diff --git a/malware6.pl b/malware6.pl
index ffbda1e..a92c5d7 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -263,7 +263,17 @@ my @regexen = (
     qr/<\?php \$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}\[\"\\x61j\\x76q\\x6c\\x65\\x69\\x66\"\]=\"\\x63\";if\(isset\(\$_GET\[\"a\\x62\\x63\\x311\"\]\)\)\{\$([A-z0-9_]{1,20})="\x63";\$\{\$([A-z0-9_]{1,20})\}=base64_decode\(\".+?\"\)\.\"([A-z0-9_]{1,20})\";\@\$\{\$\{\"GLOB\\x41\\x4c\\x53\"\}\[\"\\x61\\x6a\\x76\\x71l\\x65\\x69\\x66\"\]\}\(\$_POST\[\"\\x78\"\]\);exit\(\);\}\?>/is,
     qr/<\?php.+?<title>pastrulo<\/title>.+?\)\);\?>\'\)\);/is,
     qr/<\?php\s+\$\w=\"\\x62\";\$\w=\"\\x65\".+?eval\( \$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(.+?\)\)\);\s+\?>/is,
-
+    qr/<\?php\s+\@error_reporting\(0\);\s+\@set_time_limit\(0\);\s+\$code = \".+?\@eval\(gzinflate\(base64_decode\(\$code\)\)\);\?>/is,
+    qr/<\?php \@ini_set\(\'display_errors\',0\).+?CPANEL CRACKER.+?s3curity\.tn \"; \?>\s+<\?\(\@copy\(\$_FILES\[\'f\'\]\[\'tmp_name\'\], \$_FILES\[\'f\'\]\[\'name\'\]\)\);\?>/is,
+    qr/<html>\s+<head>\s+<title>\s+Dark Shell.+?<h1>Dark Shell<\/h1>.+?\$items = scandir \(\$file\);.+?echo \"<\/table>\\n\";\s+\?>/is,
+    qr/<\?php \$([A-z0-9_]{1,20}) = \'gzun\'\. \'comp\'\. \'ress\';\$([A-z0-9_]{1,20}) = \'b\' \.\'a\' \.\'s\' \.\'e\' \.\'6\' \.\'4\' \.\'_\' \.\'d\' \.\'e\' \.\'c\' \.\'o\' \.\'d\' \.\'e\';\$([A-z0-9_]{1,20}) = \'imp\' \.\'lod\' \.\'e\';\$([A-z0-9_]{1,20}) = array\(.+?\); eval\( \$([A-z0-9_]{1,20}) \(\$([A-z0-9_]{1,20}) \(\$([A-z0-9_]{1,20}) \(\'\',\$([A-z0-9_]{1,20})\)\)\)\); \?>/is,
+    qr/<\?php\s+set_time_limit\(0\);\s+error_reporting\(0\);\s+\$auth_pass.+?\/\/ con7extwebshell\s+\$con7ext2 =.+?eval\(str_rot13\(gzinflate\(str_rot13\(base64_decode\(\(\$con7ext2\)\)\)\)\)\);/is,
+    qr/<\?php.+?\$auth_pass =.+?eval\(str_rot13\(gzinflate\(str_rot13\(base64_decode\(\(\$([A-z0-9_]{1,20})\)\)\)\)\)\);/is,
+    qr/<\? \$([A-z0-9_]{1,20})=\$_GET\[\'hamza\'\].+?\@move_uploaded_file\(\$userfile_tmp.+?value=\"Submit\"><\/form>\';\}\}\?>/is,
+    qr/<html>\s+<head>\s+<title>Symlink Get Config.+?echo system\(\'ls \/var\/mail\'\);.+?symlink\(\'\/var\/www\/html\/include\/connect\.php\',\'OTHER\.txt\'\);.+?\?>\s+<\/td><\/table><\/body><\/html>/is,    
+    qr/<\?php\s+function query_str\(\$params\)\{.+?Priv8.+?sent successfully\'\); <\/script>\";\}\}\s+\?>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php print_r\(eval\(\$_POST\[0\]\)\);/is,
+       
 );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index 1de0a7e..b252f8f 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1251,6 +1251,16 @@ my @regexen = (
     qr/<\?php \$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}\[\"\\x61j\\x76q\\x6c\\x65\\x69\\x66\"\]=\"\\x63\";if\(isset\(\$_GET\[\"a\\x62\\x63\\x311\"\]\)\)\{\$([A-z0-9_]{1,20})="\x63";\$\{\$([A-z0-9_]{1,20})\}=base64_decode\(\".+?\"\)\.\"([A-z0-9_]{1,20})\";\@\$\{\$\{\"GLOB\\x41\\x4c\\x53\"\}\[\"\\x61\\x6a\\x76\\x71l\\x65\\x69\\x66\"\]\}\(\$_POST\[\"\\x78\"\]\);exit\(\);\}\?>/is,
     qr/<\?php.+?<title>pastrulo<\/title>.+?\)\);\?>\'\)\);/is,
     qr/<\?php\s+\$\w=\"\\x62\";\$\w=\"\\x65\".+?eval\( \$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(.+?\)\)\);\s+\?>/is,
+    qr/<\?php\s+\@error_reporting\(0\);\s+\@set_time_limit\(0\);\s+\$code = \".+?\@eval\(gzinflate\(base64_decode\(\$code\)\)\);\?>/is,
+    qr/<\?php \@ini_set\(\'display_errors\',0\).+?CPANEL CRACKER.+?s3curity\.tn \"; \?>\s+<\?\(\@copy\(\$_FILES\[\'f\'\]\[\'tmp_name\'\], \$_FILES\[\'f\'\]\[\'name\'\]\)\);\?>/is,
+    qr/<html>\s+<head>\s+<title>\s+Dark Shell.+?<h1>Dark Shell<\/h1>.+?\$items = scandir \(\$file\);.+?echo \"<\/table>\\n\";\s+\?>/is,
+    qr/<\?php \$([A-z0-9_]{1,20}) = \'gzun\'\. \'comp\'\. \'ress\';\$([A-z0-9_]{1,20}) = \'b\' \.\'a\' \.\'s\' \.\'e\' \.\'6\' \.\'4\' \.\'_\' \.\'d\' \.\'e\' \.\'c\' \.\'o\' \.\'d\' \.\'e\';\$([A-z0-9_]{1,20}) = \'imp\' \.\'lod\' \.\'e\';\$([A-z0-9_]{1,20}) = array\(.+?\); eval\( \$([A-z0-9_]{1,20}) \(\$([A-z0-9_]{1,20}) \(\$([A-z0-9_]{1,20}) \(\'\',\$([A-z0-9_]{1,20})\)\)\)\); \?>/is,
+    qr/<\?php\s+set_time_limit\(0\);\s+error_reporting\(0\);\s+\$auth_pass.+?\/\/ con7extwebshell\s+\$con7ext2 =.+?eval\(str_rot13\(gzinflate\(str_rot13\(base64_decode\(\(\$con7ext2\)\)\)\)\)\);/is,
+    qr/<\?php.+?\$auth_pass =.+?eval\(str_rot13\(gzinflate\(str_rot13\(base64_decode\(\(\$([A-z0-9_]{1,20})\)\)\)\)\)\);/is,
+    qr/<\? \$([A-z0-9_]{1,20})=\$_GET\[\'hamza\'\].+?\@move_uploaded_file\(\$userfile_tmp.+?value=\"Submit\"><\/form>\';\}\}\?>/is,
+    qr/<html>\s+<head>\s+<title>Symlink Get Config.+?echo system\(\'ls \/var\/mail\'\);.+?symlink\(\'\/var\/www\/html\/include\/connect\.php\',\'OTHER\.txt\'\);.+?\?>\s+<\/td><\/table><\/body><\/html>/is,
+    
+
 
 );