diff --git a/malware6.pl b/malware6.pl
index 0f21656..166f396 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -63,7 +63,7 @@ my @regexen = (
     qr/<\?php\s+\@ini_set\(.+?function wp_cd\(\$fd, \$fa=\"\"\).+?\$npDcheckClassBgp = \"([A-z0-9]{1,20})\";\s+\}\s+\?>/is,
     qr/<\?php \/\* WARNING:.+?;eval\(base64_decode\(.+?\)\);return;\?>/is,
     qr/<\?php\s+\@eval\(base64_decode\(.+?\)\);\s+\?>/is,
-    qr/([A-z0-9]{1,20}) <\?php\s+if\(\@md5\(\$_POST\[\"gif\"\]\) === \"([A-z0-9]{20,})\"\) \{\s+eval \(base64_decode\(\$_POST\[\"php\"\]\)\);\s+exit;\s+\}\s+\?>/is
+    qr/([A-z0-9]{1,20}) <\?php\s+if\(\@md5\(\$_POST\[\"gif\"\]\) === \"([A-z0-9]{20,})\"\) \{\s+eval \(base64_decode\(\$_POST\[\"php\"\]\)\);\s+exit;\s+\}\s+\?>/is,
     qr/<\?eval\(stripslashes\(array_pop\(\$_POST\)\)\)\?>/is,
 
 );
diff --git a/malwaresh.pl b/malwaresh.pl
index f541dc2..bf89ff2 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1048,7 +1048,7 @@ my @regexen = (
     qr/<\?php\s+\@ini_set\(.+?function wp_cd\(\$fd, \$fa=\"\"\).+?\$npDcheckClassBgp = \"([A-z0-9]{1,20})\";\s+\}\s+\?>/is,
     qr/<\?php \/\* WARNING:.+?;eval\(base64_decode\(.+?\)\);return;\?>/is,
     qr/<\?php\s+\@eval\(base64_decode\(.+?\)\);\s+\?>/is,
-    qr/([A-z0-9]{1,20}) <\?php\s+if\(\@md5\(\$_POST\[\"gif\"\]\) === \"([A-z0-9]{20,})\"\) \{\s+eval \(base64_decode\(\$_POST\[\"php\"\]\)\);\s+exit;\s+\}\s+\?>/is
+    qr/([A-z0-9]{1,20}) <\?php\s+if\(\@md5\(\$_POST\[\"gif\"\]\) === \"([A-z0-9]{20,})\"\) \{\s+eval \(base64_decode\(\$_POST\[\"php\"\]\)\);\s+exit;\s+\}\s+\?>/is,
     qr/<\?eval\(stripslashes\(array_pop\(\$_POST\)\)\)\?>/is,
 
 );