What a developer can do to prevent embedding of malicious code to their executable.
Like how msfvenom, metasploit can embed payloads to any executable.
Not much.
Purchase a certificate and sign your executable. Any change in the exe will break the digital signature so at least the change will be visible to end user.
Follow security best practices. For example, only install your executables into C:\Program Files, if you’ll do, trying to modify anything in your installation directory will require elevation. Don’t install any binaries in user’s profile folder (google chrome does, and it’s very bad).
Best of all, convert your app to UWP platform and publish it through Windows store. The security model there is much better than for Windows desktop apps.