fixes

malware5.pl

@@ -562,6 +562,7 @@ foreach my $file (sort @files) {
         next if $file eq 'youtube.php';
         next if $file eq 'FMModelForm_maker_fmc.php';
         next if $file eq 'menu_scan.php';
+        next if $file eq 'style_dynamic.php';
         print "Scanning $start_dir/$file... ";
 
         unless (-r "$start_dir/$file") {

scan.py

@@ -231,7 +231,7 @@ scoring = {
   'PHISHING':                 (10, u'Phishing patterns'),
   'MD5':                      (20, u'md5 strings used in malware'),
   'SOCIALS':                  (50, u'Email addresses, links and social networking'),
-  'EITES':                    (50, u'Eitest'),
+  'EITEST':                    (50, u'Eitest'),
 }
 
 
@@ -530,7 +530,7 @@ def is_hacked(filename):
             or 'https://www.colourbox.com/preview/11775720-hacker-boy-icon.jpg' in l \
             or 'https://image.prntscr.com/image/dQ_-z9pTRL6tA2kqbnXH6A.jp' in l:
             score.append(('SOCIALS', ''))
-        if re.compile("<?php\s*\$[a-z]{1,10}\s*=.*\$[a-z]{1,10}=explode\(chr\(\([0-9]{1,10}.*[0-9]{1,10}\)\).*\$[a-z]{1,10}=\([0-9].*[0-9]{1,10}\).*if\s*\(!function_exists\('[a-z]{1,10}'\)\)").match(l):
+        if re.compile("<\?php \$([a-z]){1,10} = \'.*\$([a-z]){1,10}=explode\(chr\(\(([0-9]){1,4}[-+]([0-9]){1,4}\)\).*\$([a-z]){1,10}=\(([0-9]){1,4}[-+]([0-9]){1,10}\).*-1; \?>") in l:
             score.append(('EITEST', ''))
         previous_line = l