See my edits above.
re. Using downloads "of the wild internet" 
You can probably still verify if the binaries are signed with a valid VMware certificate.
Alternatively perhaps you can get the official md5sum hashes of those files. Just had a peek at my normal iso library and I don't have your versions exactly and I can't really share the binaries, but I can give file hashes:
$ md5 -r VMware-converter-en-5.5.0-1362012.exe
da50a8bc9ac823fd9a603dcc404f3d16 VMware-converter-en-5.5.0-1362012.exe
$ md5 -r VMware-converter-en-6.1.1-3533064.exe
7b6d7a99f046d20715b2fbfd773d0faf VMware-converter-en-6.1.1-3533064.exe
So that hopefully that helps you to verify authenticity (FWIW I only download official versions)
--
Wil
