1.3.10, installer signature is invalid

[arko]

Downloaded from https://download.xnview.com/XnViewMP-win-x64.exe
sha256: FC4ABD00B98573D5F1BDA1CA44CF9E1C2C928C3365134BE20A5CB4CF9A98B00D
VT link: https://www.virustotal.com/gui/file/fc4 ... 0d/details

[xnview]

for sha1 it shows me a valid signature

[arko]

for sha1 it shows me a valid signature

How do you check it? I don't have signtool on this machine, so here is the result of Get-AuthenticodeSignature:

Code: Select all

SignerCertificate                         Status                                                   Path
-----------------                         ------                                                   ----
B4875B116B4F2BBBD5CD1C23351C889B81B8E046  HashMismatch                                             XnViewMP-win-x64.exe

And DigiCert tool:

[xnview]

Capture-2.jpg (75.7 KiB) Viewed 730 times

xnviewmp.exe has a good signature?

[arko]

Capture-2.jpg
xnviewmp.exe has a good signature?

Check this out. I have re-downloaded the file, same result:

Code: Select all

MD5 d4b3a362d7cc155027e24bd613147de5
SHA-1 496fcd1b9384301cb182b308af741ea950cd0b7d
SHA-256 2c272ab3bff4e10f12e2a1644be5526ebf98817f76762f5305eb8400edb25c3b
SHA-512 0EA612D43097EEB3C01947C5C9532318E95448ADBB9E78A8A87165A05A284EBCCB4CE3742897E4ADB8139839C177E6DCB76662DD3A18D31603B5BFBB6811B978
Vhash 0770a6665d5c0d5d151c006016z631z25zbaz1003cz3
Authentihash 33f9e6a41d86db3fc711687f3d0554f5b1c5f45b295e419ea0f3f5a6cab3d84f
Imphash 5a594319a0d69dbc452e748bcf05892e
SSDEEP 1572864:ywAYNNlYmWK8FFHBbXcOaGh/P0Khw4JPIe1:PNdCbMM/PhhUe1
TLSH T160F733AFB16C953ED49E063508B7830069377A60601B8C1B5BF05DAEFF675210E3EB5A

[xnview]

Capture-2.jpg
xnviewmp.exe has a good signature?

Check this out. I have re-downloaded the file, same result:

No problem here, the setup is correct

[arko]

Capture-2.jpg
xnviewmp.exe has a good signature?

Check this out. I have re-downloaded the file, same result:

No problem here, the setup is correct

Something is off here. From a different country to avoid CDN returning the corrupt file:

Code: Select all

$ curl -s https://download.xnview.com/XnViewMP-win-x64.exe 2>&1 | sha256sum
2c272ab3bff4e10f12e2a1644be5526ebf98817f76762f5305eb8400edb25c3b  -

Same hash.

Windows version, from PS:

Code: Select all

> [environment]::OSVersion.Version

Major  Minor  Build  Revision
-----  -----  -----  --------
10     0      19044  0

[xnview]

the hash is correct, could you try 1.3.0?

[arko]

the hash is correct, could you try 1.3.0?

Where can I get its installer? v1.1.0.0 is fine:

[cday]

the hash is correct, could you try 1.3.0?

Where can I get its installer? v1.1.0.0 is fine:

Old versions

Note that the download link can be found on the xnview.com homepage under Support...

[arko]

I don't see v1.3.0 there, however v1.03.0 has valid signature:

[xnview]

I don't see v1.3.0 there, however v1.03.0 has valid signature:

yes it's 1.3.0. Very strange, it works here, i have not changed the DigicCert signature