diff --git a/malware5.pl b/malware5.pl
index f323263..66027af 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -484,6 +484,7 @@ my @regexen = (
     qr/<\?php\s+extract\(\$\_COOKIE\)\;\s+if\s+\(\$\w\)\s+\{\s+\@\$\w\(\$\w\,\$\w\)\;\s+\@\$\w\(\$\w\(\$\w\,\$\w\)\)\;\s+\}/is,
     qr/<\?php\s+eval\s+\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\s+\?>/is,
     qr/<\?php\s+header\(.+?\$Remote\_server.+?function\s+GetHtml\(\$url\)\s+\{\s+return\s+getHTTPPage\(\$url\)\;\s+\}/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\"\"\;\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\.\'([A-z0-9]{1,20})\'\..+?\$([A-z0-9]{1,20})\=([A-z0-9]{1,20})\(\)\;.+?\$([A-z0-9]{1,20})\=array\(.+?\$([A-z0-9]{1,20})\=([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+join\(\'\'\,\s+\$([A-z0-9]{1,20})\)\s+\)\;.+?return\s+\"\{\$([A-z0-9]{1,20})\}\{\$([A-z0-9]{1,20})\}\"\;\s+\}\s+\?>/is,
         
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 0a90ca1..43ca0fb 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -967,6 +967,7 @@ my @regexen = (
     qr/<\?php\s+extract\(\$\_COOKIE\)\;\s+if\s+\(\$\w\)\s+\{\s+\@\$\w\(\$\w\,\$\w\)\;\s+\@\$\w\(\$\w\(\$\w\,\$\w\)\)\;\s+\}/is,
     qr/<\?php\s+eval\s+\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\s+\?>/is,
     qr/<\?php\s+header\(.+?\$Remote\_server.+?function\s+GetHtml\(\$url\)\s+\{\s+return\s+getHTTPPage\(\$url\)\;\s+\}/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\"\"\;\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'\.\'([A-z0-9]{1,20})\'\..+?\$([A-z0-9]{1,20})\=([A-z0-9]{1,20})\(\)\;.+?\$([A-z0-9]{1,20})\=array\(.+?\$([A-z0-9]{1,20})\=([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+join\(\'\'\,\s+\$([A-z0-9]{1,20})\)\s+\)\;.+?return\s+\"\{\$([A-z0-9]{1,20})\}\{\$([A-z0-9]{1,20})\}\"\;\s+\}\s+\?>/is,
     
 
 );