[pixl97]

>These files are also missing Product Name, Company Name, and Product Version in the ETW fields and much of this information is also missing from the sigcheck output.

I have no clue what vendors do this, especially MS themselves. Has the exact look of files that were installed by a virus.

[ronsor]

This is wrong. Malware authors put in a lot more work to make their software look legitimate, even including valid version information and digital signatures.

[saagarjha]

Hmm, but if I was a malware author and legitimate software couldn't bother to put in version information maybe I should also not do that so I can blend in better.

[thaumasiotes]

That might depend on whether you prefer to look unremarkable once you've attracted someone's attention, or to just not attract people's attention.