Well, if I was attaching my trojan to a legit program, I'd spoof it to the byte as well. Tends to fool the ones who think file size comparisons offer any security.
And yes, any developer should willingly supply a checksum. It offers no value other than identification.
Once again for the slow ones -
all bytes match perfectly.
And why would he provide a checksum if you didn't buy his miner? He will send you hash together with an exe when you pay 0.05 BTC )