diff --git a/malware5.pl b/malware5.pl
index 180da09..1696929 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -410,7 +410,11 @@ my @regexen = (
     qr/RewriteEngine\s+On\s+RewriteRule\s+\^\(topic\|hot\|updated\|free\|review\|rewrite\)\-\(\.\*\)\s+index\.php\?\$1\=\$2\s+\[L\]/is,
     qr/<\?php\s+function\s+DirFilesR\(\$dir\).+?<title><\?php\s+echo\s+\$\_SERVER\[\'SCRIPT\_FILENAME\'\]\;\?><\/title>.+?\$k\+\+\;\s+\}\s+\?>\s+<\/table>/is,
     qr/<HTML>.+?<title>Hacked\s+by\s+Mister\s+Spy<\/title>.+?dQ\_\-z9pTRL6tA2kqbnXH6A\.jpg\'>/is,
-
+    qr/<\?php.+?\?>\%x.+?\/\(\.\*\)\/epreg\_replace.+?\$([A-z0-9]{1,20})\s+\=\s+explode\(chr\(\(.+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
+    qr/<\?php.+?\$mosimage\_session\s+\=.+?\$mosimage\_category\_session\(\"\/\.\*\/e\"\,\"\\x.+?\\x3B\"\,\"\.\"\)\;\s+\?>/is,
+    qr/\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\@eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(.+?\)\)\)\)\;/is,
+    qr/<\?php\s+ini\_set\(\'include\_path\'\,dirname\(\_\_FILE\_\_\)\)\;function.+?\'sprintf\'\)\=\=false\)\?false\:exit\(\)\:exit\(\)\:exit\(\)\:exit\(\)\)\;\}function.+?\)\)\{unlink\(\$.+?\}\s+ini\_set\(\'include\_path\'\,\'\.\'\)\;\?>/is,
+    
 
 
     );
diff --git a/malwaresh.pl b/malwaresh.pl
index a3a40b2..ef96897 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -893,6 +893,13 @@ my @regexen = (
     qr/RewriteEngine\s+On\s+RewriteRule\s+\^\(topic\|hot\|updated\|free\|review\|rewrite\)\-\(\.\*\)\s+index\.php\?\$1\=\$2\s+\[L\]/is,
     qr/<\?php\s+function\s+DirFilesR\(\$dir\).+?<title><\?php\s+echo\s+\$\_SERVER\[\'SCRIPT\_FILENAME\'\]\;\?><\/title>.+?\$k\+\+\;\s+\}\s+\?>\s+<\/table>/is,
     qr/<HTML>.+?<title>Hacked\s+by\s+Mister\s+Spy<\/title>.+?dQ\_\-z9pTRL6tA2kqbnXH6A\.jpg\'>/is,
+    qr/<\?php.+?\?>\%x.+?\/\(\.\*\)\/epreg\_replace.+?\$([A-z0-9]{1,20})\s+\=\s+explode\(chr\(\(.+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
+    qr/<\?php.+?\$mosimage\_session\s+\=.+?\$mosimage\_category\_session\(\"\/\.\*\/e\"\,\"\\x.+?\\x3B\"\,\"\.\"\)\;\s+\?>/is,
+    qr/\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\$([A-z0-9]{1,20})\s+\=\s+\"\\x.+?\@eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(.+?\)\)\)\)\;/is,
+    qr/<\?php\s+ini\_set\(\'include\_path\'\,dirname\(\_\_FILE\_\_\)\)\;function.+?\'sprintf\'\)\=\=false\)\?false\:exit\(\)\:exit\(\)\:exit\(\)\:exit\(\)\)\;\}function.+?\)\)\{unlink\(\$.+?\}\s+ini\_set\(\'include\_path\'\,\'\.\'\)\;\?>/is,
+    
+
+
 );
 
 my @base64_decodes = (