From 7e47ff86a4db3ab9efd1e2b0e2f173a59b756bc4 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Mon, 12 Mar 2018 13:43:44 +0100
Subject: [PATCH] new pattern

---
 malware4.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/malware4.pl b/malware4.pl
index fe0be8a..b83db15 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -353,6 +353,7 @@ my @regexen = (
     qr/<\?php\s+eval\(gzinflate\(base64\_decode\(.+?\'\)\)\)\;\s+\?>/is,
     qr/<\?php\s+eval\(\"\?>\"\.base64\_decode\(\".+?\"\)\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?\;\$([A-z0-9]{1,20})\s+\=\s+Array\(\)\;\$([A-z0-9]{1,20})\[\]\s+\=\s+\$([A-z0-9]{1,20})\[\d\]\.\$([A-z0-9]{1,20})\[\d\d\]\;\$([A-z0-9]{1,20})\[\].+?\;foreach\s+\(\$([A-z0-9]{1,20})\[\d\]\(\$\_COOKIE\,\s+\$\_POST\)\s+as\s+\$([A-z0-9]{1,20}).+?\$([A-z0-9]{1,20})\[\d\]\(\$([A-z0-9]{1,20})\)\)\)\)\;\}/is,
+    qr/<html><head>.+?\@HACKED\s+By\_BDJ\-007.+?var\s+pesen\=\"BDJ\-007\s+Was\s+Here\s+>\_\*\"\;.+?<\/script>\s+<style>/is,
 
 );