From my cell phone
I just checked the win v4.4 download file by going to opencpn download link, pressing the link and selecting copy url from the popup. Then going to virustotal selecting url and pasting in the url of the download file. Then enter and wait for the result.
Here is the result:
SHA256: fe2711422821589855c122489686072bcf0eccb8bc9efbf734 6c3c539e5a42ff
File name: opencpn_4.4.0_setup.exe
Detection ratio: 0 / 53
Analysis date: 2016-07-03 23:46:07 UTC ( 12 hours, 39 minutes ago )
I think the download path you were using had a rogue server that was malicious and changed the file OR it was a false positive.
What this exercise illustrates is that you can even check a file remotely without ever downloading it an risking infection. You can even do this from your cell phone!