CopperStealer binary was observed being encrypted and appended to a legitimate application with its entry point overwritten by a shellcode. This shellcode reads an offset of the payload and XOR decryption key from the executable file header.