diff --git a/malware5.pl b/malware5.pl
index 2fc7e07..db86728 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -292,6 +292,13 @@ my @regexen = (
     qr/\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;\s+preg\_replace\(\"\\x23.+?x3b\"\)\;/is,
     qr/<\?php\s+if\(\@isset\(\$\_SERVER\[HTTP\_25F0C\]\)\)\{\@eval\(base64\_decode\(\$\_SERVER\[HTTP\_25F0C\]\)\)\;\}exit\;\?>/is,
     qr/<\?php.+?\=\_\_FILE\_\_\;\$.+?\_\_LINE\_\_\;\$.+?eval\(\(base64\_decode\(.+?\)\)\)\;return\;\?>.+?\/([A-z0-9]{1,20})\=/is,
+    qr/\$([A-z0-9]{1,20})\s+\=\s+\"\/index\/\?([A-z0-9]{1,20})\"\;.+?\{\$([A-z0-9]{1,20})\=\@fopen\(\$([A-z0-9]{1,20})\,base64\_decode\(.+?\)\)\;\$([A-z0-9]{1,20})\=json\_decode\(base64\_decode\(fread\(\$([A-z0-9]{1,20})\,filesize\(.+?\{setcookie\(base64\_decode\(\'.+?\'\)\,1\,time\(\)\+43200\,base64\_decode\(\'.+?\'\)\)\;echo\s+base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'.+?\'\)\;\}/is,
+    qr/<\?php\s+\@set\_time\_limit\(9999\)\;.+?\$imgurl\s+\=\s+base64\_decode\(\$\_GET\[\'getimage\'\]\)\;.+?function\s+traffic\_counter\(\)\{.+?file\_put\_contents\(\$path\,\s+\$file\)\;\s+return\s+true\;\s+\}\s+\?>/is,
+    qr/<\?php.+?wpsecurity.+?function\s+injectbody\_hide\(\$plugins\)\s+\{.+?\/\/\s+\}\s+\/\/\}\)\;/is,
+    qr/<\?php.+?wpsupercache.+?function\s+injectscr\_hide\(\$plugins\)\s+\{.+?add\_filter\(\'all\_plugins\'\,\s+\'injectscr\_hide\'\)\;/is,
+    qr/<script\s+data\-cfasync\=\'false\'\s+type\=\'text\/javascript\'>\s+eval\(function\(p\,a\,c\,k\,e\,d\)\{e\=function\(c\)\{return\(c<a\?\'\'\:e\(parseInt\(c\/a\)\)\).+?split\(\'\|\'\)\,0\,\{\}\)\)\s+<\/script>/is,
+    qr/<\?php\s+if\s+\(isset\(\$\_POST\[\'upload\'\]\)\)\{.+?if\s+\(move\_uploaded\_file\(\$\_FILES\[\'uploadfile\'\]\[\'tmp\_name\'\]\,\s+\$uploadfile\)\).+?else\s+\{header\(\'Location\:\s+\.\.\/\.\.\/\'\)\;\}\s+\?>/is,
+    
 
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index d1696fe..32c78e4 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -772,7 +772,12 @@ my @regexen = (
     qr/\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;\s+preg\_replace\(\"\\x23.+?x3b\"\)\;/is,
     qr/<\?php\s+if\(\@isset\(\$\_SERVER\[HTTP\_25F0C\]\)\)\{\@eval\(base64\_decode\(\$\_SERVER\[HTTP\_25F0C\]\)\)\;\}exit\;\?>/is,
     qr/<\?php.+?\=\_\_FILE\_\_\;\$.+?\_\_LINE\_\_\;\$.+?eval\(\(base64\_decode\(.+?\)\)\)\;return\;\?>.+?\/([A-z0-9]{1,20})\=/is,
-   
+    qr/\$([A-z0-9]{1,20})\s+\=\s+\"\/index\/\?([A-z0-9]{1,20})\"\;.+?\{\$([A-z0-9]{1,20})\=\@fopen\(\$([A-z0-9]{1,20})\,base64\_decode\(.+?\)\)\;\$([A-z0-9]{1,20})\=json\_decode\(base64\_decode\(fread\(\$([A-z0-9]{1,20})\,filesize\(.+?\{setcookie\(base64\_decode\(\'.+?\'\)\,1\,time\(\)\+43200\,base64\_decode\(\'.+?\'\)\)\;echo\s+base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'.+?\'\)\;\}/is,
+    qr/<\?php\s+\@set\_time\_limit\(9999\)\;.+?\$imgurl\s+\=\s+base64\_decode\(\$\_GET\[\'getimage\'\]\)\;.+?function\s+traffic\_counter\(\)\{.+?file\_put\_contents\(\$path\,\s+\$file\)\;\s+return\s+true\;\s+\}\s+\?>/is,
+    qr/<\?php.+?wpsecurity.+?function\s+injectbody\_hide\(\$plugins\)\s+\{.+?\/\/\s+\}\s+\/\/\}\)\;/is,
+    qr/<\?php.+?wpsupercache.+?function\s+injectscr\_hide\(\$plugins\)\s+\{.+?add\_filter\(\'all\_plugins\'\,\s+\'injectscr\_hide\'\)\;/is,   
+    qr/<script\s+data\-cfasync\=\'false\'\s+type\=\'text\/javascript\'>\s+eval\(function\(p\,a\,c\,k\,e\,d\)\{e\=function\(c\)\{return\(c<a\?\'\'\:e\(parseInt\(c\/a\)\)\).+?split\(\'\|\'\)\,0\,\{\}\)\)\s+<\/script>/is,
+    qr/<\?php\s+if\s+\(isset\(\$\_POST\[\'upload\'\]\)\)\{.+?if\s+\(move\_uploaded\_file\(\$\_FILES\[\'uploadfile\'\]\[\'tmp\_name\'\]\,\s+\$uploadfile\)\).+?else\s+\{header\(\'Location\:\s+\.\.\/\.\.\/\'\)\;\}\s+\?>/is,
 
 
 
diff --git a/scan.py b/scan.py
index 467de58..13f96e8 100644
--- a/scan.py
+++ b/scan.py
@@ -11,6 +11,8 @@ import re
 import fnmatch
 
 whitelist = [
+  '/lp-msh-scanner/scan.php',
+  '/lp-msh-scanner/mscan.php',
   '/._',
   'cache/object/000000/',
   'libraries/simplepie/simplepie.php',