Update PyInstaller.yar

bartblaze · Dec 28, 2023 · 6903a4c · 6903a4c
1 parent f8a9597
commit 6903a4c
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/rules/generic/PyInstaller.yar b/rules/generic/PyInstaller.yar
@@ -9,13 +9,13 @@ rule PyInstaller
         version = "1.0"
         creation_date = "2020-01-01"
         first_imported = "2021-12-30"
-        last_modified = "2021-12-30"
+        last_modified = "2023-12-28"
         status = "RELEASED"
         sharing = "TLP:WHITE"
         source = "BARTBLAZE"
         author = "@bartblaze"
         description = "Identifies executable converted using PyInstaller."
-        category = "MALWARE"
+        category = "INFO"
 
     strings:
         $ = "pyi-windows-manifest-filename" ascii wide
@@ -24,4 +24,4 @@ rule PyInstaller
 
     condition:
         uint16(0)==0x5a4d and any of them or ( for any i in (0..pe.number_of_resources-1) : (pe.resources[i].type==pe.RESOURCE_TYPE_ICON and hash.md5(pe.resources[i].offset,pe.resources[i].length)=="20d36c0a435caad0ae75d3e5f474650c"))
-}
+}