Well just taking a look at what Sophos supposedly found, 'Mal/Behav-009' (but you don't give the file name and location), taken from that malware name and expanding my supposition of the name 'Malware Behaviour number 009' this would appear to be a generic
There are signatures and functions in avast that will looking out for and detecting behavioural malware, etc. and it is entirely possible to have another AV to incorrectly identify one of these files/actions as malicious.
I hope you can see what I'm getting at now. Also if you consider the two (multiple) scans by hitman pro and sophos, only one detection was made by sophos and that wasn't one of those found by hitman pro, nor were any of the others found by hitman pro found by sophos. So there we have inconsistency between those multiple AVs.
Also not that the algo.dll file is digitally signed by avast.