Oh no, it totally got bundled into different files using other tools with creative names like saranwrap and silkrope whose job it was to disguise the software, and after it was installed silently replace the bundled executable with an ordinary unbundled one to stymie attempts at further analysis.
I'm not certain what GP is on about. There were copious ways to distribute (deliberately payload) infected files back in the day and it was common windows user practice to just download and run executables (especially if they appeared to be installers from reputable-seeming websites) and zero free virus scanning or firewall options were available: all were for pay and all were terrible. None certainly shipped with Windows itself.
Plus as mentioned elsewhere plenty of third party software like ICQ enabled benign-seeming mechanisms to view documents which could be exploited to instead run infected executables.
Didn't know that. Thanks for telling me instead attacking me like OP :/