diff --git a/malware4.pl b/malware4.pl
index 407b1e5..f14a978 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -224,7 +224,8 @@ my @regexen = (
     qr/<\?php\s+\@ini\_set\(\'display\_errors\'\,\s+0\)\;.+?\$arr\_word\[0\]\[\].+?\$arrKeywz\[\].+?\$strRand\[0\].+?str\_ireplace\(str\_replace\(.+?\/\/file\s+end/is,
     qr/<\?php\s+\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\s+\#\s+Xai\s+Syndicate\s+\#\s+\#NoName\s+Shell\s+Release\#\s+\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\s+\$auth\_pass\s+\=.+?eval\(str\_rot13\(gzinflate\(str\_rot13\(base64\_decode\(\(\$noname\)\)\)\)\)\)\;/is,
     qr/<\?php\s+echo\s+\"Priv8\s+Home\s+Root\s+Uploader.+?echo\s+\"gagal\s+upload\"\;\s+\}\s+\}\s+\}\s+\?>/is,
-
+    qr/<\?php.+?BlackHat\s+Shell.+?\$auth\_pass.+?\$nusantarablackhat.+?eval\(str\_rot13\(gzinflate\(str\_rot13\(base64\_decode\(\(\$nusantarablackhat\)\)\)\)\)\)\;/is,
+    qr/<\!DOCTYPE\s+html>\s+<head>\s+<\!\-\-\s+Meta\s+\-\->\s+<meta\s+name\=\"keywords\"\s+content\=\"Hacked\">.+?<\!\-\-\s+end\:\s+index\s+\-\->/is,
 );
 my @base64_decodes = (