diff --git a/malware4.pl b/malware4.pl
index a796936..55203c1 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -217,6 +217,8 @@ my @regexen = (
     qr/<\?php\s+function\s+result\(\$data\).+?srand\(seed\(\)\)\;.+?echo\(result\(array\(.+?\?>/is,
     qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'xftest\'\]\)\)die\(pi\(\)\*.+?\]\)\;\}exit\(\)\;\}/is,
     qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;\s+charset\=utf\-8\'\)\;\s+\$O\_OO\_\_000O\=\'1044\'\;\s+\$O0O00OO\_\_\_\=urldecode\(.+?\]\(\)\;\?>/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=.+?\=str\_rot13\(\'([A-z0-9]{1,20})\_([A-z0-9]{1,20})\'\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'([A-z0-9]{1,20})64\_([A-z0-9]{1,20})\'\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'([A-z0-9]{1,20})\'\)\;\$a\=\'rt\'\;\s+\$b\=\'as\'\;\s+\$b\.\=\'se\'\s+\.\s+\$a\;\@\$b\(\$([A-z0-9]{1,20})\(\'ri\'\s+\.\s+\'ny\(\\\'\'\s+\.\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\s+\.\s+\'\\\'\)\'\)\)\;/is,
+    
 );
 my @base64_decodes = (