Neither of the above. If I correctly understand, you want to stress the strict dependence of the native DLL code on the processor architecture. But, this does not mean that the binary content of the native DLL cannot change after changing some shared components or computer settings. That is how I interpret the info from the Microsoft documentation: "Similarly, changes to a shared component or changes to computer settings might require many native images to be updated."Thanks to you for having read it
The term "computer dependent" is very broad and can mean many things, so it depends on what you want to say with it.
If with computer dependent you mean that in a PC runnning Windows 10 under Intel's x86 architecture, one particular native image is different from another present on a Windows 7 PC with the same processor architecture, in this case we would not agree.
However, if what you want to say is that a native image depends on the processor (x86, x64, ARM...) and not on the OS, then we would agree.
If the file is flagged by AV as malicious, then the file fingerprint / hash is added to the blacklist. The hash / fingerprint is calculated just from the binary file content.
The AV AI can easily flag the file as malicious when all the below conditions are fulfilled:
- it is involved in infection chain,
- it is unsigned,
- it is not on AV whitelist,
- it is not common on clean machines.