The string you are referring to is part of the
stub "
MZ"-type (i.e.
DOS) executable that is present
in all
win32 executables, before the *real* Win32
stuff (
PE executable) starts.
Actually, there is nothing preventing you
from replacing the
stub DOS code with
a full-blown DOS application, which would
be run if executed under a non-Win32 environment.
Another
useless fact is that the
MZ signature
(the first two bytes) in the EXE can be swapped to read
ZM. MS-DOS checks for both MZ and ZM. But the Win32
(at least Win9x) .exe loader only checks for MZ.
Thus, if you have a Win32 PE executable, you can
hexedit the file and swap the first two bytes; when
executed, the DOS stub gets run and the PE part
is ignored. Maybe this trick can be used for something
fancy, but right now it just seems
silly.