diff --git a/malware4.pl b/malware4.pl
index c94125f..a796936 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -215,6 +215,8 @@ my @regexen = (
     qr/<\?php\s+error\_reporting\(E\_ALL\s+\&\s+\~E\_NOTICE\)\;\s+\$m\s+\=\s+get\_magic\_quotes\_gpc\(\)\;\s+\$uploadfloder.+?\}\s+else\s+\{\s+echo\s+\"ok\"\;\s+\}\s+\?>/is,
     qr/<\?php\s+error\_reporting\(0\)\;\s+\$domain\s+\=\s+\'n\.liveupdates\.host\'\;.+?\$s\s+\=\s+dns\_get\_record\(\$domain\,\s+DNS\_TXT\)\;.+?header\(\'Location\:\s+\'\.\$location\.\'\&\'\.\$m\,\s+TRUE\,\s+302\)\;\s+\}/is,
     qr/<\?php\s+function\s+result\(\$data\).+?srand\(seed\(\)\)\;.+?echo\(result\(array\(.+?\?>/is,
+    qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'xftest\'\]\)\)die\(pi\(\)\*.+?\]\)\;\}exit\(\)\;\}/is,
+    qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;\s+charset\=utf\-8\'\)\;\s+\$O\_OO\_\_000O\=\'1044\'\;\s+\$O0O00OO\_\_\_\=urldecode\(.+?\]\(\)\;\?>/is,
 );
 my @base64_decodes = (