vcredist checksum mismatch

[athad]

While creating an image with vmcloak I go a hash mismatch error for vcredist_2013_x64.exe. The file was downloaded correctly from cuckoo.sh (digital signature is OK), but the hash is bef7e7cc1dcc45c0c11682d59c64843727557179, while the hash checked by VMCloak (and on the Microsoft website) is 8bf41ba9eef02d30635a10433817dbb6886da5a2.

From what I can tell, the bef7... executable on the website is older (signed in 2013), whereas the hash belongs to a newer version (signed in 2014) which has been distributed by Microsoft since.

D:\downloads>openssl dgst -sha1 vcredist_x64.exe
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
SHA1(vcredist_x64.exe)= 8bf41ba9eef02d30635a10433817dbb6886da5a2

D:\downloads>openssl dgst -sha1 vcredist_2013_x64.exe
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
SHA1(vcredist_2013_x64.exe)= bef7e7cc1dcc45c0c11682d59c64843727557179

[athad]

There's a similar issue for vcredist 2010 and 2013, x86 versions this time;
2010 expects b84b83a8a6741a17bfb5f3578b983c1de512589d ; found 372d9c1670343d3fb252209ba210d4dc4d67d358 (https://github.com/jbremer/vmcloak/blob/master/vmcloak/dependencies/vcredist.py#L50)
2013 expects df7f0a73bfa077e483e51bfb97f5e2eceedfb6a3; found 18f81495bc5e6b293c69c28b0ac088a96debbab2; (https://github.com/jbremer/vmcloak/blob/master/vmcloak/dependencies/vcredist.py#L74)