diff --git a/malware5.pl b/malware5.pl
index 68c2ef0..e88729c 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -450,7 +450,7 @@ my @regexen = (
     qr/<html>\s+<head>\s+<title><\?php\s+tr\(\'name\'\,false\)\;\s+\?>\s+<\?php\s+echo\s+VERSION\;\?><\/title>.+?function\s+pingoutservers\(\)\s+\{.+?function\s+StopSendMail\(\)\s+\{.+?<\/body>\s+<\/html>/is,
     qr/<\!DOCTYPE.+?<title>\(c\)\s+private\s+mail\-worker\s+\(c\)<\/title>.+?function\s+randmail\(\).+?\$numemails\s+\=\s+count\(\$allemails\)\;.+?<\/style>\s+<\/body>\s+<\/html>/is,
     qr/<\?php\s+Error\_Reporting\(E\_ALL.+?<title>FakeSender\s+by\s+POCT\s+\[FuckAV\.ru\]<\/title>.+?if\(mail\(\$to\,\s+\$subject\,\s+\$message\,\s+\$header\)\).+?\?>\s+<\/body>\s+<\/html>/is,
-    
+    qr/<\?\s+eval\(gzinflate\(str\_rot13\(base64\_decode\(.+?\)\)\)\)\;\s+\?>/is,
 
     );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 38e29ca..a57103c 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -933,6 +933,7 @@ my @regexen = (
     qr/<html>\s+<head>\s+<title><\?php\s+tr\(\'name\'\,false\)\;\s+\?>\s+<\?php\s+echo\s+VERSION\;\?><\/title>.+?function\s+pingoutservers\(\)\s+\{.+?function\s+StopSendMail\(\)\s+\{.+?<\/body>\s+<\/html>/is,
     qr/<\!DOCTYPE.+?<title>\(c\)\s+private\s+mail\-worker\s+\(c\)<\/title>.+?function\s+randmail\(\).+?\$numemails\s+\=\s+count\(\$allemails\)\;.+?<\/style>\s+<\/body>\s+<\/html>/is,
     qr/<\?php\s+Error\_Reporting\(E\_ALL.+?<title>FakeSender\s+by\s+POCT\s+\[FuckAV\.ru\]<\/title>.+?if\(mail\(\$to\,\s+\$subject\,\s+\$message\,\s+\$header\)\).+?\?>\s+<\/body>\s+<\/html>/is,
+    qr/<\?\s+eval\(gzinflate\(str\_rot13\(base64\_decode\(.+?\)\)\)\)\;\s+\?>/is,
     
 
 );