diff --git a/malware6.pl b/malware6.pl
index 495a653..225aec0 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -171,6 +171,8 @@ my @regexen = (
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\(isset\(\$\{\"_REQUEST\"\}\[\'([A-z0-9_]{1,20})\'\]\)\)\{\/\*([A-z0-9_]{1,20})\*\/\$([A-z0-9_]{1,20})=\/\*([A-z0-9_]{1,20})\*\/\"preg_repl\"\.\"ace\";\/\*([A-z0-9_]{1,20})\*\/\$\w\(\'\/\/e\',\$\{\"_REQUEST\"\}\[\'([A-z0-9_]{1,20})\'\],\'\'\);\/\*([A-z0-9_]{1,20})\*\/exit;\}/is,
     qr/<\?php\s+if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\/\*([A-z0-9_]{1,20})\*\/\{\$([A-z0-9_]{1,20})=\/\*([A-z0-9_]{1,20})\*\/\"ass\"\.\"ert\";\/\*([A-z0-9_]{1,20})\*\/\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\/\*([A-z0-9_]{1,20})\*\/;exit;\/\*([A-z0-9_]{1,20})\*\/\} if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/=\"asse\"\.\"rt\";\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
     qr/<\?php\s+if\(!empty\(\$_GET\[\'image\'\]\) && \$_GET\[\'image\'\] = \'image\'\) \{\s+if\(isset\(\$_POST\[\'Submit\'\]\)\)\{.+?\@move_uploaded_file\(\$tmp, \$path\);.+?<input type=\"Submit\" name=\"Submit\" value=\"Submit\"><\/form>\s+<\?php\s+\}\s+\}/is,
+    qr/<\?php function ([A-z0-9_]{1,20})\(\$\w,\$\w,\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w\.\$\w\.\$\w;\}\$([A-z0-9_]{1,20}) =.+?\$([A-z0-9_]{1,20}) = \"bas\\x656\\x34\\x5fd\";\$([A-z0-9_]{1,20}) = \"\\x29\)\)\\x3B\".+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);/is,
+    qr/<\?php\s+if \(\$_GET \[\'([A-z0-9_]{1,20})\'\]\) \{\s+echo \"OK\";\s+exit \(\);\s+\}\s+if\(\$_POST\[\'to\'\]\)\s+\{\s+\$to = \$_POST \[\'to\'\];.+?header \( \"Location: http:\/\/\{\$link\}\" \);\s+\}/is,
 
     
 
diff --git a/malwaresh.pl b/malwaresh.pl
index d7b6b18..eccd04e 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1157,6 +1157,13 @@ my @regexen = (
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\(isset\(\$\{\"_REQUEST\"\}\[\'([A-z0-9_]{1,20})\'\]\)\)\{\/\*([A-z0-9_]{1,20})\*\/\$([A-z0-9_]{1,20})=\/\*([A-z0-9_]{1,20})\*\/\"preg_repl\"\.\"ace\";\/\*([A-z0-9_]{1,20})\*\/\$\w\(\'\/\/e\',\$\{\"_REQUEST\"\}\[\'([A-z0-9_]{1,20})\'\],\'\'\);\/\*([A-z0-9_]{1,20})\*\/exit;\}/is,
     qr/<\?php\s+if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\/\*([A-z0-9_]{1,20})\*\/\{\$([A-z0-9_]{1,20})=\/\*([A-z0-9_]{1,20})\*\/\"ass\"\.\"ert\";\/\*([A-z0-9_]{1,20})\*\/\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\/\*([A-z0-9_]{1,20})\*\/;exit;\/\*([A-z0-9_]{1,20})\*\/\} if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/=\"asse\"\.\"rt\";\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
     qr/<\?php\s+if\(!empty\(\$_GET\[\'image\'\]\) && \$_GET\[\'image\'\] = \'image\'\) \{\s+if\(isset\(\$_POST\[\'Submit\'\]\)\)\{.+?\@move_uploaded_file\(\$tmp, \$path\);.+?<input type=\"Submit\" name=\"Submit\" value=\"Submit\"><\/form>\s+<\?php\s+\}\s+\}/is,
+    qr/<\?php function ([A-z0-9_]{1,20})\(\$\w,\$\w,\$\w,\$\w,\$\w\)\{return \$\w\.\$\w\.\$\w\.\$\w\.\$\w;\}\$([A-z0-9_]{1,20}) =.+?\$([A-z0-9_]{1,20}) = \"bas\\x656\\x34\\x5fd\";\$([A-z0-9_]{1,20}) = \"\\x29\)\)\\x3B\".+?\"\.\$([A-z0-9_]{1,20});\$([A-z0-9_]{1,20})\(\'\', \'\}\'\.\$([A-z0-9_]{1,20})\.\'\/\/\'\);/is,
+    qr/<\?php\s+if \(\$_GET \[\'([A-z0-9_]{1,20})\'\]\) \{\s+echo \"OK\";\s+exit \(\);\s+\}\s+if\(\$_POST\[\'to\'\]\)\s+\{\s+\$to = \$_POST \[\'to\'\];.+?header \( \"Location: http:\/\/\{\$link\}\" \);\s+\}/is,
+
+    
+
+
+
 
 )
 ;