diff --git a/malware5.pl b/malware5.pl
index 9d12a26..4cde6cd 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -242,7 +242,8 @@ my @regexen = (
     qr/<\?php\s+\/\*.+?UBH\s+CSU.+?add\_action\(\"\\x.+?plugins\_url\(.+?\?>/is,
     qr/<\?php\s+\$\{\"GLOBAL\\x.+?\"\]\,\"\"\.\$\_FILES\[\".+?\"\]\}\=str\_replace\(\".+?\"\;\}\}\s+\?>/is,
     qr/<\?php\s+\/\*\s+b374k.+?if\(isset\(\$\_COOKIE\[\'b374k\'\]\)\)\{.+?\.\$s\_name\;\s+\?><\/p>\s+<\/body>\s+<\/html>/is,
-
+    qr/<\?php\s+function\s+sgen\(\)\s+\{\$vals\s+\=\s+\"abcdefghijklmnopqrstuvwxyz\"\;\s+\$result\s+\=\s+\"\"\;\s+for\(\$i.+?\.sgen\(\)\.\"\=\"\.bin2hex\(\$\_SERVER\[.+?exit\;\s+\?>/is,
+    
 );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index 157fe9b..66c3e2f 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -722,6 +722,7 @@ my @regexen = (
     qr/<\?php\s+\/\*.+?UBH\s+CSU.+?add\_action\(\"\\x.+?plugins\_url\(.+?\?>/is,
     qr/<\?php\s+\$\{\"GLOBAL\\x.+?\"\]\,\"\"\.\$\_FILES\[\".+?\"\]\}\=str\_replace\(\".+?\"\;\}\}\s+\?>/is,
     qr/<\?php\s+\/\*\s+b374k.+?if\(isset\(\$\_COOKIE\[\'b374k\'\]\)\)\{.+?\.\$s\_name\;\s+\?><\/p>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php\s+function\s+sgen\(\)\s+\{\$vals\s+\=\s+\"abcdefghijklmnopqrstuvwxyz\"\;\s+\$result\s+\=\s+\"\"\;\s+for\(\$i.+?\.sgen\(\)\.\"\=\"\.bin2hex\(\$\_SERVER\[.+?exit\;\s+\?>/is,
 
 );