diff --git a/malware5.pl b/malware5.pl
index 1696929..e39ad7b 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -414,7 +414,11 @@ my @regexen = (
     qr/<\?php.+?\$mosimage\_session\s+\=.+?\$mosimage\_category\_session\(\"\/\.\*\/e\"\,\"\\x.+?\\x3B\"\,\"\.\"\)\;\s+\?>/is,
     qr/\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\@eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(.+?\)\)\)\)\;/is,
     qr/<\?php\s+ini\_set\(\'include\_path\'\,dirname\(\_\_FILE\_\_\)\)\;function.+?\'sprintf\'\)\=\=false\)\?false\:exit\(\)\:exit\(\)\:exit\(\)\:exit\(\)\)\;\}function.+?\)\)\{unlink\(\$.+?\}\s+ini\_set\(\'include\_path\'\,\'\.\'\)\;\?>/is,
-    
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\;/is,
+    qr/<\?php\s+\$auth\_pass\=\"\".+?x3B\"\,\"\.\"\)\;\?>/is,
+    qr/<\?php\s+\$\w\s+\=\s+\"b\"\.\"\"\.\"as\"\.\"e\"\.\"\"\.\"\"\.\"6\"\.\"4\"\.\"\_\"\.\"de\"\.\"\"\.\"c\"\.\"o\"\.\s+\"\"\.\"d\"\.\"e\"\;\s+assert\(\$\w\(.+?\)\)\;\s+\?>/is,
+    qr/<\?php\s+if\(\!isset\(\$GLOBALS\[\"\\x.+?\]\)\)\s+\{\s+\$ua\=strtolower\(\$\_SERVER\[\"\\x.+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
+    qr/<\?php\s+class.+?\=base64\_DEcODE\(self\:\:\$\_.+?\(\'\_\'\.\'.+?\'\)\]\)\;endif\;exit\;/is,   
 
 
     );
diff --git a/malwaresh.pl b/malwaresh.pl
index ef96897..90e1290 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -897,8 +897,11 @@ my @regexen = (
     qr/<\?php.+?\$mosimage\_session\s+\=.+?\$mosimage\_category\_session\(\"\/\.\*\/e\"\,\"\\x.+?\\x3B\"\,\"\.\"\)\;\s+\?>/is,
     qr/\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\@eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(.+?\)\)\)\)\;/is,
     qr/<\?php\s+ini\_set\(\'include\_path\'\,dirname\(\_\_FILE\_\_\)\)\;function.+?\'sprintf\'\)\=\=false\)\?false\:exit\(\)\:exit\(\)\:exit\(\)\:exit\(\)\)\;\}function.+?\)\)\{unlink\(\$.+?\}\s+ini\_set\(\'include\_path\'\,\'\.\'\)\;\?>/is,
-    
-
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20})\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\.\s+\'.+?\'\;/is,
+    qr/<\?php\s+\$auth\_pass\=\"\".+?x3B\"\,\"\.\"\)\;\?>/is,
+    qr/<\?php\s+\$\w\s+\=\s+\"b\"\.\"\"\.\"as\"\.\"e\"\.\"\"\.\"\"\.\"6\"\.\"4\"\.\"\_\"\.\"de\"\.\"\"\.\"c\"\.\"o\"\.\s+\"\"\.\"d\"\.\"e\"\;\s+assert\(\$\w\(.+?\)\)\;\s+\?>/is,
+    qr/<\?php\s+if\(\!isset\(\$GLOBALS\[\"\\x.+?\]\)\)\s+\{\s+\$ua\=strtolower\(\$\_SERVER\[\"\\x.+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
+    qr/<\?php\s+class.+?\=base64\_DEcODE\(self\:\:\$\_.+?\(\'\_\'\.\'.+?\'\)\]\)\;endif\;exit\;/is,
 
 );