I can't find any details on any "mabowl" exploit and Google searches only throw up mentions of it being a "generic" exploit which leads me to think it's a false positive by some of the 3rd-party virus scanners used by VirusTotal.

In increasing level of paranoia/work involved:

• You can compare the MD5/SHA1/SHA256 of your downloaded ZIP with the ones at github to make sure your copy hasn't been tampered with.
• You can compile your own JAR from the sources downloaded directly from github(*)
• You can look through the sources at github for code that resembles "mabowl"

(*) If you have Eclipse IDE installed then you can follow the instructions at http://docs.qora.org/#import-source-code-to-eclipse

Lots of programs that contain networking/downloading code trigger false positives.

Hope this helps!