diff --git a/tests/fixtures.py b/tests/fixtures.py
index 0ae1e557..cf1937da 100644
--- a/tests/fixtures.py
+++ b/tests/fixtures.py
@@ -466,8 +466,8 @@ FEATURE_PRESENCE_TESTS = sorted(
         ("773290...", "function=0x140001140", capa.features.common.String(r"%s:\\OfficePackagesForWDAG"), True),
         # insn/regex
         ("pma16-01", "function=0x4021B0", capa.features.common.Regex("HTTP/1.0"), True),
-        ("pma16-01", "function=0x40328b", capa.features.common.Regex("www.practicalmalwareanalysis.com"), True),
-        ("pma16-01", "function=0x40328b", capa.features.common.Substring("practicalmalwareanalysis.com"), True),
+        ("pma16-01", "function=0x402F40", capa.features.common.Regex("www.practicalmalwareanalysis.com"), True),
+        ("pma16-01", "function=0x402F40", capa.features.common.Substring("practicalmalwareanalysis.com"), True),
         # insn/string, pointer to string
         ("mimikatz", "function=0x44EDEF", capa.features.common.String("INPUTEVENT"), True),
         # insn/string, direct memory reference