From 7d26d75d602f3296cdb7f6e20bda05f7745df047 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Thu, 28 Dec 2017 20:49:25 +0100
Subject: [PATCH] new patterns

---
 malware4.pl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/malware4.pl b/malware4.pl
index f14a978..c6e3f4b 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -226,6 +226,11 @@ my @regexen = (
     qr/<\?php\s+echo\s+\"Priv8\s+Home\s+Root\s+Uploader.+?echo\s+\"gagal\s+upload\"\;\s+\}\s+\}\s+\}\s+\?>/is,
     qr/<\?php.+?BlackHat\s+Shell.+?\$auth\_pass.+?\$nusantarablackhat.+?eval\(str\_rot13\(gzinflate\(str\_rot13\(base64\_decode\(\(\$nusantarablackhat\)\)\)\)\)\)\;/is,
     qr/<\!DOCTYPE\s+html>\s+<head>\s+<\!\-\-\s+Meta\s+\-\->\s+<meta\s+name\=\"keywords\"\s+content\=\"Hacked\">.+?<\!\-\-\s+end\:\s+index\s+\-\->/is,
+    qr/<html>\s+<head>\s+<title>\?\?\?\!\!\!<\/title>.+?<h1>\s+HACKED\s+BY\s+CYBERSCRY\s+<\/h1>.+?\/font><\/marquee><br><br><br>/is,
+    qr/<\?php\s+\/\/silent\s+is\s+gold\s+eval\(str\_rot13\(gzinflate\(str\_rot13\(base64\_decode\(.+?\)\)\)\)\)\;\s+\?>/is,
+    qr/<\?php\s+\/\/silent\s+is\s+gold\s+eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;/is,
+    
+
 );
 my @base64_decodes = (