Ah. Those work by having a valid zip at the end (and extraction code in front), taking advantage of the zip format allowing for arbitrary data before the actual zip data (which in turn was intended to facilitate this sort of thing).
It hadn't occurred to me that the .exe in question would be a self-extracting archive (or malicious code that also involves self-extracting an archive as part of the malicious working).
It hadn't occurred to me that the .exe in question would be a self-extracting archive (or malicious code that also involves self-extracting an archive as part of the malicious working).