PE Format - Win32 apps | Microsoft Learn
Portable Executable - Wikipedia
If you know what to expect, it would be possible to work out that technique and use STRPOS and MATCH to load a pe file and pull that sort of stuff out automatically. Lee White had recommended something similar on the ngs back in the C6 days which I used to use myself.
Boot sector of an infected floppy from 1986 Thats 36 years ago.
Image file with encrypted code stored in it using xor. This exe is locating the malware from inside itself, like resource files that can include icons (stenography risk), cursors and other files, XORing itself and then running the malware.
AV scanners have to look for signatures, which can include “encrypted” strings inside a file.
Plus there are also different implementations of functions like CRC32 as noted here
So hypothetically, if you have an implementation of CRC32 which is not known to others or little used, then would AV scanners pick up an anomalous string inside a PE file and go to the effort of reverse engineering the string in order to find out what it might contain and then look elsewhere in the exe to see if there are any built in functions to decrypt said anomalous string?
My setup builder installations were always generating false positives, I wasnt along which became a bit of nuisance and I couldnt use capesoft’s cryptonite to encrypt data which could be decrypted by other apps and websites because there were different implementations of encryption algo’s used.
But the above will give you an idea of the process involved in trying to find viruses and malware hidden inside PE files. With that in mind, and the automatic submission of PE files to the AV company, if the AV scanners cant automatically reverse engineer a PE file using some of the techniques shown above, they have to manually reverse engineer it using tools like the NSA’s ghidra and what ever else they have developed themselves internally. I’m reminded of the fact that Stuxnet took over a year to reverse engineer by F-Secure because of the “engineering” or obfuscation that had gone into it.
Now with clarion, we have the appgen which generates the code for us, and then it automatically compiles it. Now one of the reasons for me to write some templates to edit templates is to have a template which will obfuscate the generated code before it gets compiled. The C7+ ide has the new command line interface (CLI) called ClarionCL where it would be possible to use this to control the generation and compilation process even further.
TLDR the techniques used by Basit and Amjit (the floppy boot sector 1986 guys) and the Russian chap in the 2nd ted talk link could be used to help protect your exe. Whats good for the goose is good for the gander! 
One of the advantages of Clarion over virtually every other programming IDE is the templates, you can use them to do stuff automatically, like encrypt strings before compilation when an app is compiled in release mode. I cant think of anything in Visual studio or even Windev (considering its closed nature) where that level of flexibility and convenience to generate code for different situations and requirements exist. Do you?
Edit. There is also TUFO which is worth looking at. So this changes in different versions of clarion as noted here How to determine the passed Data Type in a ? (any) parameter? - #7 by anon23294430
but I’ve since written some code which can enumerate the TUFO structure automatically which can be handy as well for obfuscation purposes.
Here is allegedly an example of obfuscation in code, a single number for a backdoor
Sam Bankman-Fried’s ‘Secret Backdoor’ Worth $65 Billion, Court Hears (archive.ph)
Mr Wang created this back door by inserting a single number into millions of lines of code for the exchange, creating a line of credit from FTX to Alameda, to which customers did not consent," he added. "And we know the size of that line of credit. It was $65 billion.
Appear weak when you are strong, and strong when you are weak . - Sun Tzu
Edit. And lets not forget all the social engineering that goes on in plain sight either.