Pondus
7
Pondus- Care to elaborate re sigcheck comment?
well legit file(s) usually have some info there....not always..
and malware dont....not always, they sometimes fake it
eksample from my windows/system32/drivers folder
ABP480N5.SYS ( wow it is even detected ;D )
http://www.virustotal.com/file-scan/report.html?id=fa28396820e44f991891042e051a4414485b54d456f252e03e3ffe1b4b4cf843-1310410200
sigcheck:
publisher…: Microsoft Corporation
copyright…: (c) Advanced System Products, Inc. 1998
product…: Microsoft_ Windows_ Operating System
description…: AdvanSys SCSI Controller Driver
original name: ABP480N5.SYS
internal name: ABP480N5.SYS 2.9I_MS_CB_C
file version.: 5.1.2600.0 (XPClient.010817-1148)
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned