From 6903a4ce8446a72192faa223caee2cf059960405 Mon Sep 17 00:00:00 2001
From: Bart P <bartblaze@gmail.com>
Date: Thu, 28 Dec 2023 13:07:10 +0100
Subject: [PATCH] Update PyInstaller.yar

---
 rules/generic/PyInstaller.yar | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/generic/PyInstaller.yar b/rules/generic/PyInstaller.yar
index ca9a037..37e4c06 100644
--- a/rules/generic/PyInstaller.yar
+++ b/rules/generic/PyInstaller.yar
@@ -9,13 +9,13 @@ rule PyInstaller
         version = "1.0"
         creation_date = "2020-01-01"
         first_imported = "2021-12-30"
-        last_modified = "2021-12-30"
+        last_modified = "2023-12-28"
         status = "RELEASED"
         sharing = "TLP:WHITE"
         source = "BARTBLAZE"
         author = "@bartblaze"
         description = "Identifies executable converted using PyInstaller."
-        category = "MALWARE"
+        category = "INFO"
 
     strings:
         $ = "pyi-windows-manifest-filename" ascii wide
@@ -24,4 +24,4 @@ rule PyInstaller
 
     condition:
         uint16(0)==0x5a4d and any of them or ( for any i in (0..pe.number_of_resources-1) : (pe.resources[i].type==pe.RESOURCE_TYPE_ICON and hash.md5(pe.resources[i].offset,pe.resources[i].length)=="20d36c0a435caad0ae75d3e5f474650c"))
-}
\ No newline at end of file
+}