From 3904b2d6a17fd1d374da48a4894f68c5212eb4e7 Mon Sep 17 00:00:00 2001
From: Malin <malin@cenusa.me>
Date: Wed, 28 Dec 2016 20:37:47 +0100
Subject: [PATCH] Update 'malware3.pl'

---
 malware3.pl | 1 -
 1 file changed, 1 deletion(-)

diff --git a/malware3.pl b/malware3.pl
index 2c2576c..f00674e 100644
--- a/malware3.pl
+++ b/malware3.pl
@@ -24,7 +24,6 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,10})\=\'aWYoaXNzZXQoJF9SRVFVRVNUWydjb2NvJ10pICYmICRfUkVRVUVTVFsnY29jbyddIT0nJyl7ZXZhbCgkX1JFUVVFU1RbJ2NvY28nXSk7ZXhpdCgpO30\=\'\;eval\(base64\_decode\(\$([A-z0-9]{1,10})\)\)\;exit\(\)\;\s+\?>/is,
     qr/<script.+?G91825.+?<\/script>/is,
     qr/<\!\-\-\-\s+Eagle\s+Security\s+Team\-\-\-\->.+?<\!\-\-\-\s+Eagle\s+Security\s+Team\-\-\-\->/is,
-	qr/<\?php\s+if\s+\(isset\(\$\_REQUEST\[\"([A-z0-9]{1,10})\"\]\)\s+AND\s+\$\_REQUEST\[\"([A-z0-9]{1,10})\"\]\=\=\"1\"\)\{echo\s+\"200\"\;\s+exit\;\}\s+if\(isset\(\$\_POST\[\"([A-z0-9]{1,10})\"\]\)\s+\&\&\s+isset\(\$\_POST\[\"([A-z0-9]{1,10})\"\]\)\s+\&\&\s+\$\_POST\[\"([A-z0-9]{1,10})\"\]\=\=.+?\)eval\(gzuncompress\(base64\_decode\(\$\_POST\[\"([A-z0-9]{1,10})\"\]\)\)\)\;\s+\?>/is,
     qr/<\?php\s+echo\"trest\"\;error\_reporting\(0\)\;.+?val\(base64\_decode\(\$kk\)\)\;\s+echo\"abrval\"\;\s+\?>/is,
     qr/<\?php\s+\@preg\_replace\(\$\_SERVER\[\'HTTP\_X\_([A-z0-9]{1,10})\'\]\,\s+\$\_SERVER\[\'HTTP\_X\_CURRENT\'\]\,\s+\'\'\)\;\s+\?>/is,
     qr/<\?php\s+\/\*\*\s+\*\s+\@version.+?\$b64\s+\=\s+\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\+\/\=\"\;.+?\$o3\s+\=\s+\$bits\s+\&\s+0xff\;.+?new\s+JApplication\(arrays+\(\'UID\'\s+\=>\s+\'.+?\'\)\)\;/is,