If you have worked on anti malware, then you already must be having knowledge about how their detection signature can be created. For example, I find that Buzus malware has over 60000 varinats and they could all be encrypted using diff packers such as upx/aspack etc. I would like to create detection signature for buzus so that with very few signatures I detect not all the files that Ihave but also in future if I get new samples I can detect them . I beleive the bext thing would to unpack them (if packed) on runtime (offcourse without infecting user pc) and then read (Also make signatures the same way) sections of pe file to detect them. You can write a unpacker code or really execute them!! Condition is that you do not infect the PC. So for this purpose we need to put them thorugh emulation engine. I need to develop ths emualtion engine!! Do you understand what we need and can you do it. Can you suggest to use the best way of making signatures?
Definitely MD5/SHA do not work as you would create 60000 sig, there are manu such families of malware which need to be identified. I can provide samples.