diff --git a/malware4.pl b/malware4.pl
index a954385..51f9ac1 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -163,7 +163,8 @@ my @regexen = (
     qr/<\!DOCTYPE\s+HTML\s+PUBLIC.+?Hacked\s+By\s+Dr\.Shap7\-Nine.+?<\/html>/is,
     qr/<\?php\s+\/\/([A-z0-9]{1,20})\s+\$\{.+?\}\=\=\=\"\"\|\|strrpos\(\$\{\$.+?\}\;exit\(\)\;\}\}\}\s+\/\/([A-z0-9]{1,20})\s+\?>/is,
     qr/<\!DOCTYPE.+?<h1>Index\s+of\s+\/<\/h1>.+?<\/html>/is,
-
+    qr/<\?php\s\$([A-z0-9]{1,20})\s+\=\s+stripslashes\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+stripslashes\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+stripslashes\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+mail\(stripslashes\(\$([A-z0-9]{1,20})\)\,\s+stripslashes\(\$([A-z0-9]{1,20})\)\,\s+stripslashes\(\$([A-z0-9]{1,20})\)\)\;\s+if\(\$([A-z0-9]{1,20})\)\{echo\s+\'([A-z0-9]{1,20})\'\;\}\s+else\s+\{echo\s+\'([A-z0-9]{1,20})\s+\:\s+\'\s+\.\s+\$([A-z0-9]{1,20})\;\}\s+\?>/is,
+    qr/<\?php\s+\$password\s+\=\s+\"([A-z0-9]{1,20})\".+?function\s+TestWriteable\(\).+?HtmlFoot\(\)\;\s+exit\;\s+\}\s+\?>/is,