diff --git a/malware/MALW_XHide.yar b/malware/MALW_XHide.yar
new file mode 100644
index 00000000..c1c4e4ee
--- /dev/null
+++ b/malware/MALW_XHide.yar
@@ -0,0 +1,15 @@
+rule XHide: MALW
+{
+	meta:
+		description = "XHide - Process Faker"
+		author = "Joan Soriano / @w0lfvan"
+		date = "2017-12-01"
+		version = "1.0"
+		MD5 = "c644c04bce21dacdeb1e6c14c081e359"
+		SHA256 = "59f5b21ef8a570c02453b5edb0e750a42a1382f6"
+	strings:
+		$a = "XHide - Process Faker"
+		$b = "Fakename: %s PidNum: %d"
+	condition:
+		all of them
+}