scan for this two-byte signature when searching for embedded executables. Base64 encoding achieves similar results through a different method: it converts binary data into ASCII text such that an executable file ends up looking like plain text (rather than like a program).

Research from the 2020 Machine Learning Security Evasion Competition showed that these methods can bypass modern detection systems. Participants used combinations of XOR encoding, Base64 encoding, and dead code insertion to evade all three