“When combining the results from all four AV engines, less than 40% of the binaries were detected.” Source: CAMP: Content-Agnostic Malware Protection.
Malware Hunting with the Sysinternals Tools