diff --git a/malwaresh.pl b/malwaresh.pl
index 2284fc6..d789784 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -959,6 +959,8 @@ my @regexen = (
     qr/<\?pHp\s+\$([A-z0-9]{1,20})\s+\=\s+urldecode\(\$\_GET\[\'\w\'\]\)\;\s+\@ini\_set\(\'output\_buffering\'\,0\)\;\s+\@ini\_set\(\'display\_errors\'\,\s+0\)\;\s+\$auth\_pass\s+\=\s+\"([A-z0-9]{32})\"\;\s+\$([A-z0-9]{1,20})\s+\=\s+file\_get\_contents\(\$([A-z0-9]{1,20})\)\;\s+eval\(\$([A-z0-9]{1,20})\)\;\s+\?>/is,
     qr/<\?php.+?function\s+ASGLogin\(\)\s+\{.+?if\s+\(empty\(\$tmpdir\)\).+?<\/html><\?php\s+chdir\(\$lastdir\)\;\s+\?>/is,
     qr/<\?php.+?str\_replace\(\"j\"\,\"\"\,\"sjtrj\_jrjejpljajcje\"\)\;.+?\(\"i\"\,\s+\"\"\,\s+\"ibiaisie6i4i\_dieicoide\"\)\;.+?\(\"k\"\,\"\"\,\"crkekatkek\_kfkukncktkikon\"\)\;.+?\(\)\;\s+\?>/is,
+    qr/GIF89a1\s+<\?php\s+\@error\_reporting\(NULL\).+?\$nowaddress\=.+?\$nowaddress.+?Upload.+?<\/form>\"\;\s+\?>/is,
+    qr/<\?php\s+echo\(base64\_decode\(.+?\)\)\;\s+\?>/is,
 );
 
 my @base64_decodes = (