A Dropper is a program that embeds the additional malware component within itself. When executed, the dropper extracts the malware component and drops it to disk. A dropper normally embeds the additional binary in the resource section. To extract the embedded executable, a dropper uses the FindResource(), LoadResource(), LockResource() and SizeOfResource() API calls. In the following screenshot, the Resource Hacker tool (covered in Chapter 2, Static Analysis) shows the presence of a PE file in the resource section of a malware sample. In this case, the resource type is a DLL:
Loading the malicious binary in the x64dbg and looking ...