From 7eff5b1b715197944dcfc2882942ec44472e2738 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Sun, 24 Dec 2017 11:33:57 +0100
Subject: [PATCH] new patterns

---
 malware4.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/malware4.pl b/malware4.pl
index f498b5d..c94125f 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -213,8 +213,8 @@ my @regexen = (
     qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;\s+charset\=utf\-8\'\)\;\s+\$O\_0OO\_\_0O0\=.+?\$O\_OO0\_O0\_0\=urldecode\(.+?\$OOO0O0\_0\_\_\)\;exit\(\)\;\}\'\)\;\$\{.+?\]\(\)\;\?>/is,
     qr/<\?php\s+\$\_\_\_\_\=base64\_decode\(.+?<input\s+type\=\"submit\"\s+value\=\"go\"\/><\/form><\/center>\'\)\;\?>/is,
     qr/<\?php\s+error\_reporting\(E\_ALL\s+\&\s+\~E\_NOTICE\)\;\s+\$m\s+\=\s+get\_magic\_quotes\_gpc\(\)\;\s+\$uploadfloder.+?\}\s+else\s+\{\s+echo\s+\"ok\"\;\s+\}\s+\?>/is,
-
-
+    qr/<\?php\s+error\_reporting\(0\)\;\s+\$domain\s+\=\s+\'n\.liveupdates\.host\'\;.+?\$s\s+\=\s+dns\_get\_record\(\$domain\,\s+DNS\_TXT\)\;.+?header\(\'Location\:\s+\'\.\$location\.\'\&\'\.\$m\,\s+TRUE\,\s+302\)\;\s+\}/is,
+    qr/<\?php\s+function\s+result\(\$data\).+?srand\(seed\(\)\)\;.+?echo\(result\(array\(.+?\?>/is,
 );
 my @base64_decodes = (