From 9ce02e9d2780f3c1e85bf32b8365bca7348c8159 Mon Sep 17 00:00:00 2001
From: Malin <malin@cenusa.me>
Date: Mon, 1 May 2017 09:01:02 +0200
Subject: [PATCH] Update 'malware4.pl'

---
 malware4.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/malware4.pl b/malware4.pl
index f1ef1ab..983dca5 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -88,7 +88,8 @@ my @regexen = (
     qr/var\s+\_0xaae8\=\[\"\"\,\".+?\"\]\;document\[\_0xaae8\[5\]\]\(\_0xaae8\[4\]\[\_0xaae8\[3\]\]\(\_0xaae8\[0\]\)\[\_0xaae8\[2\]\]\(\)\[\_0xaae8\[1\]\]\(\_0xaae8\[0\]\)\)/is,
     qr/<\?php\s+eval\(gzuncompress\(base64\_decode\(.+?\=\=\'\)\)\)\;/is,
     qr/<\?php\s+\$report\_url\s+\=\s+\$\_POST\[\'url\'\]\;\s+\$pass\s+\=\s+\$\_POST\[\'pass\'\]\;\s+\$list\s+\=\s+\$\_POST\[\'list\'\]\;.+?if\s+\(\@stripos\(\$hello\,\'\+OK\'\)\!\=\=false\)\s+\{\s+return\s+true\;\s+\}\s+return\s+false\;\s+\}/is,
-
+	qr/A<\?php\s+\$license\s+\=\s+str\_rot13\(\'n\'\.\'f\'\.\'f\'\.\'r\'\.\'e\'\.\'g\'\)\;\s+\$license\(\$\_POST\[\'info\'\]\)\;\s+\?>/is,
+    
 );
 my @base64_decodes = (