From e808fb867eee66901631207daa51927b202bed8f Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 5 May 2020 19:47:48 +0200
Subject: [PATCH] fix: FPs with rule on memory

---
 vendor/yara/airbnb_binaryalert.yar | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vendor/yara/airbnb_binaryalert.yar b/vendor/yara/airbnb_binaryalert.yar
index a65fe2c..39679d4 100644
--- a/vendor/yara/airbnb_binaryalert.yar
+++ b/vendor/yara/airbnb_binaryalert.yar
@@ -468,6 +468,7 @@ rule hacktool_windows_ncc_wmicmd
         description = "Command shell wrapper for WMI"
         reference = "https://github.com/nccgroup/WMIcmd"
         author = "@mimeframe"
+        type = "file"
     strings:
         $a1 = "Need to specify a username, domain and password for non local connections" wide ascii
         $a2 = "WS-Management is running on the remote host" wide ascii