diff --git a/malware5.pl b/malware5.pl
index b3d51a9..68c2ef0 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -445,6 +445,12 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{32})\"\;\$([A-z0-9]{1,20})\=\".+?\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\)\)\;\?>/is,
     qr/<\?php\s+\$command\s+\=\s+\"wget\s+http\:\/\/.+?cryptonight.+?\{\s+echo\s+execCommand\(\$command\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$tag\s+\=\s+\'\s+\*\s+\@package\s+general\'\;\s+\$code\s+\=\s+<<<\'CODE\'\s+\*\/.+?CODE\;\s+\$injectType\s+\=\s+1\;.+?unlink\(\_\_FILE\_\_\)\;\s+\?>/is,    
+    qr/<\!doctype\s+html>.+?<title>MAILER<\/title>.+?function\s+doset\(\)\s+\{.+?print\s+\"\s+SEND<br>\"\;\s+flush\(\)\;.+?\?>\s+<\/body>\s+<\/html>/is,
+    qr/<html>\s+<head>\s+<title>Mail<\/title>.+?\$attach\[\$h\]\=\s+base64\_encode\(fread\(\$f\,filesize\(\$HTTP\_POST\_FILES\[\'filename\'\]\[\'tmp\_name\'\]\[\$h\]\)\)\)\;.+?\?>\s+<\/body>\s+<\/html>/is,
+    qr/<html>\s+<head>\s+<title><\?php\s+tr\(\'name\'\,false\)\;\s+\?>\s+<\?php\s+echo\s+VERSION\;\?><\/title>.+?function\s+pingoutservers\(\)\s+\{.+?function\s+StopSendMail\(\)\s+\{.+?<\/body>\s+<\/html>/is,
+    qr/<\!DOCTYPE.+?<title>\(c\)\s+private\s+mail\-worker\s+\(c\)<\/title>.+?function\s+randmail\(\).+?\$numemails\s+\=\s+count\(\$allemails\)\;.+?<\/style>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php\s+Error\_Reporting\(E\_ALL.+?<title>FakeSender\s+by\s+POCT\s+\[FuckAV\.ru\]<\/title>.+?if\(mail\(\$to\,\s+\$subject\,\s+\$message\,\s+\$header\)\).+?\?>\s+<\/body>\s+<\/html>/is,
+    
 
     );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 8f4415f..38e29ca 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -928,6 +928,12 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{32})\"\;\$([A-z0-9]{1,20})\=\".+?\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\)\)\;\?>/is,
     qr/<\?php\s+\$command\s+\=\s+\"wget\s+http\:\/\/.+?cryptonight.+?\{\s+echo\s+execCommand\(\$command\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$tag\s+\=\s+\'\s+\*\s+\@package\s+general\'\;\s+\$code\s+\=\s+<<<\'CODE\'\s+\*\/.+?CODE\;\s+\$injectType\s+\=\s+1\;.+?unlink\(\_\_FILE\_\_\)\;\s+\?>/is,    
+    qr/<\!doctype\s+html>.+?<title>MAILER<\/title>.+?function\s+doset\(\)\s+\{.+?print\s+\"\s+SEND<br>\"\;\s+flush\(\)\;.+?\?>\s+<\/body>\s+<\/html>/is,
+    qr/<html>\s+<head>\s+<title>Mail<\/title>.+?\$attach\[\$h\]\=\s+base64\_encode\(fread\(\$f\,filesize\(\$HTTP\_POST\_FILES\[\'filename\'\]\[\'tmp\_name\'\]\[\$h\]\)\)\)\;.+?\?>\s+<\/body>\s+<\/html>/is,
+    qr/<html>\s+<head>\s+<title><\?php\s+tr\(\'name\'\,false\)\;\s+\?>\s+<\?php\s+echo\s+VERSION\;\?><\/title>.+?function\s+pingoutservers\(\)\s+\{.+?function\s+StopSendMail\(\)\s+\{.+?<\/body>\s+<\/html>/is,
+    qr/<\!DOCTYPE.+?<title>\(c\)\s+private\s+mail\-worker\s+\(c\)<\/title>.+?function\s+randmail\(\).+?\$numemails\s+\=\s+count\(\$allemails\)\;.+?<\/style>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php\s+Error\_Reporting\(E\_ALL.+?<title>FakeSender\s+by\s+POCT\s+\[FuckAV\.ru\]<\/title>.+?if\(mail\(\$to\,\s+\$subject\,\s+\$message\,\s+\$header\)\).+?\?>\s+<\/body>\s+<\/html>/is,
+    
 
 );