Bob3160 is right in this respect, certainly and also a bit sadly...
Know that against advanced collison state actor hacking a simple MD5 comparison won't help,
but it is a quick and dirty to perform on any download and check on VirusTotal you have the right McCoy there.
MD5 is not safe anymore, again added threats from downgraded standards provided by organizations like NSA (who would like to trust a lock given to you by a burgler?). Against targeted attacks from state hackers, the normal user has no defense. You have both arms tied to your backs all the time and the game is "rigged" from the word go by the 'Forces that Be'.
It should be a concern that the Microsoft Windows certificate store (you find it inside the registry) identifies certificates 'uniquely" on basis of their SHA1, so hash - collision can not be avoided under all circumstances. SHA1 is also unsafe, still loads of sites still have it,
https://shaaaaaaaaaaaaa.com/Alas, we do as best we can under the prevailing situation,
polonus