how yara express a string at half of a file

Question

I've written a Yara rule to search a string at half of a file. It's like this:

rule test 
{
   strings:
        $tag1 = "<%" ascii wide
        $tag2= "%>" wide ascii
   condition:
        ($tag1 in (0..100) and $tag2 in ((filesize*0.5)..filesize))
         
}

I meet this error: wrong type for range's lower bound

how can I resolve it?

Answer 1

I am giving you an example for first 100 bytes

import "cuckoo"

rule test {
    strings:
        $tag1 = "<%" ascii wide
        $tag2 = "%>" ascii wide

    condition:
        cuckoo.file.size <= 1048576 and
        $tag1 at 0..100 and
        $tag2 at (cuckoo.file.size / 2) .. cuckoo.file.size
}