diff --git a/malware5.pl b/malware5.pl
index f488027..61769df 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -351,10 +351,11 @@ my @regexen = (
     qr/<\?php\s+function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\{\$([A-z0-9]{1,20})\s+\=\s+\'\'\;\s+for\(\$i\=0\;\s+\$i\s+<\s+strlen\(\$([A-z0-9]{1,20})\)\;\s+\$i\+\+\)\{\$([A-z0-9]{1,20})\s+\.\=\s+isset\(\$.+?\$([A-z0-9]{1,20})\=\"base64\_decode\"\;return\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\}.+\$([A-z0-9]{1,20})\s+\=\s+Array\(\'.+?\)\;\s+eval\(([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\)\;\?>/is,
     qr/<\?php\s+isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\(\$([A-z0-9]{1,20})\=\s+\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\@preg\_replace\(\'\/([A-z0-9]{1,20})\/\w\'\,\'\@\'\.str\_rot13\(\'riny\'\)\.\'\(\$([A-z0-9]{1,20})\)\'\,\s+\'([A-z0-9]{1,20})\'\)\;/is,
     qr/<\?php\s+if\(isset\(\$\_GET\[.+?\]\)\?base64\_decode\(\$\_GET\[\'([A-z0-9]{1,20})\'\]\)\:\'\'\;.+?foreach\(array\(\$([A-z0-9]{1,20})\)\s+as\s+\$([A-z0-9]{1,20})\)\{.+?ob\_end\_flush\(\)\;\s+\}/is,
-    qr/<\?php\s+if\s+\(md5\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\=\=\=\'.+?if\(isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\&\&isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\)\{\$([A-z0-9]{1,20})\s+\=\s+array\(\$([A-z0-9]{1,20})\.\$\_POST\[\'([A-z0-9]{1,20})\'\]\.\'\\\'\)\)\'\s+\=>\s+\'\|\.\*\|e\'\,\)\;array\_walk\(\$([A-z0-9]{1,20})\,\s+strval\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\,s+\'\'\)\;\}\}\s+\?>/is,
     qr/function\s+stripDangerousValues\(\$input\)\s+\{.+?\$\_POST\s+\=\s+stripDangerousValues\(\$\_POST\)\;/is,
     qr/<\?php.+?\$rootpath\s+\=\s+preg\_replace\(\'\/\(htdocs\|httpdocs\|www\)\(\.\*\)\/\'\,\'\$1\'\,dirname\(\$\_SERVER\[\"SCRIPT\_FILENAME\"\]\)\)\;.+?return\s+\$result\;\s+\}\s+\?>/is,
-    
+    qr/<\?php\s+\$urls\s+\=\s+array\s+\(\s+\'http\:\/\/.+?\)\;\s+\$URL\s+\=\s+\$urls\[rand\(0\,\s+count\(\$urls\)\s+\-\s+1\)\]\;\s+header\s+\(\"Location\:\s+\$URL\"\)\;\s+\?>/is,
+    qr/<\?php\s+if\s+\(md5\(\$\_POST\[.+?\'bas\'\.\'e6\'\.\'4\_d\'\.\'ec\'\.\'ode\'\;.+?array\_walk\(.+?\)\;\}\}\s+\?>/is,
+    qr/<\?php.+?move\_uploaded\_file\(\$file\,\s+\$name\)\;\s+\}else\{\s+\?>.+?action\=\"<\?\$\_SERVER\[\'PHP\_SELF\'\]\?>\">.+?require\_once\(dirname\(\_\_FILE\_\_\)\.DS\.\'index\.php\'\)\;\s+\?>/is,
 
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index b785adb..562daeb 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -833,9 +833,12 @@ my @regexen = (
     qr/<\?php\s+function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\{\$([A-z0-9]{1,20})\s+\=\s+\'\'\;\s+for\(\$i\=0\;\s+\$i\s+<\s+strlen\(\$([A-z0-9]{1,20})\)\;\s+\$i\+\+\)\{\$([A-z0-9]{1,20})\s+\.\=\s+isset\(\$.+?\$([A-z0-9]{1,20})\=\"base64\_decode\"\;return\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\}.+\$([A-z0-9]{1,20})\s+\=\s+Array\(\'.+?\)\;\s+eval\(([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\)\;\?>/is,
     qr/<\?php\s+isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\(\$([A-z0-9]{1,20})\=\s+\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\@preg\_replace\(\'\/([A-z0-9]{1,20})\/\w\'\,\'\@\'\.str\_rot13\(\'riny\'\)\.\'\(\$([A-z0-9]{1,20})\)\'\,\s+\'([A-z0-9]{1,20})\'\)\;/is,
     qr/<\?php\s+if\(isset\(\$\_GET\[.+?\]\)\?base64\_decode\(\$\_GET\[\'([A-z0-9]{1,20})\'\]\)\:\'\'\;.+?foreach\(array\(\$([A-z0-9]{1,20})\)\s+as\s+\$([A-z0-9]{1,20})\)\{.+?ob\_end\_flush\(\)\;\s+\}/is,
-    qr/<\?php\s+if\s+\(md5\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\=\=\=\'.+?if\(isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\&\&isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\)\{\$([A-z0-9]{1,20})\s+\=\s+array\(\$([A-z0-9]{1,20})\.\$\_POST\[\'([A-z0-9]{1,20})\'\]\.\'\\\'\)\)\'\s+\=>\s+\'\|\.\*\|e\'\,\)\;array\_walk\(\$([A-z0-9]{1,20})\,\s+strval\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\,s+\'\'\)\;\}\}\s+\?>/is,
+    qr/<\?php\s+if\s+\(md5\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\=\=\=\'.+?if\(isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\&\&isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\)\{\$([A-z0-9]{1,20})\s+\=\s+array\(\$([A-z0-9]{1,20})\.\$\_POST\[\'([A-z0-9]{1,20})\'\].+?array\_walk\(\$([A-z0-9]{1,20})\,\s+strval\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\,s+\'\'\)\;\}\}\s+\?>/is,
     qr/function\s+stripDangerousValues\(\$input\)\s+\{.+?\$\_POST\s+\=\s+stripDangerousValues\(\$\_POST\)\;/is,
     qr/<\?php.+?\$rootpath\s+\=\s+preg\_replace\(\'\/\(htdocs\|httpdocs\|www\)\(\.\*\)\/\'\,\'\$1\'\,dirname\(\$\_SERVER\[\"SCRIPT\_FILENAME\"\]\)\)\;.+?return\s+\$result\;\s+\}\s+\?>/is,
+    qr/<\?php\s+\$urls\s+\=\s+array\s+\(\s+\'http\:\/\/.+?\)\;\s+\$URL\s+\=\s+\$urls\[rand\(0\,\s+count\(\$urls\)\s+\-\s+1\)\]\;\s+header\s+\(\"Location\:\s+\$URL\"\)\;\s+\?>/is,
+    qr/<\?php\s+if\s+\(md5\(\$\_POST\[.+?\'bas\'\.\'e6\'\.\'4\_d\'\.\'ec\'\.\'ode\'\;.+?array\_walk\(.+?\)\;\}\}\s+\?>/is,
+    qr/<\?php.+?move\_uploaded\_file\(\$file\,\s+\$name\)\;\s+\}else\{\s+\?>.+?action\=\"<\?\$\_SERVER\[\'PHP\_SELF\'\]\?>\">.+?require\_once\(dirname\(\_\_FILE\_\_\)\.DS\.\'index\.php\'\)\;\s+\?>/is,
 
 );