It's raw hex bytes. Even though the Bitcoin core software doesn't continue to parse it, it is stored on disk and that's when a scanner could flag it on a hash table fingerprint match.

What I'm not saying (for the bystanders):

- Bitcoin embedded malware could be parsed and activated by the core software.

- Bitcoin has an image compiler

- an OP_RETURN could ALONE crash a VM.