diff --git a/malware4.pl b/malware4.pl
index 76948b2..2a5d704 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -254,6 +254,8 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'([A-z0-9]{1,20}).+?\.chr\(([0-9]{1,10})\).+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=.+?\.chr\(([0-9]{1,10})\).+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\s+\?>/is,
     qr/<\?php\s+error\_reporting\(0\)\;\s+\$domain\s+\=\s+\'gas\.liveupdates\.host\'\;.+?header\(\'Location\:\s+\'\.\$location\.\'\&\'\.\$m\,\s+TRUE\,\s+302\)\;\s+\}/is,
+    qr/<\?php\s+header\(\'Content\-Type\:text\/html\;\s+charset\=UTF\-8\'\)\;\s+\@set\_time\_limit\(0\)\;\s+define\(\'PASSWORD\_FILE\'\,\s+\'p\.txt\'\)\;.+?if\(\!file\_exists\(PASSWORD\_FILE\)\)\s+\{.+?\?>\s+<\/body>\s+<\/html>/is,
+    
 
 );
 my @base64_decodes = (