diff --git a/malware5.pl b/malware5.pl
index 5c59687..d492829 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -268,7 +268,11 @@ my @regexen = (
     qr/\/\*\s+exploit\s+lib\s+\*\/.+?struct\s+exploit\_state\s+\{.+?pa\_\_init\(NULL\)\;\s+return\s+0\;\s+\}/is,
     qr/\/\*.+?sd\@fucksheep\.org.+?struct\s+exploit\_state\s+\{.+?unlink\(\"\.\/suckit\_selinux\_nopz\"\)\;\s+exit\(1\)\;\s+\}/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\"\_\"\.\'G\'\.\'E\'\.\'T\'\;\s+if\s+\(isset\(\s+\$\{\$([A-z0-9]{1,20})\}\[\'\d\d\'\]\)\)\s+preg\_replace\(\'\/\'\.\'\.\*\/e\'\,\s+\'ev\'\.\'al\s+\(\s+\$\'\.\$([A-z0-9]{1,20})\.\'\[\"\d\d\"\]\)\'\,\s+\'\'\)\;\s+\?>/is,
-
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\)\)eval\(\/\*\'\..+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\)\,\$([A-z0-9]{1,20})\(null\,\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\).+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\)\;if\(\!\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\/\*\'\.\s+\'\)\*\/\$([A-z0-9]{1,20})\)\)\,\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\(.+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\..+?\'\;/is,
+    
 
 }/is,
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 582a14b..e7ee921 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -748,7 +748,10 @@ my @regexen = (
     qr/\/\*\s+exploit\s+lib\s+\*\/.+?struct\s+exploit\_state\s+\{.+?pa\_\_init\(NULL\)\;\s+return\s+0\;\s+\}/is,
     qr/\/\*.+?sd\@fucksheep\.org.+?struct\s+exploit\_state\s+\{.+?unlink\(\"\.\/suckit\_selinux\_nopz\"\)\;\s+exit\(1\)\;\s+\}/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\"\_\"\.\'G\'\.\'E\'\.\'T\'\;\s+if\s+\(isset\(\s+\$\{\$([A-z0-9]{1,20})\}\[\'\d\d\'\]\)\)\s+preg\_replace\(\'\/\'\.\'\.\*\/e\'\,\s+\'ev\'\.\'al\s+\(\s+\$\'\.\$([A-z0-9]{1,20})\.\'\[\"\d\d\"\]\)\'\,\s+\'\'\)\;\s+\?>/is,
-
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\)\)eval\(\/\*\'\..+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\)\,\$([A-z0-9]{1,20})\(null\,\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\).+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\)\;if\(\!\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\/\*\'\.\s+\'\)\*\/\$([A-z0-9]{1,20})\)\)\,\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\(.+?\'\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\..+?\'\;/is,
     
 
 );