diff --git a/malware5.pl b/malware5.pl
index 0728b7d..e6c2ff7 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -83,6 +83,7 @@ my @regexen = (
     qr/<\?php\s+echo\s+\'<form\s+action\=\"\".+?\$\_POST\[\'\_\'\]\=\=\"GO\"\)\{if\(\@copy\(\$\_FILES\[.+?Err<\/b>\'\;\}\}\?>/is,
     qr/GIF89a\?\s+<\?php.+?\$get\.\=chr\(.+?\$undecode\=.+?\$ecode\.\=\s+\$\_REQUEST\[.+?\@eval\(\$undecode\(\$.+?\?>/is,
     qr/\%PDF\-\d\.\d.+?<\?php\s+\@include.+?<title>\'\.getenv\(\"HTTP\_HOST\"\)\.\'\s+\~\s+chmod\.php<\/title>.+?print\s+\$footer\;.+?exit\(\)\;\s+\?>/is,
+    qr/<\?php\s+\/\/header\(.+?\=urldecode\(.+?\\x\d\d\"\]\(\)\;\?>/is,
     qr/<\?\s+eval\(base64\_decode\(.+?\)\)\;\s+\?>/is,
     qr/<\?php\s+\$\{\"\\x.+?\;\$\{.+?\;\$\{.+?\;\$\{.+?\;\$\{.+?\;\$\{.+?base64\_decode\(substr\(\$\{\$\{.+?\}\;\}exit\(\)\;\}break\;\}\}\}\}\}\s+\?>/is,
  #   qr/GIF89a.+?<\?php.+?\?>/is,
@@ -140,9 +141,16 @@ my @regexen = (
     qr/<\?php\s+\$.+?\=\s+\'gzun\'\.\s+\'comp\'\.\s+\'ress\'\;\$.+?\=\s+\'base\'\s+\.\'64\_d\'\s+\.\'ecod\'\s+\.\'e\'\;\$.+?\=\s+\'imp\'\s+\.\'lod\'\s+\.\'e\'\;\$.+?\=\s+array\(\".+?\)\;\s+eval\(\s+\$.+?\)\)\)\)\;\s+\?>/is,
     qr/<\?php\s+error\_reporting\(E\_ERROR.+?global\s+\$site\_root\_dir\;.+?if\(PLATFORM\s+\=\=\s+WORDPRESS\)\s+\{.+?\/\/print\s+PLATFORM\;\s+\/\/print\_r\(\$all\_dirs\)\;\s+\?>/is,
     qr/<\?php\s+\@preg\_replace\(\"\/\/e\"\,\$\_POST\[\'.+?\'\]\,\"Access\s+Denied\"\)\;\?>/is,
-    
-
-
+    qr/<\?php\s+\@eval\(\$\_POST\[\'([A-z0-9]{1,})\'\]\)\;\s+\?>/is,
+    qr/<\?php.+?if\(isset\(\$\_GET\[\'check\'\]\)\)\{\s+\$file\[\]\s+\=\s+\'id0\.php\'\;.+?curl\_close\(\$ch\)\;\s+\}\s+return\s+\$data\;\s+\}/is,
+    qr/<\?php\s+\$arrId\s+\=\s+array\(.+?\'([0-9]{1,20})\-([0-9]{1,20})\'\,.+?\)\;\s+\?>/is,
+    qr/<\?php.+?\$arrnametime\[\]\=.+?\$arr\_word\[.+?\$arr\_key\[\]\=.+?\$strRand\[.+?return\s+\(\$ip\s+\?\s+\$ip\s+\:\s+\$\_SERVER\[\'REMOTE\_ADDR\'\]\)\;\}\s+\/\/file\s+end/is,
+    qr/<\?php\s+\$\{\"G.+?\(\$\{\$\{\"G\\x\d\wOB\\x\d\dL\\x\d\d\"\}\[.+?\\n\"\;\s+\?>/is,
+    qr/<\?php\s+echo\s+\'\s+<title>unzip\s+file\s+by\s+ahwak2000.+?\/\/by\s+ahwak2000\s+\?>/is,
+    qr/<\?php\s+\$\w\=\"ass\"\.\"ert\"\;\s+\$\w\(\$\{\"\_PO\"\.\"ST\"\}\s+\[\'([A-z0-9]{1,})\'\]\)\;\?>/is,
+    qr/<\?php\s+mb\_http\_input\(.+?\.php\_uname\(\)\..+?Upload\s+Failed\s+\!\!\!.+?while\(\$email\[\$i\]\).+?\$voy\+\+\;\s+\}\s+\?>\s+<\/DIV>\s+<\/div>\s+<\/form>/is,
+    qr/<\?php.+?\/\/w4l3XzY3\s+wuz\s+here\s+if\(isset\(\$\_POST\[\'action\'\]\s+\)\s+\)\{.+?\?>\s+<\?php\s+if\(isset\(\$\_GET\[\'u\'\]\).+?\.php\_uname\(\)\..+?\}\s+\?>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php\s+echo\s+\"walex\\n\"\;\s+echo\s+php\_uname\(\)\;\s+\@unlink\(\_\_FILE\_\_\)\;\s+\?>/is,