http://img216.exs.cx/img216/2889/antivirheuristics2no.png Check NOD32 and Norman. And this isn't the first case. AntiVir appears to have similar heuristics to NOD32 because i have seen many such scenarios where all AntiVir,NOD32 and Norman have detected same sample with heuristics. So conclusion is that H+BEDV guys did a good job but they still need to support some more packers and move some more resources and staff into Heuristics developement (also don't forget about incrimental auto-updater ). What do you think?