From 8e0b70e388662c71ff8834a709534468bdf62676 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Sun, 17 Jun 2018 08:50:22 +0200
Subject: [PATCH] new patterns

---
 malware6.pl  | 1 +
 malwaresh.pl | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/malware6.pl b/malware6.pl
index 8546f7f..e3c204b 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -220,6 +220,7 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9_]{1,20})=\'([A-z0-9_]{1,20})\'.+?if\(!\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\)\),\$([A-z0-9_]{1,20})\)\)eval\(\$([A-z0-9_]{1,20})\(\$.+?\(([A-z0-9_]{1,20});([A-z0-9_]{1,20}),([A-z0-9_]{1,20})\';/is,
     qr/<\?php\s+\$([A-z0-9_]{1,20})=\'([A-z0-9_]{1,20})\'.+?\)eval\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\)\);.+?([A-z0-9_]{1,20})\';/is,
     qr/<\?php \/\* WARNING: This file is protected by copyright law\. To reverse engineer or decode this file is strictly prohibited\. \*\/\s+\$\w=\"([A-z0-9]{20,}).+?\";eval\(base64_decode\(\".+?\"\)\);return;\?>/is,
+    qr/<\?php error_reporting\(0\);\$\w=\"eval\(base64_decode\(.+?\"\)\); \?>/is,
 
 
 
diff --git a/malwaresh.pl b/malwaresh.pl
index b917e59..ddf1a15 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1207,6 +1207,10 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9_]{1,20})=\'([A-z0-9_]{1,20})\'.+?if\(!\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\)\),\$([A-z0-9_]{1,20})\)\)eval\(\$([A-z0-9_]{1,20})\(\$.+?\(([A-z0-9_]{1,20});([A-z0-9_]{1,20}),([A-z0-9_]{1,20})\';/is,
     qr/<\?php\s+\$([A-z0-9_]{1,20})=\'([A-z0-9_]{1,20})\'.+?\)eval\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\)\);.+?([A-z0-9_]{1,20})\';/is,
     qr/<\?php \/\* WARNING: This file is protected by copyright law\. To reverse engineer or decode this file is strictly prohibited\. \*\/\s+\$\w=\"([A-z0-9]{20,}).+?\";eval\(base64_decode\(\".+?\"\)\);return;\?>/is,
+    qr/<\?php error_reporting\(0\);\$\w=\"eval\(base64_decode\(.+?\"\)\); \?>/is,
+
+
+
     
 );