the result from qihoo with all 3 engines is scary. delayed signatures from avira and bd?
There's a lot more to Anti-Virus detection than the signatures - whether they are delayed or not for Qihoo according to the contract signed between the vendors is irrelevant, they still won't necessarily score the same. It also depends on how much of the static engine from the other vendors they are using... For example, you can get a license to the Avira or Bitdefender SDK but you don't necessarily have to use all the supported technology with it; they may only use signatures (including generic) and/or additional heuristic modules, machine learning, and so on.
With that being said, both Avira and Bitdefender are likely to have some form of "dynamic" monitoring even if it isn't open to the normal eye. As an example, when you execute a Portable Executable, it probably has a built-in good memory scanner to perform scanning after a packed sample has decrypted itself in memory and so-forth, this would sort of be reasonably expected in 2017 for a security product scoring high with testing companies. I know that Avast and ESET both have good memory scanners.
This is why when you pack a sample which is unpacked manually and it becomes FUD to the on-demand scanner or read/write real-time, it can still be detected upon execution. Take this as a grain of salt though regarding Avira and Bitdefender because this is speculated assumption based on what I think would be reasonable for high scoring products in this day and age and also considering the sorts of engineers at these vendors.