I apologize if this should go in the Other Apps Support forum.
The one I downloaded had an MD5 hash of: 31a1265e47e8737a1f5a1b8247634c88
This is the one I downloaded:
GPG for Thunderbird Portable (2008-07-25 20:19)
It would be a bad idea to use GPG without at least some verification.