I found that they all started with MZ
MZ
is indeed the characteristic signature of a .exe
file:
The DOS MZ executable format is the executable file format used for .EXE files in DOS.
The file can be identified by the ASCII string "MZ" (hexadecimal: 4D 5A) at the beginning of the file (the "magic number"). "MZ" are the initials of Mark Zbikowski, one of leading developers of MS-DOS.
Source DOS MZ executable - Wikipedia
This signature was later extended to its descendants (including NE and PE):
The New Executable (abbreviated NE or NewEXE) is a 16-bit .exe file format, a successor to the DOS MZ executable format. It was used in Windows 1.0–3.x, multitasking MS-DOS 4.0,[1] OS/2 1.x, and the OS/2 subset of Windows NT up to version 5.0 (Windows 2000). A NE is also called a segmented executable
Source New Executable - Wikipedia
The Portable Executable (PE) format is a file format for executables,
object code, DLLs and others used in 32-bit and 64-bit versions of
Windows operating systems. The PE format is a data structure that
encapsulates the information necessary for the Windows OS loader to
manage the wrapped executable code. This includes dynamic library
references for linking, API export and import tables, resource
management data and thread-local storage (TLS) data. On NT operating
systems, the PE format is used for EXE, DLL, SYS (device driver), and
other file types. The Extensible Firmware Interface (EFI)
specification states that PE is the standard executable format in EFI
environments.
On Windows NT operating systems, PE currently supports the IA-32,
IA-64, x86, x86-64 (AMD64/Intel 64), ARM and ARM64 instruction set
architectures (ISAs). Prior to Windows 2000, Windows NT (and thus PE)
supported the MIPS, Alpha, and PowerPC ISAs. Because PE is used on
Windows CE, it continues to support several variants of the MIPS, ARM
(including Thumb), and SuperH ISAs.
Source Portable Executable - Wikipedia
So MZ
is used for 16, 32 and 64 bit .exe
signatures and cannot be used to distinguish between 16 and 32/64 bit programs.
So How do I distinguish between 16 and 32/64 bit programs?
Windows has extended the old DOS executable format multiple times, so
if you look at a 'modern' Windows executable, right near the beginning
there will be a MZ (or possibly ZM if the executable is for a system
that uses the opposite bit order). This designates the header for the
second DOS executable format, known simply as the MZ format.
Beyond that, you'll see some apparent gibberish, followed by something
along the lines of 'This program can't be run in DOS mode.'. That
gibberish is actually a really simple DOS program that prints out a
message to tell the user that that program can't be run in DOS.
After that, you have the header for the actual executable, which may
start with one of four pairs of letters, NE, LX, LE, or PE. If you
don't see one of these and the above mentioned message, it's a 16-bit
DOS application.
Source How to check if a binary is 16 bit on Windows, answer by Austin Hemmelgarn
You can also use the Unix file
command (which is available in Cygwin and windows-subsystem-for-linux:
Example:
C:\Program Files\GnuWin32\bin>file "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE; PE32 executable for MS Windows (GUI) Intel 80386 32-bit
I believe when it is a 16bit executable it says something to the sorts
of MS-DOS or Win 3.X executable.
Source Solved: Tip or tool to distingush 16/32/64 bit .exe files? | Tech Support Guy
The above link also includes source code (looks like C) which you can play with.