diff --git a/malware5.pl b/malware5.pl
index 5504763..44d259d 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -490,7 +490,8 @@ my @regexen = (
     qr/<\?php\s+\@ini\_set\(\'display\_errors\'\,.+?function\s+wp\_cd\(\$.+?\$npDcheckClassBgp.+?\}\s+\?>/is,
     qr/<\?php\s+\$login\=\"\"\;\s+\$md5\_pass\=\"\".+?eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php\s+\/\*.+?\*\/\s+\@error\_reporting\(0\)\;\s+\@eval\(base64\_decode\(\".+?\)\)\;\s+\/\*.+?\*\/\s+\?>/is,
-    
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\|.+?\)\)\=\=\$([A-z0-9]{1,20})\)eval\(\$.+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\|.+?\)die\;\$.+?\(false\,\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\).+?\'\;/is,   
 
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index b9f3f32..caff50f 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -973,7 +973,9 @@ my @regexen = (
     qr/<\?php\s+\@ini\_set\(\'display\_errors\'\,.+?function\s+wp\_cd\(\$.+?\$npDcheckClassBgp.+?\}\s+\?>/is,
     qr/<\?php\s+\$login\=\"\"\;\s+\$md5\_pass\=\"\".+?eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php\s+\/\*.+?\*\/\s+\@error\_reporting\(0\)\;\s+\@eval\(base64\_decode\(\".+?\)\)\;\s+\/\*.+?\*\/\s+\?>/is,
-    
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\|.+?\)\)\=\=\$([A-z0-9]{1,20})\)eval\(\$.+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\|.+?\)die\;\$.+?\(false\,\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\).+?\'\;/is,
+
 );
 
 my @base64_decodes = (