diff --git a/malware6.pl b/malware6.pl
index a127765..c1bc7c0 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -130,7 +130,13 @@ my @regexen = (
     qr/<\?php \$([A-z0-9_]{1,10})=\"ba\"\.\"se\"\.\"64_d\"\.\"ecode\";eval\(\$([A-z0-9_]{1,10})\(.+?\)\);\?>/is,
     qr/<\?php\s+\$([A-z0-9_]{1,10}) = \$_SERVER\[\'HTTP_USER_AGENT\'\];\s+\$keywordsRegex = \"\/([A-z0-9_]{20,})\/i\";\s+if \(preg_match\(\$keywordsRegex, \$([A-z0-9_]{1,10})\)\) \{.+?echo \'<\/form>\';\s+exit\(\);\s+\}\s+\?>/is,
     qr/<\?php if\(!class_exists\(.+?public \$ip_list_bing=array\(\"191\.232\.\*\".+?init\(\$ruri,\$host,\$is_bot\);\} \?>/is,
-
+    qr/<\?php \$([A-z0-9_]{1,20}) =.+?\$([A-z0-9_]{1,20}) = str_split\(rawurldecode\(str_rot13\(\$([A-z0-9_]{1,20})\)\)\).+?\$([A-z0-9_]{1,20}) = \$([A-z0-9_]{1,20})\[\$([A-z0-9_]{1,20})\] \. \"\/\" \. substr\(md5\(time\(\)\).+?exit\(\);\}\}\}/is,
+    qr/<\?php\s+\$([Oo0_]{1,10})=.+?\$([Oo0_]{1,10})=\'\|hateyou\|\';.+?\$([Oo0_]{1,10})=urldecode\(\"\%.+?\$([Oo0_]{1,10})=\"([A-z0-9_]{20,})\";\?>/is,
+    qr/<\?php if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\/\*([A-z0-9_]{1,20})\*\/\{eval\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
+    qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\(isset\(\$\{\"_RE\"\.\"QUE\"\.\"ST\"\}\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$\w=\/\*([A-z0-9_]{1,20})\*\/\"pr\"\.\"eg\"\.\"_r\"\.\"ep\"\.\"la\"\.\"ce\";\$\w\(\'\/\/e\',\$\{\"_RE\"\.\"QUE\"\.\"ST\"\}\[\'([A-z0-9_]{1,20})\'\],\'\'\);\/\*([A-z0-9_]{1,20})\*\/exit;\}/is,
+    qr/<\?php\s+if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\/\*([A-z0-9_]{1,20})\*\/\$\w=\"assert\";\/\*([A-z0-9_]{1,20})\*\/\$\w=\$\w\/\*([A-z0-9_]{1,20})\*\/\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\} \/\/([A-z0-9_]{1,20})\s+if \(!extension_loaded\(\'IonCube_loader\'\)\).+?administrator\.\'\);return 0;\s+\?>\s+([A-z0-9_]{50,})/is,
+    qr/<\?php\s+\/\*([A-z0-9_]{1,20})\*\/if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\} \@eval\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\);\?>/is,
+    qr/<\?php\s+\/\*([A-z0-9_]{1,20})\*\/if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\/\*([A-z0-9_]{1,20})\*\/eval\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\} if\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
 
 
     
diff --git a/malwaresh.pl b/malwaresh.pl
index 7b8b340..b800bb9 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -26,6 +26,7 @@ print "Content-type: text/html\n\n";
 my $user = $ARGV[0];
 
 my @regexen = (
+    qr/<\?php\s+\$([Oo0_]{1,10})=.+?\$([Oo0_]{1,10})=\'\|hateyou\|\';.+?\$([Oo0_]{1,10})=urldecode\(\"\%.+?\$([Oo0_]{1,10})=\"([A-z0-9_]{20,})\";\?>/is,
     qr/\/\/\s+([A-z0-9]{31})\s+echo\s+base64\_decode\(.+?\)\;\s+\/\/([A-z0-9]{31})/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\|.+?\)\)\=\=\$([A-z0-9]{1,20})\)eval\(\$.+?\'\;/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\|.+?\)die\;\$.+?\(false\,\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\).+?\'\;/is,
@@ -1115,8 +1116,16 @@ my @regexen = (
     qr/<\?php \$([A-z0-9_]{1,10})=\"ba\"\.\"se\"\.\"64_d\"\.\"ecode\";eval\(\$([A-z0-9_]{1,10})\(.+?\)\);\?>/is,
     qr/<\?php\s+\$([A-z0-9_]{1,10}) = \$_SERVER\[\'HTTP_USER_AGENT\'\];\s+\$keywordsRegex = \"\/([A-z0-9_]{20,})\/i\";\s+if \(preg_match\(\$keywordsRegex, \$([A-z0-9_]{1,10})\)\) \{.+?echo \'<\/form>\';\s+exit\(\);\s+\}\s+\?>/is,
     qr/<\?php if\(!class_exists\(.+?public \$ip_list_bing=array\(\"191\.232\.\*\".+?init\(\$ruri,\$host,\$is_bot\);\} \?>/is,
-    
-);
+    qr/<\?php \$([A-z0-9_]{1,20}) =.+?\$([A-z0-9_]{1,20}) = str_split\(rawurldecode\(str_rot13\(\$([A-z0-9_]{1,20})\)\)\).+?\$([A-z0-9_]{1,20}) = \$([A-z0-9_]{1,20})\[\$([A-z0-9_]{1,20})\] \. \"\/\" \. substr\(md5\(time\(\)\).+?exit\(\);\}\}\}/is,
+    qr/<\?php if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\/\*([A-z0-9_]{1,20})\*\/\{eval\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
+    qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\(isset\(\$\{\"_RE\"\.\"QUE\"\.\"ST\"\}\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$\w=\/\*([A-z0-9_]{1,20})\*\/\"pr\"\.\"eg\"\.\"_r\"\.\"ep\"\.\"la\"\.\"ce\";\$\w\(\'\/\/e\',\$\{\"_RE\"\.\"QUE\"\.\"ST\"\}\[\'([A-z0-9_]{1,20})\'\],\'\'\);\/\*([A-z0-9_]{1,20})\*\/exit;\}/is,
+    qr/<\?php\s+if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\/\*([A-z0-9_]{1,20})\*\/\$\w=\"assert\";\/\*([A-z0-9_]{1,20})\*\/\$\w=\$\w\/\*([A-z0-9_]{1,20})\*\/\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\} \/\/([A-z0-9_]{1,20})\s+if \(!extension_loaded\(\'IonCube_loader\'\)\).+?administrator\.\'\);return 0;\s+\?>\s+([A-z0-9_]{50,})/is,
+    qr/<\?php\s+\/\*([A-z0-9_]{1,20})\*\/if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\} \@eval\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\);\?>/is,
+    qr/<\?php\s+\/\*([A-z0-9_]{1,20})\*\/if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\/\*([A-z0-9_]{1,20})\*\/eval\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\} if\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
+
+
+)
+;
 
 my @base64_decodes = (