OK, so I did a quick check and modifying the file does in fact make it so the digital signature would say invalid. I just did a quick change of one o to a and it immediately says invalid. So if the digital signature says valid, it means the file hasn't been corrupted in download I think, the same as a checksum.
Then under digital signature, you can click on "view certificate" and for all the downloads, despite the very slight changes in the files themselves which changes the checksum, it says
CN = DigiCert SHA2 Assured ID Code Signing CA
OU =
www.digicert.comO = DigiCert Inc
C = US
Subject
CN = Avast Software s.r.o.
OU = RE stapler cistodc
O = Avast Software s.r.o.
L = Praha
C = CZ
Thumbprint
db4336a6dc808c8f6a4944fa8e8d6a9e703f8915
Valid from
Wednesday, April 1, 2020 8:00:00 PM
Valid to
Thursday, March 9, 2023 8:00:00 AM
Revocation Status : OK. Effective Date <Tuesday, July 27, 2021 3:15:02 PM> Next Update <Tuesday, August 3, 2021 2:30:02 PM>
The subject and thumbprint is the same between all the installers. So that's easy to check if you don't trust your eyes (i.e. you can check both Avast Software s.r.o. and also the country and also the thumbprint.)
(scanned the installer with the same certificate thumbprint on another computer with avast already installed just to be really sure
)