diff --git a/src/detections/utils.rs b/src/detections/utils.rs
index fc63bd0d..2e7026e0 100644
--- a/src/detections/utils.rs
+++ b/src/detections/utils.rs
@@ -56,20 +56,18 @@ pub fn check_command(
         let re = Regex::new(r"'.*$").unwrap();
         base64.push_str(&re.replace_all(&base64.to_string(), ""));
     }
-    if !base64.is_empty() {
-        if Regex::new(r"Compression.GzipStream.*Decompress")
-            .unwrap()
-            .is_match(commandline)
-        {
-            if let Ok(decoded) = base64::decode(&base64) {
+    if let Ok(decoded) = base64::decode(&base64) {
+        if !base64.is_empty() {
+            if Regex::new(r"Compression.GzipStream.*Decompress")
+                .unwrap()
+                .is_match(commandline)
+            {
                 let mut d = GzDecoder::new(decoded.as_slice());
                 let mut uncompressed = String::new();
                 d.read_to_string(&mut uncompressed).unwrap();
                 println!("Decoded : {}", uncompressed);
                 text.push_str("Base64-encoded and compressed function\n");
-            }
-        } else {
-            if let Ok(decoded) = base64::decode(&base64) {
+            } else {
                 println!("Decoded : {}", str::from_utf8(decoded.as_slice()).unwrap());
                 text.push_str("Base64-encoded function\n");
                 text.push_str(&check_obfu(str::from_utf8(decoded.as_slice()).unwrap()));