diff --git a/malware4.pl b/malware4.pl
index 875a968..1b96583 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -125,6 +125,7 @@ my @regexen = (
     qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)die\(pi\(\)\*6\)\;\$\{.+?;eval\(\$\{\$([A-z0-9]{1,20})\}\[\".+?\"\]\)\;\}exit\(\)\;\}\?>/is,
     qr/<\?php\s+\@\'\$.+?\=http\:\/\/([A-z0-9]{1,20}).([A-z0-9]{1,50})\/([A-z0-9]{1,20})\.php\s+cache\=([0-9]{1,10}).+?exit\(\)\;\}else\{return\;\}\}([A-z0-9]{1,20})\(\)\;/is,
     qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\/\*([A-z0-9]{1,20})\*\/\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\/\*([A-z0-9]{1,20})\*\/\{eval\(\/\*([A-z0-9]{1,20})\*\/\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}.+?function\s+([A-z0-9]{1,20})\(\)\{\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{1,100})\"\;\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{1,100})\"\;\s+return\s+\"\{\$([A-z0-9]{1,20})\}\{\$([A-z0-9]{1,20})\}\"\;\s+\}\s+\?>/is,
+    qr/<\?php\s+\$alphabet\s+\=.+?\$string\s+\=.+?\$array\_name\s+\=\s+\"\"\;\s+foreach\(\[.+?\$array\_name\s+\.\=\s+\$alphabet\[\$t\]\;\s+\}\s+\$a\s+\=\s+\strrev\(.+?\s+\$f\s+\=\s+\$a\(\"\"\,\s+\$array\_name\(\$string\)\)\;\s+\$f\(\)\;/is,