{
	"id": "b5c5bf44-e190-4165-a760-b50416376736",
	"created_at": "2026-04-06T00:17:40.902134Z",
	"updated_at": "2026-04-10T03:21:44.923384Z",
	"deleted_at": null,
	"sha1_hash": "d4c01b1f4cd98ae1b0173ab82db151d4b1e510dc",
	"title": "Static analysis of Goldenhelper Malware (Golden Tax malware)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 509409,
	"plain_text": "Static analysis of Goldenhelper Malware (Golden Tax malware)\r\nBy Adetomiwa\r\nPublished: 2022-03-04 · Archived: 2026-04-05 18:17:01 UTC\r\n“GoldenHelper” was discovered on July 14, 2020 embedded in Golden Tax Invoicing Software, an invoice issuing\r\nsoftware used by Chinese banks. This malware variant seems to have been active between January 2018 and July\r\n2019.\r\nPress enter or click to view image in full size\r\nFig 1.0: First bytes of malware sample\r\nPress enter or click to view image in full size\r\nhttps://tomiwa-xy.medium.com/static-analysis-of-goldenhelper-malware-golden-tax-malware-d9f85a88e74d\r\nPage 1 of 2\n\nFig 1.1: File header in PE studio\r\nThe following details were obtained from initial static analysis:\r\nFile-type: dynamic-link-library (.dll)\r\nCPU: 64-bit\r\nSubsystem: GUI\r\nCompiler-stamp: 0x5AB052C9 (Mon Mar 19 17:16:09 2018)\r\nDebugger-stamp: 0x5AB052C9 (Mon Mar 19 17:16:09 2018)\r\nFile-size: 126464 (bytes)\r\nHashes:\r\nmd5: 490D17A5B016F3ABC14CC57F955B49B3\r\nsha1: A1BB73F6581AB51457EB7160BE8EE4FB18916153\r\nsha256:A1AA0684813CFE9D7ED5C491C8AB132E5583B4FD02187FDAE8AA4D934D933F29\r\nFile path: F:\\DLL\\dll-client-0309\\x64\\Release\\SvcDll.pdb\r\nEmbedded Strings.\r\nPE Studio identified ~1870 strings, the following have been highlighted:\r\nThe following appear to be files that will be loaded during runtime\r\nhttp://%s/app/taxver[.]jpg\r\nhttp://%s/app/tps32[.]gif\r\nhttp://%s/data/msabs[.]dat\r\nhttp://%s/data/msabb[.]rar\r\nhttp://%s/data/tax32[.]zip…\r\nSource: https://tomiwa-xy.medium.com/static-analysis-of-goldenhelper-malware-golden-tax-malware-d9f85a88e74d\r\nhttps://tomiwa-xy.medium.com/static-analysis-of-goldenhelper-malware-golden-tax-malware-d9f85a88e74d\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://tomiwa-xy.medium.com/static-analysis-of-goldenhelper-malware-golden-tax-malware-d9f85a88e74d"
	],
	"report_names": [
		"static-analysis-of-goldenhelper-malware-golden-tax-malware-d9f85a88e74d"
	],
	"threat_actors": [],
	"ts_created_at": 1775434660,
	"ts_updated_at": 1775791304,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d4c01b1f4cd98ae1b0173ab82db151d4b1e510dc.pdf",
		"text": "https://archive.orkl.eu/d4c01b1f4cd98ae1b0173ab82db151d4b1e510dc.txt",
		"img": "https://archive.orkl.eu/d4c01b1f4cd98ae1b0173ab82db151d4b1e510dc.jpg"
	}
}