new malware fingerprint for cleaner

malware3.pl

@@ -534,7 +534,6 @@ my @regexen = (
 
 
 
-
     );
 my @base64_decodes = (
 

malware4.pl

@@ -92,6 +92,7 @@ my @regexen = (
     qr/<\?php\s+preg\_replace\(\"\/\.\/.+?\)\)\)\;\"\,\"\.\"\)\;/is,
 	qr/<\?php\s+\$file.+?function\s+dwnld\(\$file\)\s+\{.+?header\(\"HTTP\/1\.0\s+404\s+Not\s+Found\"\)\;\s+exit\;\s+\?>/is,
     qr/<\?php\s+error\_reporting\(0\)\;\s+\$\_([A-z0-9]{1,20})\s+\=.+?\;\s+for\s+\(\$i\s+\=\s+0\;\s+\$i\s+<\s+strlen\(\$\_([A-z0-9]{1,20})\)\;\s+\$i\+\+\)\s+\$\_([A-z0-9]{1,20})\s+\.\=\s+sprintf\(\"\%c\"\,\s+$\_([A-z0-9]{1,20})\s+\^\s+ord\(\$\_([A-z0-9]{1,20})\[\$i\]\)\)\;\$\_([A-z0-9]{1,20})\s+\=\s+\"\"\;s+for.+?\*\//is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?explode\(chr\(\(.+?\$([A-z0-9]{1,20})\=\(([0-9]{1,4})\-([0-9]{1,4})\)\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
 
 );
 my @base64_decodes = (