Inspired by Armadillo nanomites, I've decided to write virus which uses Nanomites to foobar heuristics as much as possible. This virus also has abbility to inline patch some commonly used packers such as ASPack, UPX, FSG and some more.
Blacky.w32 uses Trap flag encryption/decryption during whole execution, and in such way stays crypted all the way during it's execution. Using TF for runtime decryption/encryption will slowdown system, so only a few files are infected druing one run.
prcko.XP is virus which will use sysenter to directly talk with kernel, it is simple example of virus which will avoid lame sandboxes where their authors hook kernel32 APIs to monitor execution of certain binary.
Blackhand.w32 (named as DeadCode because of it's signature in PE header) was virus used to test how fast AVs will react when new virus is "in the wild", actually copy was sent to them only, and noone else. F-Secure and KAV were the fastest to make signature for it.