From 94acbc71315c787340643af6cf4eaab220b8244d Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Wed, 8 Aug 2012 14:44:01 +0200
Subject: [PATCH] Detect Confuser 1.8 r75367 compressor

---
 de4dot.code/deobfuscators/Confuser/Unpacker.cs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/de4dot.code/deobfuscators/Confuser/Unpacker.cs b/de4dot.code/deobfuscators/Confuser/Unpacker.cs
index 54b55c0d..387db2ff 100644
--- a/de4dot.code/deobfuscators/Confuser/Unpacker.cs
+++ b/de4dot.code/deobfuscators/Confuser/Unpacker.cs
@@ -83,6 +83,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			v17_r73477,
 			v17_r75076,
 			v18_r75184,
+			v18_r75367,
 		}
 
 		public bool Detected {
@@ -153,8 +154,10 @@ namespace de4dot.code.deobfuscators.Confuser {
 					if (use7zip) {
 						if (new LocalTypes(decyptMethod).exists("System.IO.MemoryStream"))
 							version = ConfuserVersion.v17_r75076;
-						else
+						else if (module.Name == "Stub.exe")
 							version = ConfuserVersion.v18_r75184;
+						else
+							version = ConfuserVersion.v18_r75367;
 					}
 					else if (isDecryptMethod_v17_r73404(decyptMethod))
 						version = ConfuserVersion.v17_r73404;
@@ -448,6 +451,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			case ConfuserVersion.v17_r73477: return decrypt_v17_r73404(data);
 			case ConfuserVersion.v17_r75076: return decrypt_v17_r75076(data);
 			case ConfuserVersion.v18_r75184: return decrypt_v17_r75076(data);
+			case ConfuserVersion.v18_r75367: return decrypt_v17_r75076(data);
 			default: throw new ApplicationException("Unknown version");
 			}
 		}