From cbf091a85f74ad557c0c4e97b347d97cb0746889 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Fri, 23 Jun 2017 21:36:28 +0200
Subject: [PATCH] new pattern

---
 malware4.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/malware4.pl b/malware4.pl
index 99f1f99..0a49a0e 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -99,6 +99,8 @@ my @regexen = (
     qr/<\?php\s+\@ini\_set\(\'display\_errors\'\,\s+\'0\'\)\;\s+error\_reporting\(0\)\;\s+\$skipme\s+\=\s+false\;\s+\$bad\_agents\s+\=\s+\'\~google.+?<\/script>\"\;\s+\}\s+\}\s+\}\s+\?>/is,
     qr/<\?php\s+if\/\*([A-z0-9]{1,20})\*\/\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\{eval\(\/\*([A-z0-9]{1,20})\*\/\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\/\*([A-z0-9]{1,20})\*\/\;exit\;\/\*([A-z0-9]{1,20})\*\/\}\?>/is,
     qr/<\?php\s+if\s+\(isset\(\$\{\"\_REQ\"\.\"UEST\"\}\[\'([A-z0-9]{1,20})\'\]\)\)\{\$q\=\"asser\"\.\"t\"\;\$q\(\$\{\"\_REQUEST\"\}\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}/is,
+    qr/<\!DOCTYPE\s+html\s+PUBLIC.+?rainbow\.arch\.scriptmania\.com.+?height\=\"1\"\s+width\=\"1\"><\/embed>\s+\<\/html>/is,
+    
 );
 my @base64_decodes = (