diff --git a/malware4.pl b/malware4.pl
index 7fbfd4c..b8bd7ee 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -45,6 +45,7 @@ my @regexen = (
 	qr/eval\(base64\_decode\(\"aWY.+?include.+?eval\(base64\_decode\(\"aWY.+?include.+?ephp\"\;/is,
     qr/<\?php\s+\/\*\s+ionCube24\s+encoder\s+\*\/\s+global.+?eval\(base64\_decode\(.+?\_\_halt\_compiler\(\)\;([A-z0-9]{250,})/is,
     qr/<\?\s+eval\(gzuncompress\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?\$([A-z0-9]{1,20})\s+\=\s+\'pr\'\.\'eg\'\.\'\_r\'\.\'epl\'\.\'ace\'\;.+?\@\$([A-z0-9]{1,20})\(\'\#\#e\'\,.+?\'\'\)\;/is,
     
 );
 my @base64_decodes = (