diff --git a/malware5.pl b/malware5.pl
index 053b682..e19a132 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -202,7 +202,9 @@ my @regexen = (
     qr/<\?php\s+function\s+inject\_gtm\(\$file\,\s+\&\$arr\).+?\$script\s+\=\s+\'\$\{.+?<<\/DEL\_FAIL>>\"\;\s+\}/is,
     qr/<\?php\s+\$\{\"\\x.+?\;\$\{\"GLOB\\x.+?\)\;\$\{\$\{.+?ALS\"\}\[\".+?\@\$\{\$([A-z0-9]{1,20})\}\(\$\_POST\[\"\w\"\]\)\;echo.+?\;\?>/is,
     qr/<\?php\s+echo.+?\.php\_uname\(\)\..+?Upload.+?Upload.+?Upload.+?\}\s+\}\s+\?>/is,
-
+    qr/<\?php\s+\$.+?\'gz\'\.\s+\'un\'\.\s+\'co\'\.\s+\'mp\'\.\s+\'re\'\.\s+\'ss\'.+?\'bas\'\s+\.\'e64\'\s+\.\'\_de\'\s+\.\'cod\'\s+\.\'e\'.+?\'i\'\s+\.\'m\'\s+\.\'p\'\s+\.\'l\'\s+\.\'o\'\s+\.\'d\'\s+\.\'e\'.+?array\(.+?eval\(.+?\)\)\)\)\;\s+\?>/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\'s\'\.\'t\'\.\'r\'\.\'r\'\.\'e\'\.\'v\'\;\$([A-z0-9]{1,20})\s+\=\s+array\(.+?\(\'et\'\.\'al\'\.\'fn\'\.\'iz\'\.\'g\'\)\;eval\(\$.+?\)\)\)\)\;\s+\?>/is,
+    
 
 );
 
diff --git a/scan.php b/scan.php
index 668c62e..df52805 100644
--- a/scan.php
+++ b/scan.php
@@ -480,7 +480,8 @@ error_reporting(E_ALL);
     "submit\[at\]1337day\.com",
     "luan\.hackingpro123\@hotmail\.com",
     "facebook\.com\/luan\.santo\.5437",
-
+    "wtuds",
+    "eval(atob",
 );
 
 foreach ($tree as $finfo)