Please break the active link to avoid accidental exposure for obvious reasons, e.g. lose the https element e.g. play.google.com/store/apps/details?id=com.scs.whatsbulk
500k installs isn't actually that many on the play store and I don't know what the security levels are, it wouldn't be the first to have been found/detected.
Attaching a screenshot of the Avast alert screen might help.
I don't know where you reported it, ordinarily most would use the.
Reporting a Possible False Positive File or Website -
https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
I don't know if this is applicable for the app on the play store or not.