MD5 Collision tool (http://www.mscs.dal.ca/~selinger/md5collision/) let everybody create malicious executables that has the same MD5 of another legitimate file.
Suppose the legitimate (hello.exe) has been already analyzed on VirusTotal (like http://www.virustotal.com/file-scan/reanalysis.html?id=1316543942a8c6cd754855500cd37068edbbd8b31c4979d2825a4e799fed6102-1283241840).
The “Already Analyzed” check is based JUST on MD5: so future check of “same MD5-different SHA” malicious exec will propose the “old legitimate result report” unless you explicitly ask for recheck!!
But how many will ask for recheck and wait the submission queue?
Update: VirusTotal “Already Analyzed” is based on same sha-256 too. See comments.