Hi malware fighters,
Creating polymorphic viruses has been done by malcreants for a very long time now and dates back to the previous century. Here is a list of known Polymorphic Generators: http://vx.netlux.org/lib/static/vdat/polyinvr.htm
One of the first of these was MtE http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453076400
other old generators were known as BWME - DAME - DSCE - DGME - MutaGen - GPE - NED
First thing to do was to load the first byte of the coded fragment of the registry address
Then load the length of the coded function to the registry address
Give in the coding-decoding instruction
Enlarge the registry address
etc. etc.
The best procedure to detect these viruses is checksumming. Good tool for you is checksumtool:
http://checksumtool.sourceforge.net/
polonus