Storm (aka Peacomm/Nuwar/Zhelatin/Tibs) is known to be repacked every few minutes. Even if its sample is modified, recompiled and then re-packed with a different packer, it can still be recognized as Storm by looking at its memory contents. Such recognition is possible due to the same patterns that repeat in its memory from generation to generation. ThreatExpert recognises these patterns during the static analysis of the memory contents of Storm.”]
Source: http://blog.threatexpert.com/2008/04/piece-of-cake-storm-detection.html