diff --git a/malware6.pl b/malware6.pl
index e96b487..d5a98aa 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -306,7 +306,7 @@ my @regexen = (
     qr/<\?php\s+error_reporting\(E_ERROR\);set_time_limit\(0\);\s+if\(isset\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\s+\$tofile=\'40\d\.php\';\s+\$([A-z0-9_]{1,20}) =base64_decode\(strtr\(\$_POST\[\'([A-z0-9_]{1,20})\'\], \'\-\_,\', \'\+\/=\'\)\);\s+\$([A-z0-9_]{1,20})=\'<\?php \'\.\$([A-z0-9_]{1,20})\.\'\?>\';\s+\@file_put_contents\(\$tofile,\$([A-z0-9_]{1,20})\);\s+require_once\(\'40\d\.php\'\);\s+\@unlink\(\$tofile\);\s+exit;\s+\}\s+\?>/is,
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/ \?>/is,
     qr/<\?php \$([A-z0-9_]{1,20}) = \".+?function ([A-z0-9_]{1,30})\(\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w;\}\$.+?\(\"o\\x64e\",chr\(40\),\"\"\);\$.+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);\s+\?>/is,
-    qr/<\?php \$([A-z0-9_]{1,20}) = \".+?function ([A-z0-9_]{1,30})\(\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w;\}\$.+?\(\"\\x65va\",chr\(108\),\"\"\.chr\(40\)\);\$.+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);/is,
+    qr/<\?php function ([A-z0-9_]{1,30})\(\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w;\}\$.+?\(\"\\x65va\",chr\(108\),\"\"\.chr\(40\)\);\$.+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);/is,
     qr/<\?php\s+if\(isset\(\$_POST\[\'([A-z0-9_]{1,30})\'\]\)\)\{\s+\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\],\'\-\_,\',\'\+\/=\'\)\);.+?if\(strlen\(\$\w\)<300\)\{echo \'indexcode is null\';exit;\}\s+if\(file_exists\(\$index\)\)\{\@chmod\(\$index,0755\);\@unlink\(\$index\);\}\@file_put_contents\(\$index,\$\w\);echo \'ok\';\s+\}\s+\?>/is,
     
    
diff --git a/malwaresh.pl b/malwaresh.pl
index 23952c2..c650472 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1293,9 +1293,8 @@ my @regexen = (
     qr/<\?php\s+error_reporting\(E_ERROR\);set_time_limit\(0\);\s+if\(isset\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\s+\$tofile=\'40\d\.php\';\s+\$([A-z0-9_]{1,20}) =base64_decode\(strtr\(\$_POST\[\'([A-z0-9_]{1,20})\'\], \'\-\_,\', \'\+\/=\'\)\);\s+\$([A-z0-9_]{1,20})=\'<\?php \'\.\$([A-z0-9_]{1,20})\.\'\?>\';\s+\@file_put_contents\(\$tofile,\$([A-z0-9_]{1,20})\);\s+require_once\(\'40\d\.php\'\);\s+\@unlink\(\$tofile\);\s+exit;\s+\}\s+\?>/is,
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/ \?>/is,
     qr/<\?php \$([A-z0-9_]{1,20}) = \".+?function ([A-z0-9_]{1,30})\(\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w;\}\$.+?\(\"o\\x64e\",chr\(40\),\"\"\);\$.+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);\s+\?>/is,
-    qr/<\?php \$([A-z0-9_]{1,20}) = \".+?function ([A-z0-9_]{1,30})\(\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w;\}\$.+?\(\"\\x65va\",chr\(108\),\"\"\.chr\(40\)\);\$.+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);/is,
+    qr/<\?php function ([A-z0-9_]{1,30})\(\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w;\}\$.+?\(\"\\x65va\",chr\(108\),\"\"\.chr\(40\)\);\$.+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);/is,
     qr/<\?php\s+if\(isset\(\$_POST\[\'([A-z0-9_]{1,30})\'\]\)\)\{\s+\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\],\'\-\_,\',\'\+\/=\'\)\);.+?if\(strlen\(\$\w\)<300\)\{echo \'indexcode is null\';exit;\}\s+if\(file_exists\(\$index\)\)\{\@chmod\(\$index,0755\);\@unlink\(\$index\);\}\@file_put_contents\(\$index,\$\w\);echo \'ok\';\s+\}\s+\?>/is,
-    
 
 );