From 262f19f2925887296ea1e5ed7b5256ab867956af Mon Sep 17 00:00:00 2001
From: Malin <malin@cenusa.me>
Date: Fri, 7 Apr 2017 14:46:55 +0200
Subject: [PATCH] Update 'malware4.pl'

---
 malware4.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/malware4.pl b/malware4.pl
index 5d9cb77..5a30007 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -82,6 +82,9 @@ my @regexen = (
 	qr/<\?php\s+\$action\=\$\_REQUEST\[\'action\'\]\;\s+\/\/status.+?echo\s+\"File\s+does\s+not\s+exist\"\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$p\s+\=\s+\$\_REQUEST\[\"m\"\]\;\s+eval\(base64\_decode\(\$p\)\)\;\s+\?>/is,
     qr/\/\*edition\:1\.6\*\/.+?\;eval\(gzuncompress\(base64\_decode\(\$([A-z0-9]{1,20})\)\)\)\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=.+?\$([A-z0-9]{1,20})\=call\_user\_func\(.+?\)\;\s+\$([A-z0-9]{1,20})\=call\_user\_func\(.+?\)\;\s+eval\(\$([A-z0-9]{1,20})\)\;/is,
+    
+    
 );
 my @base64_decodes = (