diff --git a/malware4.pl b/malware4.pl
index fdab27b..30dc0f9 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -248,7 +248,7 @@ my @regexen = (
     qr/<\?php\s+eval\(gzinflate\(base64\_decode\(\".+?\)\)\)\;\s+eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(.+?\)\)\)\;\Z/is,
     qr/<\?php\s+if\s+\(\!isset\(\$\_SERVER\[\'REQUEST\_URI\'\]\)\s+\|\|\s+ltrim\(\$\_SERVER\[\'REQUEST\_URI\'\]\,\'\/\'\)\s+\=\=\=\s+\'\'\)\s+\{\s+print\s+\'<div\s+class\=\"([A-z0-9]{1,20})\"\s+style\=\"position\:\s+absolute\;\s+left\:\s+\-9999px\;\">\s+\<a\s+href=\"http\:\/\/.+?casino.+?<\/a><\/div>\'\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\'.+?\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+\$([A-z0-9]{1,20})\(\"\"\,([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\$([A-z0-9]{1,20})\,\$([A-z0-9]{1,20})\)\)\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\;\s+\$([A-z0-9]{1,20})\(\"\"\)\;\s+\$([A-z0-9]{1,20})\=\(([0-9]{1,10})\-([0-9]{1,10})\)\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
-
+    qr/<\?php\s+\$str\s+\=\s+\"([A-z0-9]{1,20})\"\;\$Oo0\=\$str\{([0-9]{1,10})\}\.\$str\{([0-9]{1,10})\}\.\$str\{([0-9]{1,10})\}\.\$str\{([0-9]{1,10})\}\.\$str\{([0-9]{1,10})\}\.\$str\{([0-9]{1,10})\}\;\$([A-z0-9]{1,20})\s+\=\$\_POST\[\"([A-z0-9]{1,20})\"\]\;\$Oo0\(\$([A-z0-9]{1,20})\)\;\?>/is,
 );
 my @base64_decodes = (