diff --git a/malware4.pl b/malware4.pl
index 14b72c3..6614c64 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -130,6 +130,7 @@ my @regexen = (
     qr/<\?php\s+set\_magic\_quotes\_runtime\(0\)\;\s+if\(strtolower\(substr\(PHP\_OS\,0\,3\)\).+?Command\s+completed<\/b><\/center>\"\;\s+\}\s+exit\;\s+\?>/is,
     qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\(isset\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\)\/\*([A-z0-9]{1,20})\*\/\{\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\;exit\;\/\*([A-z0-9]{1,20})\*\/\}.+?\"\)\{return\s+preg\_match\(\"\/\(google\.co\.jp\|yahoo\.co\.jp\|bing\)\/.+?return\s+\$([A-z0-9]{1,20})\;\}\Z/is,
     qr/<\?if\(\$\_GET\[\'mod\'\]\)\{if\(\$\_GET\[.+?file\_get\_contents\(\'http\:\/\/.+?gethostbyname.+?dbl\.spamhaus\.org\'\)\;.+?\?>/is,
+    qr/<\?php\s+\$x([0-9]{1,10})\=\".+?elseif\s+\(\$x([0-9]{1,10})\s+\=\=\s+\'LINEDATE\'\).+?\$\x([0-9]{1,10})\s+\=\s+\'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\'.+?\$x([0-9]{1,10})\s+\=\s+\$x([0-9]{1,10})\(MCRYPT\_BLOWFISH.+?return\s+\$x([0-9]{1,10})\;\s+\}\}\s+\?>/is,