From 68e8745a3f7262a0dee1349a7be7ad455afe38e1 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Thu, 13 Jul 2017 21:33:14 +0200
Subject: [PATCH] new pattern

---
 malware4.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/malware4.pl b/malware4.pl
index 5cf3934..a158547 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -126,6 +126,8 @@ my @regexen = (
     qr/<\?php\s+\@\'\$.+?\=http\:\/\/([A-z0-9]{1,20}).([A-z0-9]{1,50})\/([A-z0-9]{1,20})\.php\s+cache\=([0-9]{1,10}).+?exit\(\)\;\}else\{return\;\}\}([A-z0-9]{1,20})\(\)\;/is,
     qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\/\*([A-z0-9]{1,20})\*\/\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\/\*([A-z0-9]{1,20})\*\/\{eval\(\/\*([A-z0-9]{1,20})\*\/\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}.+?function\s+([A-z0-9]{1,20})\(\)\{\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{1,100})\"\;\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{1,100})\"\;\s+return\s+\"\{\$([A-z0-9]{1,20})\}\{\$([A-z0-9]{1,20})\}\"\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$alphabet\s+\=.+?\$string\s+\=.+?\$array\_name.+?\$f\(\)\;/is,
+    qr/<\?php\s+\@\'\$.+?x7\=http\:\/\/.+?\.php\s+cache=.+?\(\)\;\Z/is,
+