Rule contradiction

[Inndy]

rules/malware/TOOLKIT_Chinese_Hacktools.yar

Line 1693 in 76d87e8

uint16(0) == 0x5a4d and ( $x1 at 0 ) and filesize < 14KB and all of ($s*)

This rule will match nothing because of contradiction.

[Xumeiquer]

Totally agree, two different conditions at offset 0x0 cannot be never true.

[Xumeiquer]

This rule was created by https://github.com/Neo23x0 so it may be worth to ask him about it.