Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com
And bingo
SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2 bitcoin-0.13.1-win64.zip
Link to the scanner results:
https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/
AegisLab Uds.Dangerousobject.Multi!c 20161127
Kaspersky Trojan.MSIL.CoinStealer.km 20161127
Rising Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud) 20161127
And bingo
SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2 bitcoin-0.13.1-win64.zip
Link to the scanner results:
https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/
AegisLab Uds.Dangerousobject.Multi!c 20161127
Kaspersky Trojan.MSIL.CoinStealer.km 20161127
Rising Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud) 20161127
https://securelist.com/blog/virus-watch/58553/analysis-of-malware-from-the-mtgox-leak-archive/
Quote
The malware creates and executes the TibanneSocket.exe binary and searches for the files bitcoin.confand wallet.dat v the latter is a critical data file for a Bitcoin crypto-currency user: if it is kept unencrypted and is stolen, cybercriminals will gain access to all Bitcoins the user has in his possession for that specific account.