From 560d72dabc47a0036466afb3e25dabb8f070a07a Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Mon, 10 Jul 2017 13:16:25 +0200
Subject: [PATCH] new patterns

---
 malware4.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/malware4.pl b/malware4.pl
index 9a5e550..a2fef64 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -104,6 +104,9 @@ my @regexen = (
     qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\/\*([A-z0-9]{1,20})\*\/\{\/\*([A-z0-9]{1,20})\*\/\$P\=\/\*([A-z0-9]{1,20})\*\/\"ass\"\.\"ert\"\;\$W\=\$P\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}\?>/is,
     qr/<\?php\s+if\(isset\(\$\_COOKIE\[\".+?\"\]\)\)\{\$\_COOKIE\[\".+?\"\]\(\$\_COOKIE\[\".+?\"\]\)\;exit\;\}/is,
     qr/include\_once\s+\"3732787075626C69635F68746D6C\.htm\"\;/is,
+    qr/bgeteam\s+<\?php\s+error\_reporting\(0\)\;\s+if\(isset\(\$\_GET\[bge\]\)\).+?else\{echo\"<b>\"\;\}\}\}\s+\?>/is,
+    qr/<\?php\s+\$k=\"ass\"\.\"ert\"\;\s+\$k\(\$\{\"\_PO\"\.\"ST\"\}\s+\[\'wei\'\]\)\;\?>/is,
+
 
 );
 my @base64_decodes = (