Fake antivirus family of malware is employing a new technique to encrypt their code. Instead of using Intel’s standard Intel instruction set, they use instructions from the multimedia instructions (MMX) set. MMX instructions are used to move numbers to and from the processor without actually performing any operations to change their value. Whether this technique will be used more sophisticatedly in future variants is yet to be seen. These variants are generically detected by Sophos as Mal/FakeVirPk-A.”]
Source: https://nakedsecurity.sophos.com/2009/04/12/mmx-fakeav-clothes/