diff --git a/malware5.pl b/malware5.pl
index 54d9c19..e572c66 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -206,6 +206,8 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\'s\'\.\'t\'\.\'r\'\.\'r\'\.\'e\'\.\'v\'\;\$([A-z0-9]{1,20})\s+\=\s+array\(.+?\(\'et\'\.\'al\'\.\'fn\'\.\'iz\'\.\'g\'\)\;eval\(\$.+?\)\)\)\)\;\s+\?>/is,
     qr/<\?php\s+eval\(\"\\n\\\$([A-z0-9]{1,20})\s+\=\s+intval\(\_\_LINE\_\_\)\s+\*\s+337\;\"\)\;.+?eval\s+\(gzinflate\(base64\_decode\(\$\w\)\)\)\;/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\$\_POST\[\'([A-z0-9]{1,20})\'\]\;if\(\$([A-z0-9]{1,20})\!\=\'\'\)\{\$([A-z0-9]{1,20})\=base64\_decode\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\@eval\(\"\\\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\;\"\)\;\}/is,
+    qr/<\?php\s+if\s+\(isset\(\$\_POST\[.+?\$email\s+\=\s+\@base64\_decode\(.+?\$return\s+jk\_\_\_\(\$url\)\;\s+\}\s+\}\s+\}/is,
+
 
 );