>These files are also missing Product Name, Company Name, and Product Version in the ETW fields and much of this information is also missing from the sigcheck output.

I have no clue what vendors do this, especially MS themselves. Has the exact look of files that were installed by a virus.

▲

ronsor 3 days ago | parent [-]

This is wrong. Malware authors put in a lot more work to make their software look legitimate, even including valid version information and digital signatures.

▲

saagarjha 3 days ago | parent [-]

Hmm, but if I was a malware author and legitimate software couldn't bother to put in version information maybe I should also not do that so I can blend in better.

	▲	thaumasiotes 3 days ago \| parent [-]
		That might depend on whether you prefer to look unremarkable once you've attracted someone's attention, or to just not attract people's attention.