From e201d652d151a3538967d544a81f65c20c5253ec Mon Sep 17 00:00:00 2001
From: Malin <malin@cenusa.me>
Date: Sun, 19 Feb 2017 09:18:46 +0100
Subject: [PATCH] Update 'malware4.pl'

---
 malware4.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/malware4.pl b/malware4.pl
index 8c91f04..1a67afb 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -62,6 +62,7 @@ my @regexen = (
 	qr/\'\;if\(\s+\$\_POST\[\'\_upl\'\].+?<\/form>/is,
 	qr/<\?php\s+if\(\!empty\(\$\_FILES\[\'message\'\]\[\'name\'\]\).+?<\/body>\s+<\/html>\'\;\/\/([0-9]{1,20})/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\"\_\"\.\'G\'\.\'E\'\.\'T\'\;\s+if\s+\(isset\(.+?preg\_replace\(.+?header\(\'Location\:\s+http\:\/\/.+?exit\(\)\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?if\s+\(\(strstr\(\$([A-z0-9]{1,20})\,\".+?\"\)\)\s+or\s+\(strstr\(([A-z0-9]{1,20})\}\[.+?\)rtolower\(\$\_SERVER\[.+?\)\s+\&\&\s+\(\!isset\(\$GLOBALS\[.+?if\(\(function\_exists\(.+?\)\)\s+or\s+\(strstr\(\$.+?\(0\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+implode\(array\_.+?\)\{return\s+chr\(ord\(\$n\)\-1\)\;\}\s+\@error\_reportin.+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
     
 );
 my @base64_decodes = (