diff --git a/malware4.pl b/malware4.pl
index 75f14ab..0944a01 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -196,7 +196,7 @@ my @regexen = (
     qr/<\?php.+?Twenty\_Sixteen.+?eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php.+?str\_ireplace\(\"([A-z0-9]{1})\"\,\"\"\,\"([A-z]{1,10})b([A-z]{1,10})a([A-z]{1,10})s([A-z]{1,10})e([A-z]{1,10})6([A-z]{1,10})4([A-z]{1,10})\_([A-z]{1,10})d([A-z]{1,10})e([A-z]{1,10})c([A-z]{1,10})o([A-z]{1,10})d([A-z]{1,10})e([A-z]{1,10})\"\).+?}\s+\?>/is,
     qr/<\?php\s+error\_reporting\(E\_ERROR.+?\$wp\_code\s+\=.+?\?>/is,
-
+    qr/<\?php\s+\$s\_pass\s+\=\s+\"\"\;\s+eval\(\"\\\$x\=gzin\"\.\"flate\(base\"\.\"64\_de\"\.\"code\(.+?\)\)\;\"\)\;eval\(\"\?>\"\.\$x\)\;\s+\?>/is,
     
 );
 my @base64_decodes = (