diff --git a/malware4.pl b/malware4.pl
index ed15795..dbc6ec9 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -175,7 +175,16 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{1})\"\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\)\;\s+\?>/is,
     qr/<\!DOCTYPE\s+html>\s+<html\s+lang\=\"en\-us\"><head><title>Hacked\s+by\s+AnoaGhost.+?<\/html>/is,
     qr/GIF89a\s+BlaCkB0x\s+<\?\$k\=\"ass\"\.\"ert\"\;\s+\$k\(\$\{\"\_PO\"\.\"ST\"\}\s+\[\'admin1234\@\#\'\]\)\;\?>/is,
-    qr/ELF.+?blake256_final.+?persistentctxs/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\$.+?\'firoERs\".+?\]\}\(\)\;\}\s+\?>/is,
+    qr/<\?php\s+function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\s+\{.+?1337\)\;\s+else\Z/is,
+    qr/<html>\s+<head><title><\/title>\s+\<\/head>\s+<body>\s+<\?php\s+\/*\s+\*\s+REVISION.+?if\s+\(md5\(md5\(\$\_REQUEST\[.+?print\s+\"ERROR\:\s+7\s+UNKNOWN<br\/>.+?\?>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php\s+error\_reporting\(0\)\;\s+class\s+([A-z0-9]{1,20})\s+\{\s+public\s+function\s+\_\_construct\(\)\s+\{\s+\$([A-z0-9]{1,20})\s+\=\s+\@\$\_COOKIE\[\'([A-z0-9]{1,20})\'\]\;\s+if\s+\(\$([A-z0-9]{1,20})\)\s+\{\s+\$option\s+\=\s+\$([A-z0-9]{1,20})\s+\(\@\$\_COOKIE\[\'([A-z0-9]{1,20})\'\]\)\s+\;\s+\$([A-z0-9]{1,20})\s+\=\s+\$([A-z0-9]{1,20})\s+\(\s+\@\$\_COOKIE\[\'([A-z0-9]{1,20})\'\]\)\s+\;\s+\$option\s+\(\s+\"\/([A-z0-9]{1,20})\/e\"\s+\,\s+\$([A-z0-9]{1,20})\s+\,\s+([A-z0-9]{1,20})\s+\)\s+\;\s+\}\s+else\s+\{\s+header\(\"HTTP\/1\.0\s+404\s+Not\s+Found\"\)\;\s+\}\s+\}\s+\}\s+\$content\s+\=\s+new\s+([A-z0-9]{1,20})\;/is,
+    qr/<\?php\s+\$a\=\$\_POST\[\'c\'\]\;\@EvAl\s+\(\$a\)\;\?>/is,
+    qr/<\?\s+if\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\=\=\"([A-z0-9]{1,20})\"\)\{\s+function\s+getDir\(\$dir\)\s+\{\s+\$dirArray\[\]\=NULL\;.+?<\/label>\s+<\/form>/is,
+    qr/<\?php\s+error\_reporting\(0\)\;\s+\$file_name.+?function\s+getDirContents\(\$dir\)\s+\{.+?getDirContents\(\$\_SERVER\[\'DOCUMENT\_ROOT\'\]\)\;\s+\}\}\s+\}\s+\}\s+\}\s+\}\s+\}\s+\?>/is,
+    qr/<\?php\s+if\s+\(\s+\$\_REQUEST\[\"array\"\]\s+\)\s+\{\s+\@assert\(base64\_decode\(\$\_REQUEST\[\"array\"\]\)\)\;\s+\/\/debug\s+message\s+echo\s+\"Array\s+sort\s+completed\"\;\s+exit\(\)\;\s+\}\s+echo\'\s+PAGE\s+NOT\s+FOUND\'\;\s+\}\s+\?>/is,
+    qr/<\?php\s+set\_time\_limit\(0\)\;\s+ignore\_user\_abort\(\)\;.+?echo\s+\$mail\.\"\s+\-\s+sending\s+ok.+?\}\s+\}\s+\?>/is,
+
     
 );
 my @base64_decodes = (