diff --git a/malware6.pl b/malware6.pl
index a59c1f5..bbab26e 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -232,7 +232,11 @@ my @regexen = (
     qr/<\?php \@ini_set\(\"error_log\",null\);\@ini_set\(\"log_errors\",0\);\@ini_set\(\"max_execution_time\",0\);\@set_time_limit\(0\);error_reporting\(0\).+?\)\{\}else\{file_put_contents\(\$.+?\);\}else\{([A-z0-9]{1,6})_\(\$_SERVER\[\'DOCUMENT_ROOT\'\]\);\}\}\}\}\}\}\}\};/is,
     qr/<\?php \@ini_set\(\"error_log\",null\);\@ini_set\(\"log_errors\",0\);\@ini_set\(\"max_execution_time\",0\);\@set_time_limit\(0\);error_reporting\(0\).+?\)\{\}else\{file_put_contents\(\$.+?\);\}else\{([A-z0-9]{1,6})_\(\$_SERVER\[\'DOCUMENT_ROOT\'\]\);\}\}\}\}\}\}\}\};/is,
     qr/<\?php\s+\@ini_set\(\"display_errors\", \"0\"\);.+?if \(!\$npDcheckClassBgp\) \{.+?\$npDcheckClassBgp = \"([A-z0-9]{1,6})\";\s+\}\s+\?>/is,
-    qr/<\?php\s+\/\/header\(.+?\$([O0_]{1,6})=\(.+?\\x\d\d\"\]\(\);\?>/is,    
+    qr/<\?php\s+\/\/header\(.+?\$([O0_]{1,6})=\(.+?\\x\d\d\"\]\(\);\?>/is,
+    qr/<\?php \$([A-z0-9_]{1,20})=\'ba\'\.\'s\'\.\'e6\'\.\'4_\'\.\'de\'\.\'code\'; \@eval\(\$([A-z0-9_]{1,20})\(.+?([A-z0-9_]{1,20})\'\)\);/is,
+    qr/<\?php\s+ignore_user_abort\(\);.+?system\(base64_decode\(.+?system\(\'echo \"\* \* \* \* \* wget http:\/\/\'\.\$_SERVER\[\"HTTP_HOST\"\]\.\$_SERVER\[\"REQUEST_URI\"\]\.\'\" \| crontab\'\);\s+\?>/is,
+    qr/<\?php for\(\$o=0,\$e=\'&\\\'\(\)\*\+,-\.:\].+?\(:\)^\',\$d=\'\';\@ord\(\$e\[\$o\]\);\$o\+\+\)\{if\(\$o<16\)\{\$h\[\$e\[\$o\]\]=\$o;\}else\{\$d\.=\@chr\(\(\$h\[\$e\[\$o\]\]<<4\)\+\(\$h\[\$e\[\+\+\$o\]\]\)\);\}\}eval\(\$d\); \?>/is,
+        
 
 
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 23d0ac2..e377ae4 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1220,7 +1220,10 @@ my @regexen = (
     qr/<\?php \@ini_set\(\"error_log\",null\);\@ini_set\(\"log_errors\",0\);\@ini_set\(\"max_execution_time\",0\);\@set_time_limit\(0\);error_reporting\(0\).+?\)\{\}else\{file_put_contents\(\$.+?\);\}else\{([A-z0-9]{1,6})_\(\$_SERVER\[\'DOCUMENT_ROOT\'\]\);\}\}\}\}\}\}\}\};/is,
     qr/<\?php\s+\@ini_set\(\"display_errors\", \"0\"\);.+?if \(!\$npDcheckClassBgp\) \{.+?\$npDcheckClassBgp = \"([A-z0-9]{1,6})\";\s+\}\s+\?>/is,
     qr/<\?php\s+\/\/header\(.+?\$([O0_]{1,6})=\(.+?\\x\d\d\"\]\(\);\?>/is,
-
+    qr/<\?php \$([A-z0-9_]{1,20})=\'ba\'\.\'s\'\.\'e6\'\.\'4_\'\.\'de\'\.\'code\'; \@eval\(\$([A-z0-9_]{1,20})\(.+?([A-z0-9_]{1,20})\'\)\);/is,
+    qr/<\?php\s+ignore_user_abort\(\);.+?system\(base64_decode\(.+?system\(\'echo \"\* \* \* \* \* wget http:\/\/\'\.\$_SERVER\[\"HTTP_HOST\"\]\.\$_SERVER\[\"REQUEST_URI\"\]\.\'\" \| crontab\'\);\s+\?>/is,
+    qr/<\?php for\(\$o=0,\$e=\'&\\\'\(\)\*\+,-\.:\].+?\(:\)^\',\$d=\'\';\@ord\(\$e\[\$o\]\);\$o\+\+\)\{if\(\$o<16\)\{\$h\[\$e\[\$o\]\]=\$o;\}else\{\$d\.=\@chr\(\(\$h\[\$e\[\$o\]\]<<4\)\+\(\$h\[\$e\[\+\+\$o\]\]\)\);\}\}eval\(\$d\); \?>/is,
+