From 3c1bb58e48b940462f7763bbc4ff5a36555498fe Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Mon, 19 Mar 2018 09:14:08 +0100
Subject: [PATCH] new patterns

---
 malware4.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/malware4.pl b/malware4.pl
index 6db2cd3..5006673 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -431,6 +431,10 @@ my @regexen = (
     qr/\?php\s+\/\*\s+\(c\)\s+2005.+?\=base64\_decode\(\$.+?for\(\$i\=0\;\s+\$i<strlen\(\$.+?\=\@gzinflate\(strrev\(\$.+?\)\;\s+\}\s+\?>/is,
     qr/if\(isset\(\$\_REQUEST\[\'.+?\$array\_name\s+\.\=\s+\$alphabet\[\$.+?\/\/\s+MALWARE\s+\$([A-z0-9]{1,20})\(\)\;\s+exit\(\)\;\s+\}/is,
     qr/\$alphabet\s+\=\s+\".+?\$string\s+\=\s+\".+?\$array\_name\s+\=\s+\"\"\;.+?\$array\_name\s+\.\=\s+\$alphabet\[\$.+?strrev\(\"noi\"\.\"tcnuf\"\.\"\_eta\"\.\"erc\"\)\;.+?\/\/\s+MALWARE\s+\$([A-z0-9]{1,20})\(\)\;/is,
+    qr/<\?php\s+error\_reporting\(E\_ERROR\)\;.+?\$fp\=fopen\(\$filepath\,\"w\"\)\;.+?echo\s+\"uploaded\"\;\s+\}\s+\?>/is,
+    qr/<\?php\s+error\_reporting\(E\_ERROR\)\;.+?\$fp\=fopen\(\$filename\,\"w\"\)\;.+?echo\s+\"publish\s+success\"\;\s+\?>/is,
+    qr/<\?php\s+array\_map\(\"ass.+?rt\"\,\(array\)\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\;\?>/is,
+    qr/<\?php\s+\@eval\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\?>/is,
 
 
 );