Hiding presence of KeePassXC on a Windows system

[GitHubinatrix]

Would it be possible to add a feature that would turn portable version of KeePassXC used by a given user, with individual settings and history of used databases, into a single portable EXE file - and then add to it a kind of pre-password? And then re-generate and overwrite such EXE every time a change would be saved to it?

Not being a programmer, I imagine such safety system:

C:\Program Files (x86)\Whatever Old Program\some real folder\some made-up folder\aaa.EXE
Q:\Whatever Folder\bbb.AHK
Z:\Archie With Config From Games\ccc.CFG

In it the:
● aaa.EXE is lock, stock and barrel of KeePassXC
● bbb.AHK [or some other third party tool] opens aaa.EXE and feeds to it password No.1
● ccc.CFG is a disguised KBDX file

In such system:
● if something happens with operating system, a user can easily disconnect volumes Q and Z [assuming they are separate drives] and thus take just C to a local workshop
● nobody except the user knows which EXE must be executed in order to open a password manager a given user happens to use
● even if somebody knows which EXE to execute or just runs one-by-one every EXE from a disk and uses every available password manager, after running it that unauthorized person will not be presented with the location of the database file [in form of a path shown on the login screen]
● user does not has to bother with remembering password No.1, just with the main password No.2 for login into a particular KBDX file; but this nevertheless creates a two step verification process

I reckon that such system in order to remain hidden would require some kind of randomly generated masking gibberish lines added in various also random places of both EXE [AKA all-in-one KeePassXC files] and in the KBDX database, so that some smart aleck would not be able to scan all files for characteristic long elements of [current] real code and data

Is this achievable?

For now I only am able to disguise my KBDX files as other file formats. But I guess that if somebody know what to look for and assumes that on a given disk there are some various databases disguised as other formats, then such person already has a proper tools for scanning and thus easily finding tell-tale signs of databases generated by various password managers. And even if not, then the elephant in the room is the KeePassXC.EXE and keepassxc_local.INI file and all those DLL's - thus a location of a database is served on a silver platter without even a need to getting to the login screen of my KeePassXC to read it. Of course I could use thumb drive for storing KeePassXC- but that is a physical device that I still need to keep an eye on as it contains the path to my databases. Plus multiplying and then physically hiding multiple thumb drives is in my opinion harder to perform than of EXE files

[droidmonkey]

No, this doesn't add any security and we will not support this mode of operation

[GitHubinatrix]

So...

2 bytes are equal to 65535 combinations. Thus every file uses its first 2 bytes from this poll for identifying itself to a compatible programs as being of proper file format?

Or: all a hacker must do, when looking for hidden KBDX files, is to check if first 2 bytes are the same as in any other KBDX file? Thus that is why it is a waste to time to rename them?

[droidmonkey]

Second bullet point

[pcr-coding]

I think your main idea is just the wrong way. You actually don't add more security by obfuscation. KeePass is secure because the database files are encrypted with a strong encryption algorithm not because you obfuscate which file was used. System security should not depend on the secrecy of the implementation or its components.
So KeePass is secure if your password and/or keyfile is. Choose a strong password or keep a keyfile in a remote place: So if you disconnect a computer from the network and take it to a store they cannot open the database even if they have the password because the keyfile is missing.
If you need even more security add a physical device like YubiKey. Without that device you cannot open the database. This protects against online attacks because even if the password is gathered by a keylogger the attacker cannot steal a hardware device over the network.

[GitHubinatrix]

I think your main idea is just the wrong way
[...]
If you need even more security add a physical device like YubiKey. Without that device you cannot open the database. This protects against online attacks because even if the password is gathered by a keylogger the attacker cannot steal a hardware device over the network.

I think this would be great

But then again I would live in fear of loosing a physical object

[phoerious]

Buy two then.