
	.rtf
	.xlsm
	.xlsb
	.xlk
	.xls
	.xlsx
	.pps
	.ppt
	.pptm
	.pptx
	.pub
	.epub
	.pdf
	.jpg
	.jpeg
	.xml
	.xsl
	.wps
	.cmf
	.vbs
	.accdb
	.ini
	.cdr
	.svg
	.conf
	.config
	.wb2
	.msg
	.azw
	.azw1
	.azw3
	.azw4
	.lit
	.apnx
	.mobi
	.p12
	.p7b
	.p7c
	.pfx
	.pem
	.cer
	.key
	.der
	.mdb
	.htm
	.html
	.class
	.java
	.asp
	.aspx
	.cgi
	.php
	.jsp
	.bak
	.dat
	.pst
	.eml
	.xps
	.sqllite
	.sql
	.jar
	.wpd
	.crt
	.csv
	.prf
	.cnf
	.indd
	.number
	.pages
	.x3f
	.srw
	.pef
	.raf
	.orf
	.nrw
	.nef
	.mrw
	.mef
	.kdc
	.dcr
	.crw
	.eip
	.fff
	.iiq
	.k25
	.crwl
	.bay
	.sr2
	.ari
	.srf
	.arw
	.cr2
	.raw
	.rwl
	.rw2
	.r3d
	.3fr
	.eps
	.pdd
	.dng
	.dxf
	.dwg
	.psd
	.png
	.jpe
	.bmp
	.gif
	.tiff
	.gfx
	.jge
	.tga
	.jfif
	.emf
	.3dm
	.3ds
	.max
	.obj
	.a2c
	.dds
	.pspimage
	.yuv
	.3g2
	.3gp
	.asf
	.asx
	.mpg
	.mpeg
	.avi
	.mov
	.flv
	.wma
	.wmv
	.ogg
	.swf
	.ptx
	.ape
	.aif
	.wav
	.ram
	.m3u
	.movie
	.mp1
	.mp2
	.mp3
	.mp4
	.mp4v
	.mpa
	.mpe
	.mpv2
	.rpf
	.vlc
	.m4a
	.aac
	.aa3
	.amr
	.mkv
	.dvd
	.mts
	.vob
	.3ga
	.m4v
	.srt
	.aepx
	.camproj
	.dash
	.zip
	.rar
	.gzip
	.vmdk
	.mdf
	.iso
	.bin
	.cue
	.dbf
	.erf
	.dmg
	.toast
	.vcd
	.ccd
	.disc
	.nrg
	.nri
	.cdi
	<!--
	Take advantage of our affiliate-program!
	We offer you 50% of our profits.
	You can reach us via the bitmessage address:
	BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt
	----------------------------------------------------
	Profitieren Sie von unserem Affiliate-Programm!
	Wir bieten Ihnen 50% der erzielten Gewinne.
	Sie erreichen uns ueber die Bitmessage Adresse:
	BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt
	<html><head><meta http-equiv=content-type content="text/html; charset=utf-8"><title>Chimera® Ransomware</title><link rel=stylesheet type=text/css href="http://fonts.googleapis.com/css?family=Audiowide"><style>body{font-family:'Courier New',Courier,monospace;font-size:14pt;color:#fff;background-color:#000;background-image:url(http://i.imgur.com/zHNCk2e.gif);background-repeat:repeat;background-position:center;background-attachment:fixed}table{margin:20px;font-size:18pt;font-weight:700}ul{list-style:none;display:inline;padding:0;margin:0;margin-left:690px}li{display:inline;padding:0;margin:0}.container{padding:25px;width:700px;border:dashed 1px #333;background-color:#000;color:#FFF}</style><script>var contentDE='Sie wurden Opfer der Chimera® Malware. <font color="red">Ihre privaten Dateien wurden verschlüsselt und sind ohne eine spezielle Schlüsseldatei nicht wiederherstellbar.</font> Möglicherweise funktionieren einige Programme nicht mehr ordnungsgemäß!<br/><br/>Hiermit werden Sie aufgefordert Bitcoins an die unten stehende Adresse zu transferieren, um Ihre persönliche Schlüsseldatei zu erhalten.<table><tr><td>Adresse:</td><td><font color="red" name="address">##address##</font></td></tr><tr><td align="right">Forderung:</td><td><font color="red" name="demand">##demand##</font><font color="red"> Bitcoins</font></td></tr></table>Das Entschlüsselungsprogramm und weitere Informationen, die Sie zur Wiederherstellung Ihrer Dateien benötigen, werden auf der folgenden Webseite zur Verfügung gestellt:<p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>Wenn Sie der Forderung nicht nachgehen, werden wir Ihre persönlichen Daten, Fotos und Videos in Verbindung mit Ihrem Namen im Internet veröffentlichen.<br/><br/>Sollten Sie über keine technische Innung verfügen kontaktieren Sie bitte einen Techniker, der Ihnen bestätigen kann, dass diese Forderung echt ist.';contentEN='You are victim of the Chimera® malware. <font color="red">Your private files are encrypted and can not be restored without a special key file.</font> Maybe some programs no longer function properly!<br/><br/>Please transfer Bitcoins to the the following address to get your unique key file. <table><tr><td>Address:</td><td><font color="red" name="address">1HqoNfpAJFMy9E36DBSk1ktPQ9o9fn2RxX</font></td></tr><tr><td align="right">Amount:</td><td><font color="red" name="demand">0,93945085</font><font color="red"> Bitcoins</font></td></tr></table>For the decryption programm and additional informations, please visit: <p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>If you don\'t pay your private data, which include pictures and videos will be published on the internet in relation on your name.';affiliateDE="Profitieren Sie von unserem Affiliate-Programm!<br />Weitere Informationen im Quelltext dieser Datei.";affiliateEN="Take advantage of our affiliate-program!<br />More information in the source code of this file.";</script><body><center><br><font color=red size=7 style=font-family:Audiowide,serif>Chimera® Ransomware</font><br><br><ul><li onclick=changeLanguage("en")><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/United%20Kingdom.png"></li><li onclick=changeLanguage("de")><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/Germany.png"></li></ul><div class=container><center id=content></center></div><br><p id=affiliate style=font-size:11pt></p><br></center><script>function changeLanguage(e){userLang==e?(document.getElementById("content").innerHTML=contentDE,document.getElementById("affiliate").innerHTML=affiliateDE):(document.getElementById("content").innerHTML=contentEN,document.getElementById("affiliate").innerHTML=affiliateEN)}var userLang=navigator.language\|\|navigator.userLanguage;changeLanguage(userLang);</script>
	%s.crypt
	\YOUR_FILES_ARE_ENCRYPTED.HTML
	1,%s
	0,%s
	##demand##
	##address##
	%s\*
	%s\%s
	<none>
	http://bot.whatismyipaddress.com/
	0.0.0.0
	Core.dll
	_ReflectiveLoader@4
	RSDS^
	C:\Projects\Ransom\bin\Release\Core.pdb
	WS2_32.dll
	InternetOpenA
	InternetCloseHandle
	InternetOpenUrlA
	InternetReadFile
	WININET.dll
	CryptAcquireContextA
	CryptReleaseContext
	CryptGenRandom
	ADVAPI32.dll
	GetAdaptersInfo
	IPHLPAPI.DLL
	CloseHandle
	GetSystemTimeAsFileTime
	CreateThread
	Sleep
	GetLastError
	WaitForSingleObject
	CreateProcessA
	DeleteFileA
	lstrcpyA
	lstrcatA
	lstrlenA
	CreateMutexA
	GetWindowsDirectoryA
	GetVolumeInformationA
	GetFileSizeEx
	WriteFile
	ReadFile
	FindClose
	CreateEventA
	GetLogicalDriveStringsA
	GetDriveTypeA
	CreateFileA
	FindFirstFileA
	FindNextFileA
	MoveFileA
	GetComputerNameA
	HeapAlloc
	HeapReAlloc
	GetProcessHeap
	HeapFree
	KERNEL32.dll
	wsprintfA
	USER32.dll
	ShellExecuteA
	SHELL32.dll