Nope, it's far more complicated than that
Standard MD5 hashes can be used only on static files. An MD5 could match only a single instance of a possibly very random file. If we would detect all files by MD5, the detection database would be hundreds of MB in size, which is unacceptable and would still not cover many variants that are so morphing that you just could never collect all possible variants! If you take a look here, you'll notice dozens of other parameters that can be used instead of MD5 (and those are just the public ones), where sometimes a single parameter would replace thousands of MD5s.
And no file will get scanned twice, "even" in a (good) pattern based scanner. Next to the obvious method, caching of results, we use a hybrid approach that is far from the linearity that we display in the form of malware names during the scan, which simply is a simplification since the actuol progress could not be easily shown in 2D.
You also misunderstood the "arrows back" I'm afraid. Take a look at this simple example (not real syntax but a bit simplified and constructed OpenSBI syntax):
Code:
File:"test","<$WINDIR>\<regexpr>([^\.]*\.exe)","filesize=12345,md=ABCD..."
RegyKey:"test",HKLM,"\Test\","<regexpr>([a-z]*)","testvalue=<$REGMATCH1>"
File:"test","<$WINDIR>\<$REGMATCH1>","..."
There'e a registry key that depends on a files name, and another file that depends on the registry keys name.
In pure filesystem/registry iteration, that would imply that the registry scanner would have to wait until the file scanner has completed scanning everything, but at the same time the file scanner has to wait until the registry scanner has completely finished - a situation that could not be solved - the scanner would simply hang forever. A good equivalent in coding would be deadlocks in threads (see also semaphores etc.). The simple iteration approach would thus have to give up any dependencies between detections, which would slow down everything even more and might make detection of a few of the worst malwares impossible.
What you describe is the old AV concept, which does not take the registry and the modern complexity of malware into account