From 69d73f7c8314f073f6bce45df70083804ec51f39 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Thu, 11 Feb 2021 21:14:34 -0800
Subject: [PATCH] Fix `major_subsys_version` field in `pe_optional_header`
 event

It was incorrectly set the same as the `minor_subsys_version` field
of the `PE::OptionalHeader` record.
---
 src/file_analysis/analyzer/pe/pe-analyzer.pac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac
index 2316289ad5..0527a12189 100644
--- a/src/file_analysis/analyzer/pe/pe-analyzer.pac
+++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac
@@ -146,7 +146,7 @@ refine flow File += {
 			oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor}));
 			oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version}));
 			oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version}));
-			oh->Assign(16, zeek::val_mgr->Count(${h.minor_subsys_version}));
+			oh->Assign(16, zeek::val_mgr->Count(${h.major_subsys_version}));
 			oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version}));
 			oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image}));
 			oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));