diff --git a/malware5.pl b/malware5.pl
index 35fe62e..3b0e363 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -234,7 +234,11 @@ my @regexen = (
     qr/<\?php.+?\@system\(\"killall\s+\-9\s+\"\.basename\(\"\/usr\/bin\/host\"\)\)\;.+?\@unlink\(\"1\.sh\"\)\;\s+\?>/is,
     qr/<\?php.+?function\s+getDirContents\(\$dir\)\s+\{.+?if\(unlink\(\$path\.\'\/wp\-admin\/update\-core\.php\'\)\)\s+\{.+?\}\s+\}\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'.+?\'\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'\'\,\'.+?\;\$([A-z0-9]{1,20})\.\=\"\\x\d\w\\x\d\d\"\;\s+\$([A-z0-9]{1,20})\.\=\".+?\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\)\)\;\?>/is,
-    
+    qr/<\?php\s+if\(isset\(\$\_SERVER\[\"HTTP\_USER_AGENT\"\]\)\s+\&\&\s+\!empty\(\$\_SERVER\[\"HTTP\_USER\_AGENT\"\]\)\s+\&\&\s+\!preg\_match\(\"\/google\|bot\|msn\|spider\|crawl\|spam\/i\"\,\$\_SERVER\[\"HTTP\_USER\_AGENT\"\]\)\)\s+\{\s+header\(\"Location\:\s+http\:\/\/.+?\"\)\;\}\?>/is,
+    qr/<\?php\s+\$.+?\=\s+\'gzun\'\.\s+\'comp\'\.\s+\'ress\'\;\$.+?\=\s+\'b\'\s+\.\'a\'\s+\.\'s\'\s+\.\'e\'\s+\.\'6\'\s+\.\'4\'\s+\.\'\_\'\s+\.\'d\'\s+\.\'e\'\s+\.\'c\'\s+\.\'o\'\s+\.\'d\'\s+\.\'e\'\;\$.+?\=\s+\'i\'\s+\.\'m\'\s+\.\'p\'\s+\.\'l\'\s+\.\'o\'\s+\.\'d\'\s+\.\'e\'\;\$.+?array\(.+?eval.+?\?>/is,
+    qr/<\?php\s+\$.+?\=\s+\'s\'\.\'t\'\.\'r\'\.\'r\'\.\'e\'\.\'v\'\;\$.+?\(\'e\'\.\'d\'\.\'o\'\.\'c\'\.\'e\'\.\'d\'\.\'\_\'\.\'4\'\.\'6\'\.\'e\'\.\'s\'\.\'a\'\.\'b\'\)\;\$.+?eval.+?\?>/is,
+    qr/<\?php\s+\$.+?\=\s+\'str\'\.\'rev\'\;\$.+?array.+?\(\'edolpmi\'\)\;\$.+?eval.+?\?>/is,
+        
 
 
 );
diff --git a/malwaresh.pl b/malwaresh.pl
index a7e8653..7f2e7e6 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -714,7 +714,10 @@ my @regexen = (
     qr/<title>Hacked\s+By\s+Dr34mCyb3r.+?<\/style>\s+<div\s+class\=\"video\-background.+?allowfullscreen><\/iframe>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'ba\'\.\'se64\_dec\'\.\'o\'\.\'d\'\.\'e\'\.\'\'\;\s+\@eval\(\$([A-z0-9]{1,20})\(.+?\)\)\;/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'.+?\'\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'\'\,\'.+?\;\$([A-z0-9]{1,20})\.\=\"\\x\d\w\\x\d\d\"\;\s+\$([A-z0-9]{1,20})\.\=\".+?\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\)\)\;\?>/is,
-
+    qr/<\?php\s+if\(isset\(\$\_SERVER\[\"HTTP\_USER_AGENT\"\]\)\s+\&\&\s+\!empty\(\$\_SERVER\[\"HTTP\_USER\_AGENT\"\]\)\s+\&\&\s+\!preg\_match\(\"\/google\|bot\|msn\|spider\|crawl\|spam\/i\"\,\$\_SERVER\[\"HTTP\_USER\_AGENT\"\]\)\)\s+\{\s+header\(\"Location\:\s+http\:\/\/.+?\"\)\;\}\?>/is,
+    qr/<\?php\s+\$.+?\=\s+\'gzun\'\.\s+\'comp\'\.\s+\'ress\'\;\$.+?\=\s+\'b\'\s+\.\'a\'\s+\.\'s\'\s+\.\'e\'\s+\.\'6\'\s+\.\'4\'\s+\.\'\_\'\s+\.\'d\'\s+\.\'e\'\s+\.\'c\'\s+\.\'o\'\s+\.\'d\'\s+\.\'e\'\;\$.+?\=\s+\'i\'\s+\.\'m\'\s+\.\'p\'\s+\.\'l\'\s+\.\'o\'\s+\.\'d\'\s+\.\'e\'\;\$.+?array\(.+?eval.+?\?>/is,
+    qr/<\?php\s+\$.+?\=\s+\'s\'\.\'t\'\.\'r\'\.\'r\'\.\'e\'\.\'v\'\;\$.+?\(\'e\'\.\'d\'\.\'o\'\.\'c\'\.\'e\'\.\'d\'\.\'\_\'\.\'4\'\.\'6\'\.\'e\'\.\'s\'\.\'a\'\.\'b\'\)\;\$.+?eval.+?\?>/is,
+    qr/<\?php\s+\$.+?\=\s+\'str\'\.\'rev\'\;\$.+?array.+?\(\'edolpmi\'\)\;\$.+?eval.+?\?>/is,
 
 );