From d987f44f3a3793498819f1840602a7805d1fd11f Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Wed, 19 Jul 2017 20:44:43 +0200
Subject: [PATCH] 5 new patterns

---
 malware4.pl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/malware4.pl b/malware4.pl
index 75a8ad9..93cdfa3 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -138,6 +138,11 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'.+?if\(isset\(\$\{\$([A-z0-9]{1,20})\[([0-9]{1,5})\]\.\$.+?\.\$([A-z0-9]{1,20})\[([0-9]{1,5})\]\]\)\;\}\s+\?>/is,
     qr/<\?php.+?str\_ireplace\(\"i\"\,\"\"\,\"iibiasiieii6iii4iiii\_iideicioidieii\"\).+?\?>/is,
     qr/<\?php\s+preg\_replace\(\"\/([A-z0-9]{1,20})\/e\"\,\s+\"ev\"\.\"al\(\'\"\.\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\.\"\'\)\"\,\s+\"([A-z0-9]{1,20})\s+([A-z0-9]{1,20})\"\)\;\s+\?>/is,
+    qr/<\?\s+error\_reporting\(0\)\;\s+set\_time\_limit\(0\)\;\s+\$a\=\$\_COOKIE\[\'a\'\].+?\$unkhost\=.+?die\(\)\;\}\s+\?>/is,
+    qr/<\?php\s+\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;create\_function\(.+?\)\;\s+\?>/is,
+    qr/<\?php.+?\/\/\s+OS\s+system\.\s+function\s=a.+?array\_map\s+\(\'a\'\,\s+array\s+\(\$\_POST\[\'f\'\].+?\;\Z/is,
+    qr/<\?php\s+\/\/header.+?\$MaxQuantity\=\$\_REQUEST\[\'MaxQuantity\'\]\;.+?mkdir\(\$path\,\s+0777\)\;\s+\}\s+\}\s+\?>/is,
+