monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect Confuser 1.8 r75367 compressor

Browse Source
This commit is contained in:
de4dot 2012-08-08 14:44:01 +02:00
parent edac6b1a91
commit 94acbc7131
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
de4dot.code/deobfuscators/Confuser/Unpacker.cs
View File

@ -83,6 +83,7 @@ namespace de4dot.code.deobfuscators.Confuser {
v17_r73477, v17_r73477,
v17_r75076, v17_r75076,
v18_r75184, v18_r75184,
v18_r75367,
} }
public bool Detected { public bool Detected {
@ -153,8 +154,10 @@ namespace de4dot.code.deobfuscators.Confuser {
if (use7zip) { if (use7zip) {
if (new LocalTypes(decyptMethod).exists("System.IO.MemoryStream")) if (new LocalTypes(decyptMethod).exists("System.IO.MemoryStream"))
version = ConfuserVersion.v17_r75076; version = ConfuserVersion.v17_r75076;
else else if (module.Name == "Stub.exe")
version = ConfuserVersion.v18_r75184; version = ConfuserVersion.v18_r75184;
else
version = ConfuserVersion.v18_r75367;
} }
else if (isDecryptMethod_v17_r73404(decyptMethod)) else if (isDecryptMethod_v17_r73404(decyptMethod))
version = ConfuserVersion.v17_r73404; version = ConfuserVersion.v17_r73404;
@ -448,6 +451,7 @@ namespace de4dot.code.deobfuscators.Confuser {
case ConfuserVersion.v17_r73477: return decrypt_v17_r73404(data); case ConfuserVersion.v17_r73477: return decrypt_v17_r73404(data);
case ConfuserVersion.v17_r75076: return decrypt_v17_r75076(data); case ConfuserVersion.v17_r75076: return decrypt_v17_r75076(data);
case ConfuserVersion.v18_r75184: return decrypt_v17_r75076(data); case ConfuserVersion.v18_r75184: return decrypt_v17_r75076(data);
case ConfuserVersion.v18_r75367: return decrypt_v17_r75076(data);
default: throw new ApplicationException("Unknown version"); default: throw new ApplicationException("Unknown version");
} }
} }