diff --git a/malware4.pl b/malware4.pl
index 95b2bec..21eda81 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -77,6 +77,7 @@ my @regexen = (
     qr/<\?php\s+\$\{.+?\)\{if\(is\_uploaded\_file\(.+?\)\;\s+\?>/is,
     qr/<\?php\s+eval\(.+?x3B\"\)\;\s+\?>/is,
     qr/<\?php\s+\/\*\*\s+WordPress.+?eval\(gz.+?\$x([A-z0-9]{1,10})\s+\,\"([0-9]{1,5})\"\)\;/is,
+    qr/<\?php\s+\$noc\s+=\s+\".+?\$noc\[([0-9]{1,3})\]\.\$noc\[([0-9]{1,3})\]\.\$noc\[([0-9]{1,3})\]\.\$noc\[([0-9]{1,3})\].+?\$noc\[([0-9]{1,3})\]\.\$([A-z0-9]{1,10})\;\@\$([A-z0-9]{1,10})\(\$([A-z0-9]{1,10})\)\;\?>/is,
     
 );
 my @base64_decodes = (