BinHash by Chris Rohls calculates the usual hash sums like MD5 and SHA-1 on program files that are in either ELF (Unix) or PE (Microsoft Windows) format. Unlike similar tools the hashes are not calculated and displayed for the whole file, but for every single section. The author makes use of this technique in order to compare variants of malware. Some time ago I had proposed the same technique for memory analysis purposes.
For memory analysis purposes it would be even more helpful to hash the files in chunks that equal the size of a physical memory page (4 kiB). Then even a single left-over page could hint at the executed program.
AAron Walters and Volatile Systems are working with NIST in order to get fine-granular hashes added to the well-known National Software Reference Library (NSRL). Obviously this will inflate the volume of hash data. One solution to cut down on the amount of data could be to restrict hashing of executable files to read-only segments, as it was proposed by Harlan Carvey.
Why not also hash the icon embedded in the resource of the Executable so as the malware is changed, if it has an icon, you could identify it based on just the Icon. Badguys love to advertize their toolz with their customized icons....