All analysis was performed in an isolated, air‑gapped environment with no access to production networks. | Attribute | Value | |-----------|-------| | Container format | RAR v5 (solid archive, password‑protected: yes/no ) | | Number of entries | <<COUNT>> | | Embedded files | List each entry (e.g., setup.exe , readme.txt , config.dat ). Include size and timestamps. | | Compression ratio | <<RATIO>> | | Password protection | Yes – password: <<PROVIDED OR NOT>> (if known) | | Suspicious artifacts | • Presence of executable(s) with mismatched extensions • Dropped DLLs or scripts (e.g., PowerShell, VBScript) • Encrypted payloads (e.g., .bin , .dat ) | 4. Static Analysis Findings | Item | Observation | Indicator | |------|-------------|-----------| | File header | Correct RAR signature ( 52 61 72 21 1A 07 00 ) | – | | Embedded executable(s) | setup.exe – PE32+ (64‑bit) with packer UPX / custom stub | YARA rule: packer_upx | | Strings | • “%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup” • “http://<malicious‑domain>.com/payload” • “crypt‑key‑” | IOC: http://<malicious‑domain>.com | | Resources | Icon with “?”, version info “File description: Installer” | – | | Certificates | Signed with self‑signed certificate – CN=Hibijyon Corp (expires 2025) | – | | Embedded scripts | install.vbs – creates scheduled task “Updater” | – | | Obfuscation | Base64‑encoded data block of ~12 KB in config.dat | – |
All suspicious indicators should be cross‑checked against threat‑intel feeds. | Behaviour | Description | Observed Artifacts | |-----------|-------------|--------------------| | Process creation | setup.exe spawns svchost.exe with hidden window | PID, command line | | File system | Writes to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\svc.exe | Persistence mechanism | | Registry | Adds HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svc → "C:\Users\<user>\AppData\Roaming\svc.exe" | Registry persistence | | Network | HTTP GET to http://<malicious‑domain>.com/api/key (TLS 1.2) DNS query for *.badhost.net | Destination IP: <<IP>> | | Encryption | Generates RSA‑2048 key pair; encrypts files in Documents folder, appends .hibi extension | Encrypted file sample: report.docx.hibi | | Ransom note | Drops README.txt containing ransom instructions (Bitcoin address <<BTC>> ) | – | | Anti‑analysis | Checks for debugger ( IsDebuggerPresent ), sleeps for 30 s if sandbox detected | – | hibijyon-SC-6.rar
Prepared for: <<INTENDED RECIPIENT / TEAM>> This report template is intended for use by authorized security personnel. Ensure that any analysis of potentially malicious samples is conducted within a properly isolated environment and in accordance with your organization’s policies and applicable laws. If you require deeper technical details (e.g., disassembly of the embedded PE, memory dump artefacts), please provide the relevant artefacts or request a full forensic investigation. All analysis was performed in an isolated, air‑gapped
If any behaviour was not observed, note “Not observed” to differentiate from “Not applicable.” | Type | Value | Source | |------|-------|--------| | File hash (SHA‑256) | <<INSERT>> | Static analysis | | File hash (MD5) | <<INSERT>> | Static analysis | | Malicious IP | <<IP>> | Network capture | | Domain | <malicious‑domain>.com | DNS query | | C2 URL | http://<malicious‑domain>.com/api/key | HTTP request | | Bitcoin address | <<BTC>> | Ransom note | | Registry key | HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svc | Runtime | | File path | %APPDATA%\svc.exe | Runtime | | Process name | svc.exe | Runtime | | | Compression ratio | <<RATIO>> | |
Please wait while we prepare your image
It appears that you have exhausted your credits for this month. That's ok, we'll spot you a few until your monthly subscription turns over. To get more credits before then, you might want to consider bumping your subscription to the next level. Otherwise, just wait until when you'll receive a new allotment for the month. If you still aren't satisfied, we would be happy to discuss your situation. Just call us during business hours at (xxx) xxx-xxxx.
Unfortunately you have spent your quota of credits for the month. To get more credits before then, you might want to consider bumping your subscription to the next level. Otherwise, just wait until when you'll receive a new allotment for the month. If you still aren't satisfied, we would be happy to discuss your situation. Just call us during business hours at (480) 967-6752.
As a subscriber you are allocated a set number of credits each month. By downloading imagery you will use one or more of your monthly credits. Topo downloads are included with your subscription and will not be subtracted from your credit allocation. To continue, simply click Ok, otherwise click Cancel.
Don't display this again
Note
Viewer Guide
We admit it, websites can be confusing. Especially sites as unique as Historic Aerials. If you haven't worked any mapping websites, operation might not be obvious to you. To help you scale this short (we hope) learning curve, we have compiled this list of common tasks. We also encourage you to explore. Move the mouse around and try clicking on things. Don't worry, you won't break anything.
Note that this is an interactive guide. You can keep it on the screen while you try our suggestions. To move this guide to the side of the screen, just click and drag the heading of the popup window to wherever you want it.
Let's get started!
Navigation
Chances are, you aren't interested in the area we present to you by default. If you chose not to block your location, the default area will be your current location, or more specifically, the location of your Internet provider. Otherwise, you will be dropped off in Tempe, Arizona where our headquarters is located.
To move the map, drag it by clicking and holding down the left mouse button (or only mouse button if on a Mac.) With the mouse button pressed over the map, move the mouse and the map will pan. Go ahead and try it now.
That's all well and good you say, but the world is a big place. Panning to Fargo, North Dakota from Yuma, Arizona might take awhile. There's an easier way... see that text box in the upper left of the viewer with the text 'geo coordinates or street address'? Click on that text box and type Fargo, North Dakota, then click the 'go' button to the right, or press the [Enter] key. Your map should now display with a center location in Fargo, North Dakota.
The text search box works for street addresses, cities, and even landmarks. Try searching for Mount Rushmore.
Zoom
On the upper left side of the viewer content area are the zoom controls, indicated by the plus (+) and minus (-) sign. To zoom in, click on the plus, to zoom out, click on the minus.
Aerials
Maps are used for orientation, and we don't deviate from their utility. However, you likely came here to view some historic aerial imagery, not to view maps, right?
To view the aerial view of the current map location, you need to select an aerial year to display. Click on the aerials button in the top left of the viewer. You should see a list of years pop out to the right. These are the years of aerial coverage that we currently have for the area indicated by center point of the map. To select a year, just click on the year you want to see. The current year will now display under the aerials button and within a couple seconds, the imagery for that year will replace the map.
To select another year, click on the aerials button again and select a different year. Note that you can pan around, or zoom like we did with the map.
Topographic Maps
Ready for this? You already know how to view topographic maps. That's right, it works just like the aerial selection. Just click on the topos button and select the year you wish to view.
Atlases
Like the aerials and topos selectors, the atlases will let you view additional historical representations of the viewing area. We have geo-referenced digitized versions of historic maps and property boundary documents. This is also where you can select the map layer if you so desire. Note that our atlas selection is rather scarce as we are currently working on this arduous task.
Compare
You may have noticed that only one 'layer' (whether that be an aerial, topo, or atlas) can be displayed at one time. To provide you with the ability to compare two different years (or layers,) you can use one of the compare utilities. To activate, click on the compare button.
You'll see four icons:
turn compare off
view specific area in circle
compare two layers side by side
set transparency between layers
Try clicking on the slider. Click on the compare button followed by the side-by-side option. On the right side of the screen a selector will appear similar to the left side. When you are comparing two layers, think right and left side.
The map is the default layer for both sides. Go ahead and select an aerial year on the right side that is different from the left. The slider on top of the viewing area allows you to move the demarcation line between the two layers.
To turn the compare tool off, click on the compare button on the left, and click on the X icon. Poof! The right layer and associated selectors disappear.
Overlays
Unfortunately, photography from the sky doesn't come with labels. In other words, counties, cities and roads are rarely obvious. To help you identify these man-made labels, we provide overlays. You have the option to view major roads, all roads, counties, and cities. Just click on the overlay button and select which overlays you want to view. To turn overlays off, click on the X icon at the top of the compare tools.
Measure Distance
Often times distance isn't obvious when you're looking at some particular layer. The measure tool lets you measure real distance between points, and even calculate the area of a polygon.
Click on the measure button on the left. A flyout dialog appears on the lower left of the viewer. Click on the icon left of the option to Create a new measurement. Further instruction will prompt you to add points on the layer by clicking. When you are finished adding points, click the finish option. Another dialog will appear with your measurement. You can leave the object on the screen or remove it by clicking on the delete option on the result dialog.
Like the other buttons on the left, clicking the measure button will toggle the measurement dialog on or off.
Ordering Digital Imagery and Prints
Looking at historical photos is certainly interesting, but what if you want a snapshot of an area unencumbered by watermarks? You can purchase imagery in the form of digital images (jpeg, png, or GeoTiff). Or you can purchase a printout of a selected area.
See that text at the top of your viewer area that reads, 'purchase image and/or print'? An arrow to the left of that text points to yet another button. If you have selected a layer other than 'map' you can click that button to make a selection within the viewable space.
After you click that button with the square, you'll see the center area of the viewer remain lighter while the outside area becomes darker. This lighter area is the selected area you want to purchase. To change the size of the selected square, click and drag on one of the four corner handles indicated by a small white square.
After you have positioned the viewer and selected the area you want, click on the 'Purchase Selection button now displayed at the top of the viewer. If you are a registered user, your selection will be added to your shopping cart where you can select your purchase options.
Did you get a 'Guest Order' page? That's because you aren't logged in as a registered user. That's okay, we'll save your work and direct you to the registration page. Registration is easy, and free!
What's next?
Hopefully you're feeling like a pro by now, effortlessly navigating our historic aerial imagery from coast to coast. As you continue using Historic Aerials we hope that confidence grows. Our only advice is to try stuff. By now hopefully you've discovered that action buttons have hints by just hovering your mouse over it. You may also notice advantages of a mouse wheel in changing the zoom level. These, along with other tips will become apparent as you use our product. When in doubt, give it a click, and see what happens!