diff --git a/de4dot.code/deobfuscators/CryptoObfuscator/ProxyDelegateFinder.cs b/de4dot.code/deobfuscators/CryptoObfuscator/ProxyDelegateFinder.cs
index 57c5c536..832e557a 100644
--- a/de4dot.code/deobfuscators/CryptoObfuscator/ProxyDelegateFinder.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/ProxyDelegateFinder.cs
@@ -125,7 +125,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 		}
 
 		MethodDefinition getProxyCreateMethod(TypeDefinition type) {
-			if (type.Fields.Count != 1)
+			if (type.Fields.Count != 1 && type.Fields.Count != 2)
 				return null;
 			if (DotNetUtils.findFieldType(type, "System.ModuleHandle", true) == null)
 				return null;
diff --git a/de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs b/de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs
index 2ed45961..4cbc9a43 100644
--- a/de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs
@@ -110,13 +110,16 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 				var ldci4 = instructions[i - 1];
 				if (!DotNetUtils.isLdcI4(ldci4))
 					continue;
+				int flagValue = DotNetUtils.getLdcI4Value(ldci4);
+				if (!isFlag(flagValue))
+					continue;
 				var ldloc = instructions[i - 2];
 				if (!DotNetUtils.isLdloc(ldloc))
 					continue;
 				var local = DotNetUtils.getLocalVar(method.Body.Variables, ldloc);
-				if (local.VariableType.ToString() != "System.Byte")
+				if (!local.VariableType.IsPrimitive)
 					continue;
-				constants.Add(DotNetUtils.getLdcI4Value(ldci4));
+				constants.Add(flagValue);
 			}
 
 			if (constants.Count == 2) {
@@ -128,6 +131,14 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 			return false;
 		}
 
+		static bool isFlag(int value) {
+			for (uint tmp = (uint)value; tmp != 0; tmp >>= 1) {
+				if ((tmp & 1) != 0)
+					return tmp == 1;
+			}
+			return false;
+		}
+
 		MethodDefinition getPublicKeyTokenMethod() {
 			foreach (var method in resourceDecrypterType.Methods) {
 				if (isPublicKeyTokenMethod(method))
diff --git a/de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs b/de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs
index 8d9202e7..6a439f01 100644
--- a/de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs
@@ -61,7 +61,15 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 					continue;
 				if (type.Methods.Count < 3 || type.Methods.Count > 6)
 					continue;
-				if (DotNetUtils.getPInvokeMethod(type, "mscoree", "StrongNameSignatureVerificationEx") == null)
+				if (DotNetUtils.getPInvokeMethod(type, "mscoree", "StrongNameSignatureVerificationEx") != null) {
+				}
+				else if (DotNetUtils.getPInvokeMethod(type, "mscoree", "CLRCreateInstance") != null) {
+					if (type.NestedTypes.Count != 3)
+						continue;
+					if (!type.NestedTypes[0].IsInterface || !type.NestedTypes[1].IsInterface || !type.NestedTypes[2].IsInterface)
+						continue;
+				}
+				else
 					continue;
 
 				tamperType = type;