Simple hashing-based detections can be defeated easily by modifying one byte of a malicious sample. Modification of even as little as 1 bit will change the hash of a file, causing this method to fail.
Heuristic Detections spot suspicious characteristics of samples that can be found in unknown, new, and modified versions of malware.
Depending on the solution, heuristic models can be gathered statically or dynamically. Static analysis will typically parse or decompile the sample and compare features to known malware. Dynamic analysis will run/detonate the sample inside of a sandboxed environment and observe its behavior.