diff --git a/malware4.pl b/malware4.pl
index 93cdfa3..5190624 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -142,8 +142,14 @@ my @regexen = (
     qr/<\?php\s+\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;create\_function\(.+?\)\;\s+\?>/is,
     qr/<\?php.+?\/\/\s+OS\s+system\.\s+function\s=a.+?array\_map\s+\(\'a\'\,\s+array\s+\(\$\_POST\[\'f\'\].+?\;\Z/is,
     qr/<\?php\s+\/\/header.+?\$MaxQuantity\=\$\_REQUEST\[\'MaxQuantity\'\]\;.+?mkdir\(\$path\,\s+0777\)\;\s+\}\s+\}\s+\?>/is,
+    qr/<\?php\s+\$\{.+?\=getIp\(\).+?exit\(\)\;\}function\s+http\_request\(\$params\)\{\$\{.+?\=explode\(.+?\}\;\}\s+\?>/is,
+    qr/<\?php\s+\$wp\_\_wp\=\'base\'\.\(32\*2\)\.\'\_de\'\.\'code\'\;\$wp\_\_wp\=\$wp\_\_wp\(str\_replace\(.+?\(isset\(\$\_COOKIE\[\'wp\_wp\'\]\).+?<\/form>/is,
+    qr/<\?php\s+\$\{\"GLO.+?\]\;exit\(\)\;\}error\_404\(\)\;function\s+is\_good\_ip\(\$ip\)\{\$\{.+?\}\)\;\}else\s+return\s+FALSE\;if\(\$\{\$\{\"GL.+?\?>/is,
+    qr/\}\s+\}\s+\@ini\_set.+?WSO\_VERSION.+?call\_user\_func\(\'action\'\s+\.\s+\$\_POST\[\'a\'\]\)\;\s+exit\;/is,
+    qr/\}\s+\}\s+\@ini\_set.+?WSO\_VERSION.+?exit\;\s+\?>/is,
+    qr/<\?php\s+header\(\"Content\-type.+?\@system\(\"killall\s+\-9\s+\"\.basename\(\"\/usr\/bin\/host\"\)\)\;.+?\@system\(\"\.\/1\.sh\"\)\;\s+\?>/is,
+
 
-