From a815f9b009ae08e288dd7cd7c33f6f6a37bba982 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Fri, 12 Jan 2018 21:18:34 +0100
Subject: [PATCH] new pattern

---
 malware4.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/malware4.pl b/malware4.pl
index 20d3d6c..0e1b560 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -264,7 +264,7 @@ my @regexen = (
     qr/<\?php.+?\$me\s+\=\s+basename\(\_\_FILE\_\_\)\;.+?\}\s+function\s+reload\(\)\{header\(\"Location\:\s+\"\.basename\(\_\_FILE\_\_\)\)\;\}.+?\'\.\'\)\;\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'.+?if\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\.\/\*([A-z0-9]{1,20})\'\..+?exit\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$.+?\(\/\*([A-z0-9]{1,20})\'\..+?false\,\$([A-z0-9]{1,20}).+?([A-z0-9]{1,20})\'\;/is,
     qr/<\?php\s+error\_reporting\(0\)\;\s+if\(isset\(\$\_REQUEST\[\"start\"\]\)\s+\&\&\s+md5\(\$\_REQUEST\[\"start\"\]\)\s+\=\=\s+\'([A-z0-9]{32})\'\s+\&\&\s+isset\(\$\_REQUEST\[\"stort\"\]\)\)\s+eval\(base64\_decode\(\$\_REQUEST\[\"stort\"\]\)\)\;\?>/is,
-    
+    qr/<\?php\s+\/\*\s+VTY\s+\-\s+Database\s+Manager\s+For\s+Mysql.+?\$vty\->BitimIslemleri\(\)\;\s+exit\;\s+\}\s+\?>\s+<\?php.+?class\s+dug\s+\{.+?function\s+menu\(\)\{\s+\?>\s+<table.+?\}\/\/class\:db\s+\?>/is,