diff --git a/malware5.pl b/malware5.pl
index db86728..54ab6d9 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -298,7 +298,12 @@ my @regexen = (
     qr/<\?php.+?wpsupercache.+?function\s+injectscr\_hide\(\$plugins\)\s+\{.+?add\_filter\(\'all\_plugins\'\,\s+\'injectscr\_hide\'\)\;/is,
     qr/<script\s+data\-cfasync\=\'false\'\s+type\=\'text\/javascript\'>\s+eval\(function\(p\,a\,c\,k\,e\,d\)\{e\=function\(c\)\{return\(c<a\?\'\'\:e\(parseInt\(c\/a\)\)\).+?split\(\'\|\'\)\,0\,\{\}\)\)\s+<\/script>/is,
     qr/<\?php\s+if\s+\(isset\(\$\_POST\[\'upload\'\]\)\)\{.+?if\s+\(move\_uploaded\_file\(\$\_FILES\[\'uploadfile\'\]\[\'tmp\_name\'\]\,\s+\$uploadfile\)\).+?else\s+\{header\(\'Location\:\s+\.\.\/\.\.\/\'\)\;\}\s+\?>/is,
-    
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$([A-z0-9]{1,20})\=\".+?\"\;preg\_replace\(\"\/\.\*\/e\"\,\"\\x\d\d.+?\\x3B\"\,\"\.\"\)\;\s+return\;\s+\?>/is,
+    qr/<\?php\s+\$\{\"\\x47LOB.+?\@ini\_set\(\"\\x65.+?WSOsetcookie\(md5\(\$\_SERVER\[.+?\.\$\_POST\[\"a\"\]\)\;exit\;\s+\?>/is,
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$buffer\s+\=.+?\$newphrase\=str\_replace\(\$.+?eval\(\$\_b\(\$newphrase\)\)\;\s+\?>/is,
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$s\_pass\s+\=.+?b374k.+?\,\$s\_pass\)\;\?>/is,
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$([A-z0-9]{1,20})\=.+?\\x3B\"\,\"\.\"\)\;return\;\s+\?>/is,
+    qr/<\?php\s+echo\s+\"<html><head>.+?echo\s+\"<\!\-\-\s+g\(\'FilesMan\'\,\'c\:\/\'\)\s+\-\-\!>\"\;.+?function\s+wscandir\(\$cwdir\)\s+\{.+?echo\s+\"<\/body><\/html>\"\;/is,
 
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 32c78e4..f8bef80 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -778,8 +778,14 @@ my @regexen = (
     qr/<\?php.+?wpsupercache.+?function\s+injectscr\_hide\(\$plugins\)\s+\{.+?add\_filter\(\'all\_plugins\'\,\s+\'injectscr\_hide\'\)\;/is,   
     qr/<script\s+data\-cfasync\=\'false\'\s+type\=\'text\/javascript\'>\s+eval\(function\(p\,a\,c\,k\,e\,d\)\{e\=function\(c\)\{return\(c<a\?\'\'\:e\(parseInt\(c\/a\)\)\).+?split\(\'\|\'\)\,0\,\{\}\)\)\s+<\/script>/is,
     qr/<\?php\s+if\s+\(isset\(\$\_POST\[\'upload\'\]\)\)\{.+?if\s+\(move\_uploaded\_file\(\$\_FILES\[\'uploadfile\'\]\[\'tmp\_name\'\]\,\s+\$uploadfile\)\).+?else\s+\{header\(\'Location\:\s+\.\.\/\.\.\/\'\)\;\}\s+\?>/is,
-
-
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$([A-z0-9]{1,20})\=\".+?\"\;preg\_replace\(\"\/\.\*\/e\"\,\"\\x\d\d.+?\\x3B\"\,\"\.\"\)\;\s+return\;\s+\?>/is,
+    qr/<\?php\s+\$\{\"\\x47LOB.+?\@ini\_set\(\"\\x65.+?WSOsetcookie\(md5\(\$\_SERVER\[.+?\.\$\_POST\[\"a\"\]\)\;exit\;\s+\?>/is,
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$buffer\s+\=.+?\$newphrase\=str\_replace\(\$.+?eval\(\$\_b\(\$newphrase\)\)\;\s+\?>/is,
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$s\_pass\s+\=.+?b374k.+?\,\$s\_pass\)\;\?>/is,
+    qr/<\?php\s+error\_reporting\(0\)\;\s+\$ver\s+\=\s+\'6\.6\.6\'\;.+?exit\(\'Access\s+Denied\'\)\;.+?if\s+\(\$cracktrack\s+\!\=\s+\$checkworm\)\s+die\(\"\"\)\;\s+\}\s+\?>/is,
+    qr/<\?php\s+Error\_Reporting\(0\)\;\s+\$([A-z0-9]{1,20})\=.+?\\x3B\"\,\"\.\"\)\;return\;\s+\?>/is,
+    qr/<\?php\s+echo\s+\"<html><head>.+?echo\s+\"<\!\-\-\s+g\(\'FilesMan\'\,\'c\:\/\'\)\s+\-\-\!>\"\;.+?function\s+wscandir\(\$cwdir\)\s+\{.+?echo\s+\"<\/body><\/html>\"\;/is,
+    
 
 );