Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Chimera_strings
# strings from Chimera Core.dll
# extracted by: hasherezade
##
secp256k1
:HAA6
RIPEMD160
SHA1
SHA224
SHA256
SHA384
SHA512
id-at-commonName
Common Name
id-at-countryName
Country
id-at-locality
Locality
id-at-state
State
id-at-organizationName
Organization
id-at-organizationalUnitName
Org Unit
emailAddress
E-mail address
id-at-serialNumber
Serial number
serialNumber
id-at-postalAddress
Postal address
postalAddress
id-at-postalCode
Postal code
postalCode
id-at-surName
Surname
id-at-givenName
Given name
id-at-initials
Initials
initials
id-at-generationQualifier
Generation qualifier
generationQualifier
id-at-title
Title
title
id-at-dnQualifier
Distinguished Name qualifier
dnQualifier
id-at-pseudonym
Pseudonym
pseudonym
id-domainComponent
Domain component
id-at-uniqueIdentifier
Unique Identifier
uniqueIdentifier
md2WithRSAEncryption
RSA with MD2
md4WithRSAEncryption
RSA with MD4
md5WithRSAEncryption
RSA with MD5
sha-1WithRSAEncryption
RSA with SHA1
sha224WithRSAEncryption
RSA with SHA-224
sha256WithRSAEncryption
RSA with SHA-256
sha384WithRSAEncryption
RSA with SHA-384
sha512WithRSAEncryption
RSA with SHA-512
ecdsa-with-SHA1
ECDSA with SHA1
ecdsa-with-SHA224
ECDSA with SHA224
ecdsa-with-SHA256
ECDSA with SHA256
ecdsa-with-SHA384
ECDSA with SHA384
ecdsa-with-SHA512
ECDSA with SHA512
RSASSA-PSS
rsaEncryption
id-ecPublicKey
Generic EC key
id-ecDH
EC key for ECDH
secp192r1
secp224r1
secp256r1
secp384r1
secp521r1
secp192k1
secp224k1
brainpoolP256r1
brainpool256r1
brainpoolP384r1
brainpool384r1
brainpoolP512r1
brainpool512r1
id-md2
id-md4
id-md5
id-sha1
SHA-1
id-sha224
SHA-224
id-sha256
SHA-256
id-sha384
SHA-384
id-sha512
SHA-512
EC_DH
ECDSA
rsa.N
rsa.E
eckey.Q
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
95.165.168.168
158.222.211.81
object
version
/PyBitmessage:0.4.4/
verack
addr
"C:\Program Files\Internet Explorer\iexplore.exe" -k "%s"
%02X
{%08X-%04X-%04X-%04X-%08X%04X}
\Windows
\$Recycle.Bin
\Microsoft
\Mozilla Firefox
\Opera
\Internet Explorer
\Temp
\Local
\LocalLow
\Chrome
.txt
.doc
.docx
.docm
.odt
.ods
.odp
.odf
.odc
.odm
.odb
.rtf
.xlsm
.xlsb
.xlk
.xls
.xlsx
.pps
.ppt
.pptm
.pptx
.pub
.epub
.pdf
.jpg
.jpeg
.xml
.xsl
.wps
.cmf
.vbs
.accdb
.ini
.cdr
.svg
.conf
.config
.wb2
.msg
.azw
.azw1
.azw3
.azw4
.lit
.apnx
.mobi
.p12
.p7b
.p7c
.pfx
.pem
.cer
.key
.der
.mdb
.htm
.html
.class
.java
.asp
.aspx
.cgi
.php
.jsp
.bak
.dat
.pst
.eml
.xps
.sqllite
.sql
.jar
.wpd
.crt
.csv
.prf
.cnf
.indd
.number
.pages
.x3f
.srw
.pef
.raf
.orf
.nrw
.nef
.mrw
.mef
.kdc
.dcr
.crw
.eip
.fff
.iiq
.k25
.crwl
.bay
.sr2
.ari
.srf
.arw
.cr2
.raw
.rwl
.rw2
.r3d
.3fr
.eps
.pdd
.dng
.dxf
.dwg
.psd
.png
.jpe
.bmp
.gif
.tiff
.gfx
.jge
.tga
.jfif
.emf
.3dm
.3ds
.max
.obj
.a2c
.dds
.pspimage
.yuv
.3g2
.3gp
.asf
.asx
.mpg
.mpeg
.avi
.mov
.flv
.wma
.wmv
.ogg
.swf
.ptx
.ape
.aif
.wav
.ram
.m3u
.movie
.mp1
.mp2
.mp3
.mp4
.mp4v
.mpa
.mpe
.mpv2
.rpf
.vlc
.m4a
.aac
.aa3
.amr
.mkv
.dvd
.mts
.vob
.3ga
.m4v
.srt
.aepx
.camproj
.dash
.zip
.rar
.gzip
.vmdk
.mdf
.iso
.bin
.cue
.dbf
.erf
.dmg
.toast
.vcd
.ccd
.disc
.nrg
.nri
.cdi
<!--
Take advantage of our affiliate-program!
We offer you 50% of our profits.
You can reach us via the bitmessage address:
BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt
----------------------------------------------------
Profitieren Sie von unserem Affiliate-Programm!
Wir bieten Ihnen 50% der erzielten Gewinne.
Sie erreichen uns ueber die Bitmessage Adresse:
BM-2cW44Yq9DWbHYnRSfzBLVxvE6WjadchNBt
<html><head><meta http-equiv=content-type content="text/html; charset=utf-8"><title>Chimera&reg; Ransomware</title><link rel=stylesheet type=text/css href="http://fonts.googleapis.com/css?family=Audiowide"><style>body{font-family:'Courier New',Courier,monospace;font-size:14pt;color:#fff;background-color:#000;background-image:url(http://i.imgur.com/zHNCk2e.gif);background-repeat:repeat;background-position:center;background-attachment:fixed}table{margin:20px;font-size:18pt;font-weight:700}ul{list-style:none;display:inline;padding:0;margin:0;margin-left:690px}li{display:inline;padding:0;margin:0}.container{padding:25px;width:700px;border:dashed 1px #333;background-color:#000;color:#FFF}</style><script>var contentDE='Sie wurden Opfer der Chimera&reg; Malware. <font color="red">Ihre privaten Dateien wurden verschl&uuml;sselt und sind ohne eine spezielle Schl&uuml;sseldatei nicht wiederherstellbar.</font> M&ouml;glicherweise funktionieren einige Programme nicht mehr ordnungsgem&auml;&szlig;!<br/><br/>Hiermit werden Sie aufgefordert Bitcoins an die unten stehende Adresse zu transferieren, um Ihre pers&ouml;nliche Schl&uuml;sseldatei zu erhalten.<table><tr><td>Adresse:</td><td><font color="red" name="address">##address##</font></td></tr><tr><td align="right">Forderung:</td><td><font color="red" name="demand">##demand##</font><font color="red">&nbsp;Bitcoins</font></td></tr></table>Das Entschl&uuml;sselungsprogramm und weitere Informationen, die Sie zur Wiederherstellung Ihrer Dateien ben&ouml;tigen, werden auf der folgenden Webseite zur Verf&uuml;gung gestellt:<p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>Wenn Sie der Forderung nicht nachgehen, werden wir Ihre pers&ouml;nlichen Daten, Fotos und Videos in Verbindung mit Ihrem Namen im Internet ver&ouml;ffentlichen.<br/><br/>Sollten Sie &uuml;ber keine technische Innung verf&uuml;gen kontaktieren Sie bitte einen Techniker, der Ihnen best&auml;tigen kann, dass diese Forderung echt ist.';contentEN='You are victim of the Chimera&reg; malware. <font color="red">Your private files are encrypted and can not be restored without a special key file.</font> Maybe some programs no longer function properly!<br/><br/>Please transfer Bitcoins to the the following address to get your unique key file. <table><tr><td>Address:</td><td><font color="red" name="address">1HqoNfpAJFMy9E36DBSk1ktPQ9o9fn2RxX</font></td></tr><tr><td align="right">Amount:</td><td><font color="red" name="demand">0,93945085</font><font color="red">&nbsp;Bitcoins</font></td></tr></table>For the decryption programm and additional informations, please visit: <p style="font-weight: bold; font-size: 18pt;"><a href="https://mega.nz/#!TZIk1b6I!y7LBGdPeRfVhKOmwC0_MChcunxI5vslI2nlFOPU9ulI">https://mega.nz/ChimeraDecrypter</a></p>If you don\'t pay your private data, which include pictures and videos will be published on the internet in relation on your name.';affiliateDE="Profitieren Sie von unserem Affiliate-Programm!<br />Weitere Informationen im Quelltext dieser Datei.";affiliateEN="Take advantage of our affiliate-program!<br />More information in the source code of this file.";</script><body><center><br><font color=red size=7 style=font-family:Audiowide,serif>Chimera&reg; Ransomware</font><br><br><ul><li onclick=changeLanguage(&quot;en&quot;)><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/United%20Kingdom.png"></li><li onclick=changeLanguage(&quot;de&quot;)><img height=24 src="http://www.veryicon.com/icon/png/Flag/Flag%204/Germany.png"></li></ul><div class=container><center id=content></center></div><br><p id=affiliate style=font-size:11pt></p><br></center><script>function changeLanguage(e){userLang==e?(document.getElementById("content").innerHTML=contentDE,document.getElementById("affiliate").innerHTML=affiliateDE):(document.getElementById("content").innerHTML=contentEN,document.getElementById("affiliate").innerHTML=affiliateEN)}var userLang=navigator.language||navigator.userLanguage;changeLanguage(userLang);</script>
%s.crypt
\YOUR_FILES_ARE_ENCRYPTED.HTML
1,%s
0,%s
##demand##
##address##
%s\*
%s\%s
<none>
http://bot.whatismyipaddress.com/
0.0.0.0
Core.dll
_ReflectiveLoader@4
RSDS^
C:\Projects\Ransom\bin\Release\Core.pdb
WS2_32.dll
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
WININET.dll
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
ADVAPI32.dll
GetAdaptersInfo
IPHLPAPI.DLL
CloseHandle
GetSystemTimeAsFileTime
CreateThread
Sleep
GetLastError
WaitForSingleObject
CreateProcessA
DeleteFileA
lstrcpyA
lstrcatA
lstrlenA
CreateMutexA
GetWindowsDirectoryA
GetVolumeInformationA
GetFileSizeEx
WriteFile
ReadFile
FindClose
CreateEventA
GetLogicalDriveStringsA
GetDriveTypeA
CreateFileA
FindFirstFileA
FindNextFileA
MoveFileA
GetComputerNameA
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
KERNEL32.dll
wsprintfA
USER32.dll
ShellExecuteA
SHELL32.dll
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.