diff --git a/malware5.pl b/malware5.pl
index 39c6cb3..4207211 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -462,6 +462,7 @@ my @regexen = (
     qr/<\?.+?if\(isset\(\$\_SERVER\[\'WINDIR\'\]\)\)\{.+?if\(strstr\(\$contents\,\"c99\"\)\)\{\s+return\s+true\;\s+\}\s+\}\s+\?>/is,
     qr/<\?php\s+\@system\(\"cd\s+\/tmp\;wget\s+http\:\/\/.+?\@shell\_exec\(\"cd\s+\/tmp\;wget\s+http\:\/\/.+?\?>/is,
     qr/<\?php.+?array\(\"\.\"\,\"\.\.\"\,\"\.\.\/\.\.\"\,\s+\"\.\.\/\.\.\/\.\.\"\)\;.+?array\(\"index\.html\"\,\s+\"index\.htm\"\,\s+\"index\.shtml\"\,\s+\"default\.asp\"\)\;.+?\]\)\.\"\?domain\=\"\.base64\_encode\(\$\_SERVER\[\'HTTP\_HOST\'\]\)\)\;.+?\"\)\;\s+\?>/is,
+    qr/<\?php.+?\@shell\_exec\(\"cd\s+\/tmp\;\s+wget\s+http\:\/\/.+?\?>/is,
 
     );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index bda87ee..d9f3aba 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -945,7 +945,7 @@ my @regexen = (
     qr/<\?.+?if\(isset\(\$\_SERVER\[\'WINDIR\'\]\)\)\{.+?if\(strstr\(\$contents\,\"c99\"\)\)\{\s+return\s+true\;\s+\}\s+\}\s+\?>/is,
     qr/<\?php\s+\@system\(\"cd\s+\/tmp\;wget\s+http\:\/\/.+?\@shell\_exec\(\"cd\s+\/tmp\;wget\s+http\:\/\/.+?\?>/is,
     qr/<\?php.+?array\(\"\.\"\,\"\.\.\"\,\"\.\.\/\.\.\"\,\s+\"\.\.\/\.\.\/\.\.\"\)\;.+?array\(\"index\.html\"\,\s+\"index\.htm\"\,\s+\"index\.shtml\"\,\s+\"default\.asp\"\)\;.+?\]\)\.\"\?domain\=\"\.base64\_encode\(\$\_SERVER\[\'HTTP\_HOST\'\]\)\)\;.+?\"\)\;\s+\?>/is,
-
+    qr/<\?php.+?\@shell\_exec\(\"cd\s+\/tmp\;\s+wget\s+http\:\/\/.+?\?>/is,
 
 );