The releases are signed by the developer using PGP.

After downloading them, you can verify the integrity by verifying the signature (a malicious version of the file would make the signature invalid).

There are quite some tutorials available on how to verify pgp signatures.

In your case:
Check out https://github.com/goatpig/BitcoinArmory/releases and you'll see there is a file called sha256sum.txt.asc.
This file cointains the hashes of the executable files and a pgp signature.

You'd want to check that 1) the signature of the file sha256sum.txt.asc matches the public key of the developer (goatpig) and 2) that the hash of your executable file is the same as seen in sha256sum.txt.asc.


I'd recommend to check out a tutorial on how to verify pgp signatures. You can find some here on the forum as well as by searching on google.
If you still have questions or struggle verifying the signature, feel free to ask.