diff --git a/support/yara_patterns/tools/pe/x86/installers.yara b/support/yara_patterns/tools/pe/x86/installers.yara
index 2e1c4e07a..84c07c8d2 100644
--- a/support/yara_patterns/tools/pe/x86/installers.yara
+++ b/support/yara_patterns/tools/pe/x86/installers.yara
@@ -443,70 +443,68 @@ rule pyinstaller_27
 		all of them
 }
 
-rule pyinstaller_30_38
+private rule pyinstaller_3x_strings
+{
+	strings:
+		$s00 = "Error loading Python DLL '%s'."
+		$s01 = "Cannot open self %s or archive %s"
+		$s02 = "Cannot open PyInstaller archive from executable (%s) or external archive (%s)"
+		$s10 = /PyInstalle(m|r): FormatMessageW failed\./
+		$s11 = /PyInstalle(m|r): pyi_win32_utils_to_utf8 failed\./
+	condition:
+		pe.number_of_sections > 0 and
+		any of ($s0*) and
+		all of ($s1*)
+}
+
+private rule pyinstaller_3x_overlay
+{
+	strings:
+		$s01 = { 4D 45 49 0C 0B 0A 0B 0E }      // PyInstaller magic number
+		$s02 = /PYZ\-\d\d\.pyz/
+		$s03 = /python3\d{1,2}\.dll/
+	condition:
+		pe.overlay.offset > 0 and
+		@s02 > pe.overlay.offset and
+		@s03 > pe.overlay.offset and
+		all of them
+}
+
+rule pyinstaller_3x
 {
 	meta:
 		tool = "I"
 		name = "PyInstaller"
-		version = "3.0-3.8"
+		version = "3.x"
 		strength = "high"
-	strings:
-		$s00 = "Failed to get address for PySys_SetObject"
-		$s01 = "Error copying %s"
-		$s02 = "Error loading Python DLL '%s'"
-		$s03 = "pyi-windows-manifest-filename"
 	condition:
-		pe.number_of_resources > 0 and
-		@s00 < pe.sections[2].raw_data_offset and
-		all of them
+		pyinstaller_3x_overlay and
+		pyinstaller_3x_strings
 }
 
-rule pyinstaller_39
+rule pyinstaller_3x_empty
 {
 	meta:
 		tool = "I"
-		name = "PyInstaller"
-		version = "3.9"
+		name = "PyInstaller (no data)"
+		version = "3.x"
 		strength = "high"
-	strings:
-		$s00 = "Cannot open PyInstaller archive from executable (%s) or external archive (%s)"
-		$s01 = "Cannot open self %s or archive %s"
-		$s10 = "PyInstaller: FormatMessageW failed."
-		$s11 = "PyInstaller: pyi_win32_utils_to_utf8 failed."
-		$s12 = "bpython39.dll"
-		$s13 = /PYZ-\d\d.pyz/
-		$s14 = { 4D 45 49 0C 0B 0A 0B 0E }      // PyInstaller magic number
 	condition:
-		pe.number_of_resources > 0 and
-		@s12 > pe.overlay.offset and
-		@s13 > pe.overlay.offset and
-		@s14 > pe.overlay.offset and
-		1 of ($s0*) and
-		all of ($s1*)
+		pe.overlay.size == 0 and
+		pyinstaller_3x_strings
 }
 
-rule pyinstaller_310_plus
+rule pyinstaller_3x_corrupt
 {
 	meta:
 		tool = "I"
-		name = "PyInstaller"
-		version = "3.10+"
+		name = "PyInstaller (corrupt)"
+		version = "3.x"
 		strength = "high"
-	strings:
-		$s00 = "Cannot open PyInstaller archive from executable (%s) or external archive (%s)"
-		$s01 = "Cannot open self %s or archive %s"
-		$s10 = /PyInstalle(r|m): FormatMessageW failed./
-		$s11 = /PyInstalle(r|m): pyi_win32_utils_to_utf8 failed./
-		$s12 = /bpython31\d.dll/
-		$s13 = /PYZ-\d\d.pyz/
-		$s14 = { 4D 45 49 0C 0B 0A 0B 0E }      // PyInstaller magic number
 	condition:
-		pe.number_of_resources > 0 and
-		@s12 > pe.overlay.offset and
-		@s13 > pe.overlay.offset and
-		@s14 > pe.overlay.offset and
-		1 of ($s0*) and
-		all of ($s1*)
+		pe.overlay.size > 0 and
+		pyinstaller_3x_strings and
+		not pyinstaller_3x_overlay
 }
 
 rule installanywhere_61 {