malware – What evidence does a compiled file leave behind?


Yes it is true.

Both .Net and native applications (atleast those compiled by Visual Studio) contain an absolute path to a .pdb (Program Database) file when compiled in debug mode (which is usually the default). Since paths in Windows are usually of the form C:UsersUserName..., the path also reveals the malware author’s OS username along with some information about the directory structure on their computer. It could also be possible to use it to deduce something about your nationality and/or locality. For example, if the path contains Chinese characters, it would be safe to say that the author is Chinese (and might live in China).