I have downloaded the current installer and it unpacks with a winscp.com and a winscp.exe in the applications main directory.
Why would it need both a .com and a .exe? Looks strange/(supicious?) to me. Is there a good reason why a package that deals with safe and encrypted transfer of data doesn't come with a signed signature file against which users can verify that they downloaded the "real" package?
my winscp 3.76 files extracted from "winscp376setup.exe" have the following md5sums
Thanks for a great tool.