From 5783ead57a2d62b60db66ef1c2dfba13815c7d2d Mon Sep 17 00:00:00 2001
From: Gabor Gyorvari <scr34m@gmail.com>
Date: Thu, 5 May 2016 07:42:39 +0200
Subject: [PATCH] extending patterns from 3rd samples source

---
 scan.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scan.php b/scan.php
index d57af83..3afa250 100644
--- a/scan.php
+++ b/scan.php
@@ -149,11 +149,14 @@ class MalwareScanner
             '=\'base\'.(32*2).\'_de\'.\'code\'',
             '"base64_decode"',
             'YmFzZTY0X2RlY29kZ', // base64_decode
+            
             /* 'eval', 'eval(', */
+            'eval("?>',
             'ev\x61l',
             '\x65\166\x61\154\x28' /* dec/hex issue? */,
             '\x65\x76\x61\x6C' /* case, dec/hex issue? */,
             'ZXZhbCg', // eval
+
             'eval(base64_decode(',
             '\x47\x4c\x4f\x42\x41LS', // GLOBALS
             'SFRUUF9VU0VSX0FHRU5U', // HTTP_USER_AGENT
@@ -161,8 +164,11 @@ class MalwareScanner
             '${${', // ${${"\x47\x4c\x4f\x42...
             'file_get_contents(\'http://codepad.org',
             'PHPJiaMi',
+            '@include($_GET[',
+            'system($_GET[',
 
             /* too open? */
+            // 'gzinflate(base64_decode(',
             'md5($_GET[', // md5($_GET["ms-load"])
         );
         foreach ($patterns as $toSearch) {