Yes. Bitdefender has a signature for the rar file for some reason. Probably created by their automated signature creation system. I also checked by disabling its protection and extracting the rar file. BD didn't detect the setup file. Weird. Then I ran the installer and then the main app exe extracted by the installer on the installation folder was detected by Bitdefender instantly. It was a cloud-based detection. I also then tried by changing the hash of that sample. This time BD also detected it but with a slightly different cloud-based detection name. So, the cloud-based detection was not purely file-hash based detection which is nice.
Yeah, possible. This is the first time I have seen BD's cloud-based detection didn't have any impact on changing hash, so this was new for me.
"Gen:Suspicious.Cloud.2.in0@auezHOh" for the main file.
"Gen:Suspicious.Cloud.4.in1@auezHOh" for the hash-changed file.
Edit: Just now checked again slightly differently with another new hash.
This time I activated BD's real-time protection when the malware was already running. Detection name via the scanner was the second name I wrote in this comment while detection name for the running malware by the real-time protection was, "Gen:Heur.Zatk.in1@buezHOh"
