How do antivirus detect self-modifying viruses?

It seems to me like it would be extremely simple to take a working computer virus and add code that generates pseudorandom dummy instructions.

The virus would make a copy of it’s own opcode file, then insert dummy instructions that have no net effect.

Add 0 to a register. Add a random number, then subtract the same number (add a branch statement to check if the number will overflow first). Perform any operation on a register unused by your virus.

As I understand it, antivirus software go by signatures - they compute some type of hash of the files they analyze, and changing even 1 bit of the virus would change the signature. I would assume the antivirus software divides a possible virus into smaller sub-blocks and checks the signature for each one separately, which is why you would need to insert dummy instructions all through the virus.

How can you even detect viruses like this on a practical level? I have read about sophisticated code analysis methods but those sound unfeasible if hackers are creating new viruses every single day.

What happens when your virus mutates its replication code?

The mutations are no net change. That is, they have no net function when the code executes. Try re-reading my OP, you’ll see what I mean. So the code that causes the mutations gets these extra nonfunctional statements inserted into it, but the code executes the same as it did before (just slower). The virus mutates a second copy of itself, it doesn’t edit itself in realtime, although that is possible.

Many antivirus programs use heuristic analysis along with virus signatures. Heuristic analysis watches how a programs acts.