diff --git a/malware6.pl b/malware6.pl
index a44d720..7edd2d1 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -80,7 +80,8 @@ my @regexen = (
     qr/<\?php\s+\/\/Starting.+?if \(\$surl_autofill_include and \!\$_REQUEST\[\"c99sh_surl\"\]\).+?c99shexit\(\); \?>/is,
     qr/<\?php\s+\/\*\s+b374k.+?\$b374k=\@\$.+?\);\?>/is,
     qr/<\?php\s+\$auth_pass.+?\$noname.+?eval\(str_rot13\(gzinflate\(str_rot13\(base64_decode\(\$noname\)\)\)\)\);/is,
-    
+    qr/if\(isset\(\$_REQUEST\[\'sort\'\]\)\)\{\s+\$string = \$_REQUEST\[\'sort\'\];\s+\$array_name = \'\';\s+\$alphabet =.+?strrev\(\"noi\"\.\"tcnuf\"\.\"_eta\"\.\"erc\"\);.+?\$\w\(\);\s+exit\(\);\s+\}/is,
+
     
 
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 3c805fd..0541d88 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1065,7 +1065,8 @@ my @regexen = (
     qr/<\?php\s+\/\/Starting.+?if \(\$surl_autofill_include and \!\$_REQUEST\[\"c99sh_surl\"\]\).+?c99shexit\(\); \?>/is,
     qr/<\?php\s+\/\*\s+b374k.+?\$b374k=\@\$.+?\);\?>/is,
     qr/<\?php\s+\$auth_pass.+?\$noname.+?eval\(str_rot13\(gzinflate\(str_rot13\(base64_decode\(\$noname\)\)\)\)\);/is,
-    
+    qr/if\(isset\(\$_REQUEST\[\'sort\'\]\)\)\{\s+\$string = \$_REQUEST\[\'sort\'\];\s+\$array_name = \'\';\s+\$alphabet =.+?strrev\(\"noi\"\.\"tcnuf\"\.\"_eta\"\.\"erc\"\);.+?\$\w\(\);\s+exit\(\);\s+\}/is,
+
 
 );