diff --git a/rules/public/hacktool/windows/hacktool_windows_mimikatz_modules.yara b/rules/public/hacktool/windows/hacktool_windows_mimikatz_modules.yara
index 671c3e5..002bda1 100644
--- a/rules/public/hacktool/windows/hacktool_windows_mimikatz_modules.yara
+++ b/rules/public/hacktool/windows/hacktool_windows_mimikatz_modules.yara
@@ -14,5 +14,6 @@ rule hacktool_windows_mimikatz_modules
         $s2 = "mimidrv" fullword ascii wide
         $s3 = "mimilove" fullword ascii wide
     condition:
-        any of them
+        uint16(0)==0x5a4d
+        and any of them
 }