It's raw hex bytes. Even though the Bitcoin core software doesn't continue to parse it, it is stored on disk and that's when a scanner could flag it on a hash table fingerprint match.
What I'm not saying (for the bystanders):
- Bitcoin embedded malware could be parsed and activated by the core software.
- Bitcoin has an image compiler
- an OP_RETURN could ALONE crash a VM.