diff --git a/malware6.pl b/malware6.pl
index e38b983..ea0f308 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -1373,6 +1373,9 @@ my @regexen = (
     qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\@touch\(\$index,strtotime\(\"-400 days\"\)\);echo \'ok\';\s+\}\s+\?>/is,
     qr/<\?php if \(isset\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) and md5\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) ==\"([A-z0-9_]{1,32})\"\) \{unlink\(__FILE__\); die\(md5\(([A-z0-9_]{1,10})\)\);\}/is,
     qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?4.+?6.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
+    qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?6.+?4.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
+    qr/<\?php\s+\$.+?if\(!function_exists\(\'str_ireplace\'\)\)\{function str_ireplace\(\$from,\$to,\$string\)\{return trim\(preg_replace\(\"\/\"\.addcslashes\(\$from,\"\?\:\\\\\/\*\^\$\"\)\.\"\/si\",\$to,\$string\)\);\}\};\$.+?\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}\[\"\\x4f\\x4f\\x4f\\x30\\x4f\\x5f\\x30\\x30\\x5f\\x5f\"\]\(\);\?>/is,
+    qr/<\?php.+?\$filter = \'base\'\.\'6\'\.\'4\'\.\'_decode\';.+?\$prepare_func = \'g\'\.\'z\'\.\'inflate\';.+?return \@\$prepare_func\( \$filter \);.+?\}\s+wp_admin_bar_header\(\);/is,
         
     
    
diff --git a/malwaresh.pl b/malwaresh.pl
index 2b62e4e..c90511e 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1383,7 +1383,11 @@ my @regexen = (
     qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\@touch\(\$index,strtotime\(\"-400 days\"\)\);echo \'ok\';\s+\}\s+\?>/is,
     qr/<\?php if \(isset\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) and md5\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) ==\"([A-z0-9_]{1,32})\"\) \{unlink\(__FILE__\); die\(md5\(([A-z0-9_]{1,10})\)\);\}/is,
     qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?4.+?6.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
+    qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?6.+?4.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
+    qr/<\?php\s+\$.+?if\(!function_exists\(\'str_ireplace\'\)\)\{function str_ireplace\(\$from,\$to,\$string\)\{return trim\(preg_replace\(\"\/\"\.addcslashes\(\$from,\"\?\:\\\\\/\*\^\$\"\)\.\"\/si\",\$to,\$string\)\);\}\};\$.+?\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}\[\"\\x4f\\x4f\\x4f\\x30\\x4f\\x5f\\x30\\x30\\x5f\\x5f\"\]\(\);\?>/is,
+    qr/<\?php.+?\$filter = \'base\'\.\'6\'\.\'4\'\.\'_decode\';.+?\$prepare_func = \'g\'\.\'z\'\.\'inflate\';.+?return \@\$prepare_func\( \$filter \);.+?\}\s+wp_admin_bar_header\(\);/is,
     
+
 );
 
 my @base64_decodes = (